Disassembling a SWF with swfdump

I mentioned in an earlier post that the open-source Flex SDK project includes a Java library — swfutils.jar — that supports reading and writing SWF files and the ActionScript Byte Code (ABC) inside them.

The bin folder of the SDK includes a command-line tool, swfdump, which uses swfutils.jar to produce a disassembly of a SWF file. It doesn’t bear much resemblance to your MXML and AS source code, because that got compiled down to low-level instructions for the ActionScript Virtual Machine. But it provides the most detailed info about a SWF that you can obtain.

Take any old SWF and do this:

swfdump -abc MyApp.swf > out.txt

I suggest piping the output to a file, or you’ll end up waiting a long time for the output to scroll by in your shell window.

Here an example of what the getter and setter for the label property of mx.controls.Button look like:


B2 13 01 01 0B 0C 06 function get mx.controls:Button:::label()::String
maxStack:1 localCount:1 initScopeDepth:11 maxScopeDepth:12
D0                       getlocal0
30                       pushscope
60 AA 10                 getlex        	private:_label
48                       returnvalue
0 Extras
0 Traits Entries


B3 13 03 02 0B 0C 3D function set mx.controls:Button:::label(:String)::void
maxStack:3 localCount:2 initScopeDepth:11 maxScopeDepth:12
D0                       getlocal0
30                       pushscope
5E A1 10                 findproperty  	private:labelSet
26                       pushtrue
68 A1 10                 initproperty  	private:labelSet
60 AA 10                 getlex        	private:_label
D1                       getlocal1
13 2B 00 00              ifeq          	L0
5E AA 10                 findproperty  	private:_label
D1                       getlocal1
68 AA 10                 initproperty  	private:_label
5E E2 0F                 findproperty  	private:labelChanged
26                       pushtrue
68 E2 0F                 initproperty  	private:labelChanged
5D F1 04                 findpropstrict	:invalidateSize
4F F1 04 00              callpropvoid  	:invalidateSize (0)
5D C1 02                 findpropstrict	:invalidateDisplayList
4F C1 02 00              callpropvoid  	:invalidateDisplayList (0)
5D F7 03                 findpropstrict	:dispatchEvent
5D 13                    findpropstrict	flash.events:Event
2C 97 02                 pushstring    	"labelChanged"
4A 13 01                 constructprop 	flash.events:Event (1)
4F F7 03 01              callpropvoid  	:dispatchEvent (1)
47                   L0: returnvoid
0 Extras
0 Traits Entries

As you can see, it actually shows the names of classes, properties, and methods, and isn’t that unintelligible, especially once you begin to understand the bytecode instructions. Now that anyone can disassemble anybody else’s SWF, I guess this means that the market for a good AS3 obfuscator is going to heat up!

6 Responses to Disassembling a SWF with swfdump

  1. George says:

    java $VMARGS -jar “$FLEX_HOME/lib/swfdump.jar” “$@”Neither swfdump.jar nor swfutils.jar exist.

  2. George says:

    Resolved. Need to rebuild with ant.

  3. Pete Farland says:

    Just a quick note that in earlier releases of Flex before we went open source, swfutils.jar used to be called swfkit.jar (but going forward it will be swfutils.jar).

  4. Here is old application (AIR) written by one of our consultants that is a bit more interactive/easier to use:http://www.docsultant.com/nemo440/Enjoy,Anatole

  5. William C. says:

    Well… Here’s my question for the really gifted computer scientists and engineers out there:If swf’s are so easy to decompile, how is there even a market for creating swfs? I’m sure swfs are easier to decompile than say compiled C/C++ code.

  6. Gordon Smith says:

    The swfdump tool is a disassembler, not a decompiler; it doesn’t produce AS or MXML source code. There are similar disassemblers that output virtual machine instructions for Java and .NET code. C/C++ can be disassembled to processor-level instructions, which are definitely harder to make sense of than virtual machine instructions. But ultimately, there is no software that can’t be reverse-engineered.