Jump to content

decompilers for all


Darkmist!
 Share

Recommended Posts

I'd be surprised if there was much out there that worked well. I've heard of such things, but I've never used one.

Just curious, what do you plan on using it for?

decompiling shockwave apps for passwords and things. reverse engineering. etc. also wondering what apps people use for stepping into a running processes to inject data. mubix had a vid on his blog about injecting a score into a flash game by putting it into a running process. i am just very interested in how process injection works and how malware works.

Link to comment
Share on other sites

Sothink makes a decent flash decompiler. I use it a lot,b ut its an older version that only goes up to Flash 8. HAven't tried their newer versions, but give them a try. For exe's, Olly Debug or IDA debugger.

Javascript is just plain text, view the source of a web page, or save the js file and open in notepad. If its encrypted javascript, it can be unencrypted by changing the function to either an alert or writing output to a textarea container. May have to do it several times against the output if its multilayered until you get the final plain text results.

Link to comment
Share on other sites

Sothink makes a decent flash decompiler. I use it a lot,b ut its an older version that only goes up to Flash 8. HAven't tried their newer versions, but give them a try. For exe's, Olly Debug or IDA debugger.

Javascript is just plain text, view the source of a web page, or save the js file and open in notepad. If its encrypted javascript, it can be unencrypted by changing the function to either an alert or writing output to a textarea container. May have to do it several times against the output if its multilayered until you get the final plain text results.

wow thanks for the help, i will look into it. now with the javascript issue. how would you change the function without decrypting it first?

forgive me, i do not do very much with programming or scripting. im still learning lol

Link to comment
Share on other sites

how would you change the function without decrypting it first?

I blogged about how to do this a while back: http://www.twistedpairrecords.com/blog/200...ging-spam-code/

Most scripts use some form of document.write for output, that when processed, runs the code and writes out the paylod to the page. If you change the output of the function from document.write to be something like an alert, or dump it inside of a plain html textarea, you can see the output it creates without executing it, which might only be the 1st layer of many in the obfuscation, which you then just repeat the process until you have all the plain text parts of the scripts. I recommend doing this in a virtual machine or sandboxed environment though, and even while offline, so it cant redirect you to any sites.

Google for "javascript obfuscation" for more help.

Link to comment
Share on other sites

I blogged about how to do this a while back: http://www.twistedpairrecords.com/blog/200...ging-spam-code/

Most scripts use some form of document.write for output, that when processed, runs the code and writes out the paylod to the page. If you change the output of the function from document.write to be something like an alert, or dump it inside of a plain html textarea, you can see the output it creates without executing it, which might only be the 1st layer of many in the obfuscation, which you then just repeat the process until you have all the plain text parts of the scripts. I recommend doing this in a virtual machine or sandboxed environment though, and even while offline, so it cant redirect you to any sites.

Google for "javascript obfuscation" for more help.

wow thanks a lot for the advice

Link to comment
Share on other sites

Just tried out an HP program called SWFscan. Works awesome for decompiling flash to source, but also as a security tool, it will find vulns in the swf files and tell you what they are. For example, if they allow XSS attacks against the file itself, it will scan the file and tell you about the flaws.

https://h30406.www3.hp.com/campaigns/2009/w...mpid=go/swfscan

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...