| 1 |
#!/usr/bin/perl |
| 2 |
|
| 3 |
# fluscate.pl 0.04 - The Flash Obfuscator |
| 4 |
|
| 5 |
# $Id: fluscate.pl,v 1.3 2004/07/23 12:56:07 joko Exp $ |
| 6 |
# $Log: fluscate.pl,v $ |
| 7 |
# Revision 1.4 2004/07/26 13:51:54 joko |
| 8 |
# updated pod |
| 9 |
# |
| 10 |
# Revision 1.3 2004/07/23 12:56:07 joko |
| 11 |
# updated pod |
| 12 |
# |
| 13 |
# Revision 1.2 2004/07/23 12:24:52 joko |
| 14 |
# pod |
| 15 |
# |
| 16 |
# Revision 1.1 2004/07/23 12:13:14 joko |
| 17 |
# initial commit |
| 18 |
# |
| 19 |
|
| 20 |
=pod |
| 21 |
|
| 22 |
This software is Copyright (C) 2004 Andreas Motl |
| 23 |
Ideas and future AppleScript integration by Holger Marseille. |
| 24 |
|
| 25 |
This program is free software; you can redistribute it and/or |
| 26 |
modify it under the terms of the GNU General Public License |
| 27 |
as published by the Free Software Foundation; either version 2 |
| 28 |
of the License, or (at your option) any later version. |
| 29 |
|
| 30 |
This program is distributed in the hope that it will be useful, |
| 31 |
but WITHOUT ANY WARRANTY; without even the implied warranty of |
| 32 |
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
| 33 |
GNU General Public License for more details. |
| 34 |
|
| 35 |
You should have received a copy of the GNU General Public License |
| 36 |
along with this program; if not, write to the Free Software |
| 37 |
Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
| 38 |
|
| 39 |
=cut |
| 40 |
|
| 41 |
|
| 42 |
=pod |
| 43 |
|
| 44 |
=head1 Features |
| 45 |
|
| 46 |
|
| 47 |
=head2 Obfuscation |
| 48 |
|
| 49 |
See ASO Pro: http://www.genable.com/aso/preview.html |
| 50 |
|
| 51 |
|
| 52 |
=head2 Functions |
| 53 |
|
| 54 |
fluscate handles two different styles of function declarations: |
| 55 |
|
| 56 |
1. "Normal" ones |
| 57 |
function mp3Player ('arg1', 'arg2') |
| 58 |
|
| 59 |
2. There may be "stacked" function declarations |
| 60 |
push 'mp3Player' |
| 61 |
function () |
| 62 |
|
| 63 |
|
| 64 |
=head1 Dependencies |
| 65 |
|
| 66 |
"flasm" is required to disassemble swf files, see http://www.nowrap.de/flasm.html |
| 67 |
ACKs go to Igor Kogan. |
| 68 |
|
| 69 |
|
| 70 |
=head1 Usage |
| 71 |
|
| 72 |
=head2 win32 |
| 73 |
|
| 74 |
#> flasm.exe -d puzzle.swf > puzzle.flm |
| 75 |
#> cat puzzle.flm | perl fluscate.pl > puzzle_fusc.flm |
| 76 |
#> flasm.exe -a puzzle_fusc.flm |
| 77 |
|
| 78 |
=head2 *nix |
| 79 |
|
| 80 |
#> ./flasm -d puzzle.swf > puzzle.flm |
| 81 |
#> cat puzzle.flm | ./fluscate.pl > puzzle_fusc.flm |
| 82 |
#> ./flasm -a puzzle_fusc.flm |
| 83 |
|
| 84 |
|
| 85 |
=head1 Development |
| 86 |
|
| 87 |
=head2 Todo |
| 88 |
|
| 89 |
- provide list of flash event handler names to exclude from symbol replacement |
| 90 |
|
| 91 |
=head2 Wishlist |
| 92 |
|
| 93 |
- komplexere verschlüsselung als "-1, -2 ..." z-b nicht in der numerischen reihenfolge sondern nach |
| 94 |
zufallsprinip (-21,-3,-89)? (->random) |
| 95 |
- evtl. constants nach abfrage ersetzen ? leider sehr aufwendig, bei vielen constants (->ask) |
| 96 |
- rausgeben des arrays mit den "neuen" werten um evtl die obfuscation rückgängig zu machen (->undo) |
| 97 |
- " push 0 |
| 98 |
