Log in

View Full Version : Reverse Engineering the flash virtual machine


OHPen
February 25th, 2008, 09:50
Hi,

i recently started a small project where i try to obfuscate a small flash sample. i'm especially interested in the virtual machine and the interpreted bytecode. after some googling i found two interesting papers from adobe itself. i was pretty suprised to see that adobe provides such a good documentation about the virtual machine and its bytecode.

you can take a look at the pdfs here:

http://www.adobe.com/devnet/actionscript/articles/avm2overview.pdf

and

SWF and FLV File Format Specification - http://www.adobe.com/licensing/developer/

For the last document you will need to step through the license process of adobe. but dont be shy they offer a free license for a year, then you must refresh your license to use the pdf.

probably this information is wide spread but i think it will be interesting for a few people.

most of the obfuscator out there i saw for flash are rather crapy, i think there should be better ways to protect a swf application.

Regards,

OHPen

dELTA
February 26th, 2008, 05:54
You will most likely find the following two threads interesting:

http://www.woodmann.com/forum/showthread.php?t=9572

http://www.woodmann.com/forum/showthread.php?t=10300

OHPen
February 27th, 2008, 13:28
Yep, i already read those posts. some nice information in here. as far as i know there only 3 obfuscator / protector for flash swf out there (except the custom made ones). i will take a closer look at them. what i can say so far is the most of them are using the same techniques of obfuscation (invalid_records, etc...). propably the copied by each other , dunno.

from what i know actually there are rather more posibilties to make the code unreadable.

regards,

OHPen

dELTA
February 27th, 2008, 15:02
Cool, really looking forward to hear more results of your work then.