今天把 AS3 做的Flash反编译成功. - Private Diary - Nov30th,July13th HOHO`` Nothing Impossible 首页 Index Search TagCloud GuestBook Admin Archiver Switcher « N95手机可用的导航程序 AV CVS 3.0 变声器 汉化版 » 今天把 AS3 做的Flash反编译成功. August 23, 2007 | tags 反编译 FLASH AS3.0 | views Comments 1 Quite a while ago Adobe released a ActionScript as OSS, and together with the Mozilla Foundation they introduced a project called Tamarin. Tamarin aims to implement a high-performance, open source implementation of ES4 language specification. Basically it’s ActionScript 3, used by Flex and newer version of Flash. During my preparations of my talks at the Camp, FrOSCon and DevHouse Cologne as well as the prep of the FlashSec project wiki I stumbled upon one big problem: There are quite some possibilities to decompile AS2 based SWF movies, but there is nothing really for AS3. A few weeks ago I read about Tamarin as one way of getting a cheapo AS3 decompiler, but it simply didn’t work the way expected on Mac OS (and Linux). Today I found out why it didn’t work.Here is a very quick-and-dirty overview over the necessary steps: First of all obtain Mercurial, the SCM used by the Tamarin project (under OSX it’s avail in Macports) After that get the Tamarin source by filing: hg clone http://hg.mozilla.org/tamarin-central tamarin-central If you are running an OS != Win32 you have to change shell/DataIO.h Line 124 - 131 reads as the following: Endian GetNativeEndian() const{ #ifdef WIN32 return kLittleEndian; #else return kBigEndian; #endif} Since I’m lazy I only commented out everything inside the brackets but line which says “return kLittleEndian”. Build Tamarin. On MacOS X: $ cd tamarin-central/core$ xcodebuild -project platform/mac/shell/shell.xcodeproj Download and install the Adobe Flex 2 SDK in case you didn’t do already The ActionScript compiler can be found in lib/asc.jar. Copy lib/asc.jar from the SDK installation to tamarin-central/utils/ Use asc.jar to compile the Tamarin intrinsics into builtin.abc: $ cd tamarin-central/core$ java -ea -DAS3 -Xmx200m -DAVMPLUS \ -classpath ../utils/asc.jar macromedia.asc.embedding.ScriptCompiler \ -d -builtin -out builtin builtin.as Math.as Error.as RegExp.as Date.as XML.as Now you can use asc.jar and builtin.abc to compile applications. Use the -help options of asc.jar and avmplus for more details. Note: Under MacOS X avmplus is under platform/mac/shell/build/Release/shell To compile abcdump.exe these steps: $ java -jar utils/asc.jar core/builtin.as$ java -jar utils/asc.jar shell/ByteArray.as$ java -jar utils/asc.jar -exe avmplus -import core/builtin.abc -import shell/ByteArray.abc utils/abcdump.as Now we are ready to compile and decompile AS3. Here’s a very basic example to see if it works. First we compile a simple script:$ echo 'print("hello, world")' > hello.as$ java -jar utils/asc.jar -import core/builtin.abc hello.ashello.abc, 86 bytes writtenNow we can decompile the resulting hello.abc (.abc is Actionscript Byte Code). As you can see it’s actually not ActionScript source but some pseudo code. So we cannot use this afterwards to recompile it (like with Flare and AS2), but it’s enough to see what the script is actually doing:$ utils/abcdump.exe hello.abc magic 2e0010Cpool numbers size 3 3 %Cpool strings count 5 size 32 37 %Cpool namespaces count 3 size 5 5 %Cpool nssets count 2 size 4 4 %Cpool names count 2 size 4 4 %MethodInfo count 1 size 5 5 %InstanceInfo size 1 1 %ClassInfo size 0 0%ScriptInfo size 3 3 %MethodBodies size 24 27 %script0function script0$init():* /* disp_id 0*/{ // local_count=2 max_scope=1 max_stack=2 code_len=15 0 getlocal0 1 pushscope 2 findpropstrict print 4 pushstring "hello, world" 6 callproperty print (1) 9 coerce_a 10 setlocal1 11 getlocal1 12 returnvalue 13 kill 1}OPCODE SIZE % OF 15callproperty 3 20%kill 2 13%pushstring 2 13%findpropstrict 2 13%pushscope 1 6%returnvalue 1 6%coerce_a 1 6%getlocal0 1 6%getlocal1 1 6%setlocal1 1 6%This also works with SWF using AS3. It’s at least some start to have a chance for auditing modern Flash movies and Flex apps.========================以上文章转载自 http://thylmann.net/rss/author/fukami?media=rss========================以下是本人编译过程中碰到的问题及解决方法.1.编译avmplus之前,必须用 {java -ea -DAS3 ....} 命令创建新的builtin文件.否则builtin.h文件内容不匹配.2.其中avmplus中2个文件包含多种国家语言,编译时不被VS8认可.我的做法是用UEdit将其从UTF-8转换到UniCode.3.需要下载zlib源码放在项目的同级目录中.否则无法顺利编译avmplus.4.使用java单独编译ByteArray时候会出错,我的解决方法是将其include到builtin.as文件中,然后编译一次builtin.as文件即可.========================= 相关文章: 1.北北 高手，想用统计。给个vip串号吧 谢谢拉~ 2007/8/23 23:54:39 回复该留言 发表评论: 名称(*) 邮箱 网站链接 验证(*) 正文(*)(留言最长字数:100000) 记住我,下次回复时不用重新输入个人信息 ◎欢迎参与讨论，请在这里发表您的看法、交流您的观点。 RSS feed Comments feed RSS mail Comments mail Previous Comments Categories Archives Misc Blogroll Top WordPress --> Copyright 1985-2010 Hoho.im All Rights Reserved. 浙ICP备08107652号