ls: |
| 99 |
dup |
| 100 |
trace |
| 101 |
branchIfTrue ls" |
| 102 |
... after each "constants" declaration (->pollute) |
| 103 |
- what about other symbols beside "function"s? (e.g. variables) (->mode) |
| 104 |
- include list of ->keywords from: |
| 105 |
http://www.macromedia.com/support/flash/action_scripts/actionscript_dictionary/ |
| 106 |
- replace symbols in multiple files (->multifile) |
| 107 |
|
| 108 |
=head2 Notes |
| 109 |
|
| 110 |
- no function may be called "Initialize", rename it to (e.g.) "Initialize2", reassembling will not work otherwise |
| 111 |
(doesn't matter when obfuscating since function names will be replaced of course) |
| 112 |
- function names seem to be/work case insensitive (shuffle <-> Shuffle) |
| 113 |
- successfully tested with http://download.macromedia.com/pub/flash/showme/win/puzzle.zip |
| 114 |
- make sure -1, -2, -3, .... gets replaced with '-1', '-2', '-3', ... |
| 115 |
- there are multiple caller lines: callFunction, callMethod; do we have to take special care to methods? |
| 116 |
- "getMember" and "getVariable" also do function calls! |
| 117 |
- there are reserved function names which must not be replaced! (-> event handlers, e.g. "onPress") |
| 118 |
|
| 119 |
|
| 120 |
=head1 Links |
| 121 |
|
| 122 |
=head2 ActionScript Decompilers / Disassemblers |
| 123 |
|
| 124 |
Flasm: |
| 125 |
http://www.nowrap.de/flasm.html |
| 126 |
http://www.opaque.net/~dave/flasm/ |
| 127 |
Flare: http://www.nowrap.de/flare.html |
| 128 |
Sothink SWF Decompiler: http://www.srctec.com/flashdecompiler/ |
| 129 |
Imperator FLA: http://www.ave-imperator.com/ |
| 130 |
SWF Decompiler: http://www.19.5degs.com/swfdecompiler.php |
| 131 |
Gordon: http://www.futurecandy.com/ |
| 132 |
|
| 133 |
=head2 ActionScript Editors & Co. |
| 134 |
|
| 135 |
URL Action Editor and Actionscript Viewer: |
| 136 |
http://www.buraks.com/ |
| 137 |
http://voisen.org/archives/2003/02/uae_303_and_asv_309.php |
| 138 |
SE|PY ActionScript Editor: http://www.sephiroth.it/python/sepy.php |
| 139 |
|
| 140 |
=head2 Obfuscators |
| 141 |
|
| 142 |
ASO Pro (ActionScript Obfuscator Pro): http://www.genable.com/aso/preview.html |
| 143 |
SWOB (swf obfuscator): http://home.byu.net/jtb64/Swob.htm |
| 144 |
OBFU - A Flash Actionscript obfuscator: http://opaque.net/~dave/obfu/ |
| 145 |
|
| 146 |
=head2 Misc |
| 147 |
|
| 148 |
ActionScript Protection: |
| 149 |
http://www.as-protect.com/ |
| 150 |
http://www.quasimondo.com/archives/000377.php |
| 151 |
Developer's SWF Guardian: http://anyrd.anyorganization.com/ |
| 152 |
Password Busting / SWF Protections: http://www.searchlores.org/cinix_fla.htm |
| 153 |
|
| 154 |
=head2 Off-Topic |
| 155 |
|
| 156 |
XPath for Actionscript and other stuff: http://www.xfactorstudio.com/Actionscript/ |
| 157 |
SerializerClass: http://sourceforge.net/projects/serializerclass/ |
| 158 |
AMF::Perl - Flash Remoting in Perl and Python - using Flash Remoting protocol (AMF): |
| 159 |
http://simonf.com/amfperl/ |
| 160 |
PEAR::SWF - Read and write SWF head tag: http://www.sephiroth.it/test/php/SWF/ |
| 161 |
AMFPHP - Flash Remoting for PHP: http://www.amfphp.org/ |
| 162 |
|
| 163 |
=cut |
| 164 |
|
