PDA

View Full Version : Flash Decompilation Challenege is Back


mattkenefick
01-23-2008, 06:49 PM
Seems like people were interested... So give this a go.

https://www.seesaw-server.net/decompile/

The certificate on it is broken right now.. so you'll have to accept and such. Sorry about that. It's safe though, I promise.


I know ASF will be happy to see this is back.

--


oh yeah.. the idea is to get the file, copy the AS inside it and repost it here..

mattkenefick
01-23-2008, 07:02 PM
I'm finding some issues with IE browsers, but I believe these are due to my certificate being broken. FireFox Mac/PC , Safari should all see it fine.

mattkenefick
01-23-2008, 07:29 PM
Change:

FIXED: Netscape had a bug where RightClicking and going to "Media" tab .. File could be downloaded.
FIXED: Wireshark monitoring / Ethereal monitorinig
FIXED: Safari activity monitor downloading

asf8
01-24-2008, 04:57 AM
Hi Matt,

Ok, so its back. But the question remains, is it just another thread for people to be guinea pig testers? Then you disappear again or are you actually gonna share the technique with others (tutorial/source) as promised 2 thread challenges ago? This makes the fifth unless I am am forgeting more ;-)

1.) How to prevent someone from decompiling your SWF files... (http://www.actionscript.org/forums/showthread.php3?t=141217)
2.) Anti-decryption Method. Extension Thread (http://www.actionscript.org/forums/showthread.php3?t=141524)
3.) Flash Decompilation Challenge (http://www.actionscript.org/forums/showthread.php3?t=141543)
4.) NEW Flash Decompliation Challenge (http://www.actionscript.org/forums/showthread.php3?t=142516)
5.) Flash Decompilation Challenege is Back (http://www.actionscript.org/forums/showthread.php3?t=158637) (this thread)

I mean common Matt my hopes have been riding high and falling short for a half a year now chasing you around the forums to finish this up and disclose the technique. ;)

Not to mention the many others whom are and would be interested. I would like to believe that this would come to a closure and you would share your goodness that you have crafted... but.....

In this thread you say - Are you afraid of releasing your Flash work? (http://www.actionscript.org/forums/showthread.php3?p=696611)

I currently have some Flash projects I'm reluctant to make public for the fact they will be copied. ........ Anyone else feel this way?

Check my thread in Challenges. Might solve our issues. Find someone that can break it. If they cant.. then there we go.

So "we" as in your gonna release the technique to others? Common Matt, I am tired of chasing you :-) Share the goodness friend!

;):)

mattkenefick
01-24-2008, 06:05 AM
Well, after further testing of the method before.. I found some bugs that wouldn't let it work. It would have been a great to slow the process.. but once it got found out and someone released the technique to bypass it.. so what would be the point?

I needed to test further and come up with a solution but my time with work and stuff became really tight and I wasn't able to work on it.

But recently I've thought about things and think I've found a new / improved system that will work. This is a new test that is separate from the previous ones. I'm asking people to break this one and see if this is "the one" or if it's back to the drawing board.

There's no sense in writing an article in something you know has potential flaws.

mattkenefick
01-24-2008, 01:17 PM
NOTE: If you find anything with LoadVars.. that is the wrong file.

asf8
01-24-2008, 01:26 PM
Update: I updated my previous post above, as I was mistaken, this is the 5th Thread you have had about this. I had forgotten 2 of them ;-)

Well, after further testing of the method before.. I found some bugs that wouldn't let it work. It would have been a great to slow the process.. but once it got found out and someone released the technique to bypass it.. so what would be the point? I needed to test further and come up with a solution but my time with work and stuff became really tight and I wasn't able to work on it. But recently I've thought about things and think I've found a new / improved system that will work. This is a new test that is separate from the previous ones. I'm asking people to break this one and see if this is "the one" or if it's back to the drawing board. There's no sense in writing an article in something you know has potential flaws.

