PDA

View Full Version : i Need Help for Decrypting this swf


Woddy
December 25th, 2014, 07:46
Hi
I need help for decrypt this swf if one member can decrypt this swf please
i need this swf decrypt for search cheat in game
Thanks ! Sorry for my bad english
Link : https://www.sendspace.com/file/linmzi for this swf

When i open this swf in sothing swf decompiler this swf is crypted
http://i.imgur.com/tkj06pE.png

YesItsMe
December 31st, 2014, 05:25
The swf file contains other swf files (and some XML init data) embedded in the form of BinaryArray data, extract these and then run any decent decompiler to see the code.
Hint: run the swf file, dump all swf in memory then analyze these, you'll find the code scattered there.
Too much effort just to cheat in a game if you ask me...

EHS4N
January 8th, 2015, 21:00
also test this
Code:
http://sourceforge.net/projects/swf-reader/


BR

Sirmabus
January 18th, 2015, 09:38
It's common for online games (assuming) do tricks to try to hide the main SWF(s).
Using a proprietary or commercial anti-cheat system.
The weakness is though is they are limited to running some combination of Java scripts and SWF preloaders.
Typically pretty simple the preloader will load in an encrypted binary chunk then do some relatively simple (has to be fast)
decryption like an XOR loop.
It's effective enough to cover at least their main goal of not having their main SWF sitting around in your HD cache.


Your using the Sothink SWF Decompiler, did you try the option to find them from process memory?
Go to the main SWF stage, assuming it's a game it would be the point where it's fully loaded.
Be aware most browsers virtualize SWF (since it's so buggy/crash-prone) so keep only the game page open, and, or, use a an alternate browser to help narrow your search down.
The Sothink search option should find the loaded decrypted SWF(s) in browser memory space easily.

Note this is also how must public SWF game cheats work (via SWFs loaded in browser memory); attaching CheatEngine to a browser for SWF VM codes of interest, etc.

An ideal setup I found was to setup one browser (that I normally don't use) with the debug version of flash.
Then you can use a SWF preloader.
This preloader gets called just before each web SWF gets called so you can track it all from there.
http://jpauclair.net/2010/02/17/one-swf-to-rule-them-all-the-almighty-preloadswf/