| 165 |
|
| 166 |
use strict; |
| 167 |
use warnings; |
| 168 |
|
| 169 |
my $regex = { |
| 170 |
'function' => 'function(?:2|)\s(.+?)\s\(.*?\)', |
| 171 |
'constants' => 'constants', |
| 172 |
'call' => '(?:callFunction|callMethod|getMember|getVariable)', |
| 173 |
'function_stacked' => 'function(?:2|)\s\s\(.*?\)', |
| 174 |
'push' => 'push\s\'(.+?)\'', |
| 175 |
}; |
| 176 |
my @symbols_events = qw( |
| 177 |
onDragOut |
| 178 |
onDragOver |
| 179 |
onKeyUp |
| 180 |
onKeyDown |
| 181 |
onKillFocus |
| 182 |
onPress |
| 183 |
onRelease |
| 184 |
onReleaseOutside |
| 185 |
onRollOut |
| 186 |
onRollOver |
| 187 |
onSetFocus |
| 188 |
onActivity |
| 189 |
onStatus |
| 190 |
onSelect |
| 191 |
onData |
| 192 |
onLoad |
| 193 |
allowDomain |
| 194 |
allowInsecureDomain |
| 195 |
onMouseDown |
| 196 |
onMouseMove |
| 197 |
onMouseUp |
| 198 |
onMouseWheel |
| 199 |
onEnterFrame |
| 200 |
onUnload |
| 201 |
onLoadComplete |
| 202 |
onLoadError |
| 203 |
onLoadInit |
| 204 |
onLoadProgress |
| 205 |
onLoadStart |
| 206 |
onID3 |
| 207 |
onSoundComplete |
| 208 |
onResize |
| 209 |
onChanged |
| 210 |
onScroller |
| 211 |
); |
| 212 |
my @symbols; |
| 213 |
|
| 214 |
# 1. read flasm code from STDIN |
| 215 |
my @lines = <STDIN>; |
| 216 |
|
| 217 |
my $counter = 0; |
| 218 |
foreach (@lines) { |
| 219 |
|
| 220 |
# trim newlines |
| 221 |
#chomp; |
| 222 |
my $symbol; |
| 223 |
|
| 224 |
# check for all "function" / "function2" symbols and ... |
| 225 |
if (m/$regex->{function}/) { |
| 226 |
# ... remember them |
| 227 |
$symbol = $1; |
| 228 |
|
| 229 |
|
| 230 |
} elsif (m/$regex->{function_stacked}/) { |
| 231 |
if ($lines[$counter - 1] =~ m/$regex->{push}/) { |
| 232 |
$symbol = $1; |
| 233 |
} |
| 234 |
} |
| 235 |
|
| 236 |
if ($symbol and not grep(/$symbol/, @symbols_events)) { |
| 237 |
push @symbols, $symbol; |
| 238 |
} |
| 239 |
|
| 240 |
$counter++; |
| 241 |
|
| 242 |
} |
| 243 |
|
| 244 |
#print join("\n", @symbols); exit; |
| 245 |
|
| 246 |
# 2. step through all symbols found and replace them |
| 247 |
my $symbol_counter = -1; |
| 248 |
foreach my $symbol (@symbols) { |
| 249 |
my $line_counter = 0; |
| 250 |
foreach (@lines) { |
| 251 |
|
| 252 |
# function declarations; single quotes might not be there! |
| 253 |
if (m/$regex->{function}/) { |
| 254 |
s/\s'*$symbol'*\s/ '$symbol_counter' /i; |
| 255 |
|
| 256 |
# "constants"-line at begin of each block; single quotes should already be there |
| 257 |
} elsif (m/$regex->{constants}/) { |
| 258 |
s/'$symbol'/'$symbol_counter'/i; |
| 259 |
|
| 260 |
# function calls; replace inside predecessor line of calling-lines |
| 261 |
} elsif (m/$regex->{call}/) { |
| 262 |
$lines[$line_counter - 1] =~ s/'$symbol'/'$symbol_counter'/i; |
| 263 |
|
| 264 |
# function declarations; name of function is pushed on stack one line before! |
| 265 |
} elsif (m/$regex->{function_stacked}/) { |
| 266 |
$lines[$line_counter - 1] =~ s/'$symbol'/'$symbol_counter'/i; |
| 267 |
} |
| 268 |
|
| 269 |
$line_counter++; |
| 270 |
|
| 271 |
} |
| 272 |
$symbol_counter--; |
| 273 |
} |
| 274 |
|
| 275 |
# write all stuff to STDOUT |
| 276 |
print STDOUT @lines; |
Parent Directory
| 
Revision Log
