I mentioned in an earlier post that the open-source Flex SDK project includes a Java library — swfutils.jar — that supports reading and writing SWF files and the ActionScript Byte Code (ABC) inside them.
The bin folder of the SDK includes a command-line tool, swfdump, which uses swfutils.jar to produce a disassembly of a SWF file. It doesn’t bear much resemblance to your MXML and AS source code, because that got compiled down to low-level instructions for the ActionScript Virtual Machine. But it provides the most detailed info about a SWF that you can obtain.
Take any old SWF and do this:
swfdump -abc MyApp.swf > out.txt
I suggest piping the output to a file, or you’ll end up waiting a long time for the output to scroll by in your shell window.
Here an example of what the getter and setter for the label property of mx.controls.Button look like:
Getter:
B2 13 01 01 0B 0C 06 function get mx.controls:Button:::label()::String maxStack:1 localCount:1 initScopeDepth:11 maxScopeDepth:12 D0 getlocal0 30 pushscope 60 AA 10 getlex private:_label 48 returnvalue 0 Extras 0 Traits Entries
Setter:
B3 13 03 02 0B 0C 3D function set mx.controls:Button:::label(:String)::void maxStack:3 localCount:2 initScopeDepth:11 maxScopeDepth:12 D0 getlocal0 30 pushscope 5E A1 10 findproperty private:labelSet 26 pushtrue 68 A1 10 initproperty private:labelSet 60 AA 10 getlex private:_label D1 getlocal1 13 2B 00 00 ifeq L0 5E AA 10 findproperty private:_label D1 getlocal1 68 AA 10 initproperty private:_label 5E E2 0F findproperty private:labelChanged 26 pushtrue 68 E2 0F initproperty private:labelChanged 5D F1 04 findpropstrict :invalidateSize 4F F1 04 00 callpropvoid :invalidateSize (0) 5D C1 02 findpropstrict :invalidateDisplayList 4F C1 02 00 callpropvoid :invalidateDisplayList (0) 5D F7 03 findpropstrict :dispatchEvent 5D 13 findpropstrict flash.events:Event 2C 97 02 pushstring "labelChanged" 4A 13 01 constructprop flash.events:Event (1) 4F F7 03 01 callpropvoid :dispatchEvent (1) 47 L0: returnvoid 0 Extras 0 Traits Entries
As you can see, it actually shows the names of classes, properties, and methods, and isn’t that unintelligible, especially once you begin to understand the bytecode instructions. Now that anyone can disassemble anybody else’s SWF, I guess this means that the market for a good AS3 obfuscator is going to heat up!
Comments
java $VMARGS -jar “$FLEX_HOME/lib/swfdump.jar” “$@”Neither swfdump.jar nor swfutils.jar exist.
Resolved. Need to rebuild with ant.
Just a quick note that in earlier releases of Flex before we went open source, swfutils.jar used to be called swfkit.jar (but going forward it will be swfutils.jar).
Here is old application (AIR) written by one of our consultants that is a bit more interactive/easier to use:http://www.docsultant.com/nemo440/Enjoy,Anatole
Well… Here’s my question for the really gifted computer scientists and engineers out there:If swf’s are so easy to decompile, how is there even a market for creating swfs? I’m sure swfs are easier to decompile than say compiled C/C++ code.
The swfdump tool is a disassembler, not a decompiler; it doesn’t produce AS or MXML source code. There are similar disassemblers that output virtual machine instructions for Java and .NET code. C/C++ can be disassembled to processor-level instructions, which are definitely harder to make sense of than virtual machine instructions. But ultimately, there is no software that can’t be reverse-engineered.