Darkmist! Posted November 22, 2009 Share Posted November 22, 2009 what is a great way to decompile programs such as javascript, flash, exe, etc. what programs do you, the hak5 elite use? Quote Link to comment Share on other sites More sharing options...
xeemo Posted November 22, 2009 Share Posted November 22, 2009 I'd be surprised if there was much out there that worked well. I've heard of such things, but I've never used one. Just curious, what do you plan on using it for? Quote Link to comment Share on other sites More sharing options...
Darkmist! Posted November 22, 2009 Author Share Posted November 22, 2009 I'd be surprised if there was much out there that worked well. I've heard of such things, but I've never used one. Just curious, what do you plan on using it for? decompiling shockwave apps for passwords and things. reverse engineering. etc. also wondering what apps people use for stepping into a running processes to inject data. mubix had a vid on his blog about injecting a score into a flash game by putting it into a running process. i am just very interested in how process injection works and how malware works. Quote Link to comment Share on other sites More sharing options...
digip Posted November 23, 2009 Share Posted November 23, 2009 Sothink makes a decent flash decompiler. I use it a lot,b ut its an older version that only goes up to Flash 8. HAven't tried their newer versions, but give them a try. For exe's, Olly Debug or IDA debugger. Javascript is just plain text, view the source of a web page, or save the js file and open in notepad. If its encrypted javascript, it can be unencrypted by changing the function to either an alert or writing output to a textarea container. May have to do it several times against the output if its multilayered until you get the final plain text results. Quote Link to comment Share on other sites More sharing options...
Darkmist! Posted November 23, 2009 Author Share Posted November 23, 2009 Sothink makes a decent flash decompiler. I use it a lot,b ut its an older version that only goes up to Flash 8. HAven't tried their newer versions, but give them a try. For exe's, Olly Debug or IDA debugger. Javascript is just plain text, view the source of a web page, or save the js file and open in notepad. If its encrypted javascript, it can be unencrypted by changing the function to either an alert or writing output to a textarea container. May have to do it several times against the output if its multilayered until you get the final plain text results. wow thanks for the help, i will look into it. now with the javascript issue. how would you change the function without decrypting it first? forgive me, i do not do very much with programming or scripting. im still learning lol Quote Link to comment Share on other sites More sharing options...
Zimmer Posted November 23, 2009 Share Posted November 23, 2009 For flash I have been using Eltima's software I tried sothink and it didn't work but this one did. I have been using the trial it runs fine and works for my needs Quote Link to comment Share on other sites More sharing options...
digip Posted November 23, 2009 Share Posted November 23, 2009 how would you change the function without decrypting it first? I blogged about how to do this a while back: http://www.twistedpairrecords.com/blog/200...ging-spam-code/ Most scripts use some form of document.write for output, that when processed, runs the code and writes out the paylod to the page. If you change the output of the function from document.write to be something like an alert, or dump it inside of a plain html textarea, you can see the output it creates without executing it, which might only be the 1st layer of many in the obfuscation, which you then just repeat the process until you have all the plain text parts of the scripts. I recommend doing this in a virtual machine or sandboxed environment though, and even while offline, so it cant redirect you to any sites. Google for "javascript obfuscation" for more help. Quote Link to comment Share on other sites More sharing options...
Darkmist! Posted November 24, 2009 Author Share Posted November 24, 2009 I blogged about how to do this a while back: http://www.twistedpairrecords.com/blog/200...ging-spam-code/ Most scripts use some form of document.write for output, that when processed, runs the code and writes out the paylod to the page. If you change the output of the function from document.write to be something like an alert, or dump it inside of a plain html textarea, you can see the output it creates without executing it, which might only be the 1st layer of many in the obfuscation, which you then just repeat the process until you have all the plain text parts of the scripts. I recommend doing this in a virtual machine or sandboxed environment though, and even while offline, so it cant redirect you to any sites. Google for "javascript obfuscation" for more help. wow thanks a lot for the advice Quote Link to comment Share on other sites More sharing options...
digip Posted November 26, 2009 Share Posted November 26, 2009 Just tried out an HP program called SWFscan. Works awesome for decompiling flash to source, but also as a security tool, it will find vulns in the swf files and tell you what they are. For example, if they allow XSS attacks against the file itself, it will scan the file and tell you about the flaws. https://h30406.www3.hp.com/campaigns/2009/w...mpid=go/swfscan Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.