I understand all that, I want you to know I appreciate your effort and coming back.... I still hope something will come out of all this (ie: a solid method, that will be shared). ;-)

NOTE: If you find anything with LoadVars.. that is the wrong file.

okie dokie.... see my next post below with the results I was able to get!

asf8
01-24-2008, 01:43 PM
Unfortunately I think I solved it.... ;):)

Start Results --------------------------------------------------------------------

1.) Ok so I go to this address -- https://www.seesaw-server.net/decompile/
2.) I see a quick text flash that reads something like -- asdfasdfasdf
3.) Then I see this text which is in some swf -- flyyyyyyy

Ok now for the nuts and bolts (specs):

When I go the the address I see a quick text flash that reads -- asdfasdfasdf
SSL -- Connection Encrypted: High-grade Encryption (AES-256 256 bit)

decompile.html

<script src="js/swfobject.js"></script>
<div id="hi">a</div>
<script>
// <![CDATA[

var so = new SWFObject('flash/initial.swf', "logo", "550", "400", "8", "#FFFFFF");
so.addParam("wmode", "transparent");
so.write("hi");

// ]]>
</script>

initial.swf - actionscript code

frame 1
var sv = new LoadVars();
var lv = new LoadVars();
lv.myurl = _root._url;
lv.sendAndLoad('swf.php', sv, 'POST');
sv.onLoad = function (success) {
if (success) {
_root.txt.text = this.response;
_root.loadMovie(this.response);
}
};

swf.php

displays a bunch of garbled text that wont display here!

...decompile/swf.php When I try to open the php file in a new window it read:

Dont hotlink this

Loaded SWF - displays this (on screen)

flyyyyyyy

Drum Roll --------------------------------------------------------------------

Loaded SWF - actionscript code

frame 1
hi.text = 'flyyyyyyy';
}
};

END Results --------------------------------------------------------------------

So how did I do? :)

mattkenefick
01-24-2008, 01:49 PM
How did you come about that?

asf8
01-24-2008, 02:01 PM
First --- is it right ? :confused:

mattkenefick
01-24-2008, 02:03 PM
Oh you remember this all from the last threads. Remember in math class how you were only awarded 1 point for an answer and all 5 for your work? C'mon.

Depends on how you went about getting it.

- The file can't be directly downloaded.
- The file can't be directly viewed.
- The file shouldn't* show up in cache / media view.
- SWF Catchers shouldn't work
- SSL should prevent the data transmission of plain text
- Shouldn't have been able to recreate the transaction process

Which of those are wrong or is it a different method


--

I'm not doing this for my own health ;)

asf8
01-24-2008, 02:18 PM
Oh you remember this all from the last threads. Remember in math class how you were only awarded 1 point for an answer and all 5 for your work? C'mon.

Depends on how you went about getting it.

- The file can't be directly downloaded.
- The file can't be directly viewed.
- The file shouldn't* show up in cache / media view.
- SWF Catchers shouldn't work
- SSL should prevent the data transmission of plain text
- Shouldn't have been able to recreate the transaction process

Which of those are wrong or is it a different method

-- I'm not doing this for my own health

Well I just used standard off the shelf web browsers, no networking things, catchers, tricks, or any other hardcore stuff (as I am not really a hack).

Anyway.....

[Q] The file can't be directly downloaded.
[A] Well I did...
[Q] The file can't be directly viewed.
[A] Correct, couldnt see it ( atleast I thought )
[Q] The file shouldn't* show up in cache / media view.
[A] Nope, ( atleast I thought )
[Q] SWF Catchers shouldn't work
[A] Dont have any of those!
[Q] SSL should prevent the data transmission of plain text
[A] Was not using any network analyzers etc... so I would assume thats true
[Q] Shouldn't have been able to recreate the transaction process
[A] Wouldnt even know where to start ;-) (again not a hack)

[Q] Which of those are wrong or is it a different method
[A] So yes/no and yeah I guess its a different answer (in a round about way)

[C] I'm not doing this for my own health
[A] I think we would all be Taxi drivers if we were concerned about a slow pace job with out any continual learning curve and no challenges each day. ;-)

:o:eek::);)

mattkenefick
01-24-2008, 02:45 PM
Oh wow. I overlooked that part. I think I know what you did. Let me re-assess and you try again. I'll let you know.

mattkenefick
01-24-2008, 05:48 PM
OK Try that again.

asf8
01-24-2008, 08:43 PM
Oh wow. I overlooked that part. I think I know what you did. Let me re-assess and you try again. I'll let you know.

OK Try that again.

Well, now I can not replicate what I did before. I am unable to get the file in the same manner to then decompile and get the AS. Unless I can think of something, it appears pretty good. But then again I am not a true hack or trying to use anything but my browser, so maybe someone else can figure it out ??

