Introducing SWF iD: Flash reverser companion

Hey, dear friends!
I’m very glad to share with you one nice freeware tool every flash reverser (especially beginner one) should have in his toolbox: SWF iD!
It was recently released to the public by Lizard. The purpose of this tool – to allow reverser make fast first glimpse at the target swf file, study its protection (if present), compression, AS version, tags, etc.
Here is how it looks like:
SWF iD

You could find it very similar to the famous PE files analyzer PEiD

More screenshots: http://swfid.net/screenshots.php

Please, note the Process Scan button – it allows you to search for SWF files right in the processes memory and dump them to disk, very handy addition. This is a search example in Flash Player process, running SWF packed with SecureSWF:
SWF iD process scan

Processes IDs will be added to the processes names in the future versions

You can see here unpacked swf found and detected as Secure SWF 4.0 protected. Process Scan can ignore standard built-in Flash Player SWF files (Filtration FP Noise checkbox) and can skip fake SWF signatures as well (fakes detection sensitivity will be configurable in future versions).

SWF iD supports plug-ins and ships with few default: http://swfid.net/plugins.php
Keep in mind tool is still in early development stage so you’ll meet some bugs for sure, feel free to report them here: swf-id{at}ya.ru.
If you have any suggestions, ideas or anything else to say, just post all this here in comments, or send directly to author using email I mentioned before!

SWF iD homepage: http://swfid.net/.

Found a typo? Please, highlight it and press Shift + Enter or click here to inform me!

Share Button

Advanced DoSWF encryption? Challenge accepted!

Greetings!
As I previously wrote about flash files unpacking, you can achieve that using static unpacking or dumping swf file from memory usually. There are some exceptions however, and I’ll tell you about one such exception in this article.

Developer of the DoSWF protector (made in China) used few simple yet interesting tricks to prevent revealing of the original SWF, I like something harder than clicking one button)
I guess many poor “hackers” (as they like to name themselves) have no idea why dumped files are not working, and can’t do anything about it.

Let me show you an example how to unpack SWF encrypted with DoSWF (many pictures ahead!)… Continue reading

Found a typo? Please, highlight it and press Shift + Enter or click here to inform me!

Share Button

Packed SWF. How to unpack?

Hey, friends!
In this post I’d like to explain you what is a packed SWF, how it looks and show you some methods of dynamic and static unpacking.
Continue reading

Found a typo? Please, highlight it and press Shift + Enter or click here to inform me!

Share Button

Article about flash security

Just posted my article about flash security in the Russian. Sorry, I’ve no English version – maybe I’ll translate it someday…

Found a typo? Please, highlight it and press Shift + Enter or click here to inform me!

Share Button