From aldeid
Jump to navigation Jump to search


Flasm disassembles your entire SWF including all the timelines and events. Looking at disassembly, you learn how the Flash compiler works, which improves your ActionScript skills. You can also do some optimizations on the disassembled code by hand or adjust the code as you wish. Flasm then applies your changes to the original SWF, replacing original actions.

Backups with $wf extension are created for altered SWF files.


$ mkdir -p /data/tools/flasm/
$ cd /data/tools/flasm/
$ wget http://www.nowrap.de/download/flasm16linux.tgz
$ tar xzvf flasm16linux.tgz



Usage: flasm [command] filename


Disassemble SWF file to the console
Assemble Flasm project (FLM)
Update SWF file, replace Flasm macros
Assemble actions to __bytecode__ instruction or byte sequence
Compress SWF with zLib
Decompress SWF


Decompress a Flash file

Let's analyze a SWF file that we have:

$ ll | grep zoxdgeysjn6
-rw-rw-r-- 1 remnux remnux    5945 2008-08-22 11:34 zoxdgeysjn6.swf
-rw-rw-r-- 1 remnux remnux    6121 2008-09-15 14:59 zoxdgeysjn6.zip

As you can see below, no string matches the "http" pattern in this SWF file:

$ strings zoxdgeysjn6.swf | grep http

Let's use flasm to decompress our SWF file:

$ flasm -x zoxdgeysjn6.swf 
zoxdgeysjn6.swf successfully decompressed, 6189 bytes

Flasm has successfully decompressed the SWF file and has created a backup file (zoxdgeysjn6.$wf):

$ file zoxdgeysjn6.*wf
zoxdgeysjn6.swf: Macromedia Flash data, version 6
zoxdgeysjn6.$wf: Macromedia Flash data (compressed), version 6

Once the SWF decompressed, we are now able to find a string that matches our "http" pattern:

$ strings zoxdgeysjn6.swf | grep http