Flasm
Description
Flasm disassembles your entire SWF including all the timelines and events. Looking at disassembly, you learn how the Flash compiler works, which improves your ActionScript skills. You can also do some optimizations on the disassembled code by hand or adjust the code as you wish. Flasm then applies your changes to the original SWF, replacing original actions.
Backups with $wf extension are created for altered SWF files.
Installation
$ mkdir -p /data/tools/flasm/ $ cd /data/tools/flasm/ $ wget http://www.nowrap.de/download/flasm16linux.tgz $ tar xzvf flasm16linux.tgz
Usage
Syntax
Usage: flasm [command] filename
Options
- -d
- Disassemble SWF file to the console
- -a
- Assemble Flasm project (FLM)
- -u
- Update SWF file, replace Flasm macros
- -b
- Assemble actions to __bytecode__ instruction or byte sequence
- -z
- Compress SWF with zLib
- -x
- Decompress SWF
Example
Decompress a Flash file
Let's analyze a SWF file that we have:
$ ll | grep zoxdgeysjn6 -rw-rw-r-- 1 remnux remnux 5945 2008-08-22 11:34 zoxdgeysjn6.swf -rw-rw-r-- 1 remnux remnux 6121 2008-09-15 14:59 zoxdgeysjn6.zip
As you can see below, no string matches the "http" pattern in this SWF file:
$ strings zoxdgeysjn6.swf | grep http
Let's use flasm to decompress our SWF file:
$ flasm -x zoxdgeysjn6.swf zoxdgeysjn6.swf successfully decompressed, 6189 bytes
Flasm has successfully decompressed the SWF file and has created a backup file (zoxdgeysjn6.$wf):
$ file zoxdgeysjn6.*wf zoxdgeysjn6.swf: Macromedia Flash data, version 6 zoxdgeysjn6.$wf: Macromedia Flash data (compressed), version 6
Once the SWF decompressed, we are now able to find a string that matches our "http" pattern:
$ strings zoxdgeysjn6.swf | grep http http://moyapodruzhka.com/?wmid=44&sid=44