Now Matt, dont run off for 6 months again buddy....Lets finalize this baby and give up the secret! (at a minimum PM me the source and a written tutorial - ha, ha)

:);)

Atleast I got farther than the folks on FlashKit (ha, ha)
http://board.flashkit.com/board/showthread.php?threadid=756835

mattkenefick
01-24-2008, 09:01 PM
Lets wait and see if we can get some other people going on this..

The thing you got before, yes you did get it.. it was a hole I forgot to patch up before I released it.


We gotta wait to see what others can do before wasting time writing something about it.

asf8
01-24-2008, 09:11 PM
Lets wait and see if we can get some other people going on this.. The thing you got before, yes you did get it.. it was a hole I forgot to patch up before I released it. We gotta wait to see what others can do before wasting time writing something about it.

Yeah I know, was just asking you to not run off again :eek: :(

I hope you atleast changed whats in the swf ;-) Aslo it probably should have been a more complex code in the swf, as someone could have guessed... "hi.text = 'flyyyyyyy';" based on the div, so.write, and visible text etc... I didnt guess though.... I am glad it was right... yippie! I just hope someone else will try it as maybe I am missing somthing. (but as of right now cant think of anything).

Curious to see what happens next! See ya around! ;)

mattkenefick
01-25-2008, 01:50 PM
Anyone else going to try?

xwielder
01-25-2008, 03:35 PM
Anyone else going to try?

Nope. Absolutely not. After following this topic (and others related to this puzzle), it's quite obvious that you won't play fair. As soon as someone figures it out, you'll cry "..wait wait, I wasn't ready. Lemme fix it and try again". Face it Matt... you've even stated on a separate topic how protective you are of your code and your work. I feel sorry for poor asf8. He's chasing your tail around and around with no fruit to ever bear.

my 2 cents.

asf8
01-25-2008, 03:51 PM
Nope. Absolutely not. After following this topic (and others related to this puzzle), it's quite obvious that you won't play fair. As soon as someone figures it out, you'll cry "..wait wait, I wasn't ready. Lemme fix it and try again". Face it Matt... you've even stated on a separate topic how protective you are of your code and your work. I feel sorry for poor asf8. He's chasing your tail around and around with no fruit to ever bear. my 2 cents.

Thanks xwielder, I appreciate the input on the chasing around issue, very true its been ridiculous :-) (Thats why I have included all the links so others can play along with me from home (ha, ha) ! I need the exercise but unfortunately not this digital kind of running around ;-).

I will just wait and see what happens with mattkenefick and how this pans out, and yeah hopefully not the same as it has..... but we will see. Again thanks xwielder.

Seems like there are not many takers by the way, here or elsewhere:
http://board.flashkit.com/board/showthread.php?threadid=756835
http://www.kirupa.com/forum/showthread.php?t=287015
... perhaps more lingering out there as well

Also just curious mattkenefick, but as stated in this thread (http://www.actionscript.org/forums/showthread.php3?p=697203#post697203) how are you gonna handle caching and the SWF being on the machine in the Temp Folder when the site is viewed? Which is the case on any broswer machine, no? Its it comes across the pipes it there somewhere right?

mattkenefick
01-25-2008, 05:29 PM
Dont' you thikn with the amount of views all the threads and limited responses that the fact is no one has been able to do it?

xweilder, I think you're not going to try it cause you don't know how. What fruit am I supposed to bear him? If someone solves it, do you really want an article on a method that has been compromised? What's the point?

And the point of these is that if you solve it, you tell me how so I can patch up that hole. Then you try again until no one can do it. Then that is a successful method.

I'm not doing this so "Oh yay you solved it good job! Heres $5 dollars and a useless method." That would be pointless. I'm posting this around to forums for beta testers. As soon as I conclude that the method is good enough that no one can break it, I'd write something... But if my methods fail, is there any reason to write? No there isn't.

What are you wanting out of this ASF8? I thought you were looking for an anti-decompilation method. Well if you finding a hole, and me leaving it open is what you want.. then ok. But if you want something that works, this is how you go about it.

mattkenefick
01-25-2008, 05:30 PM
And to your response asf8, "Also just curious mattkenefick, but as stated in this thread how are you gonna handle caching and the SWF being on the machine in the Temp Folder when the site is viewed? Which is the case on any broswer machine, no? Its it comes across the pipes it there somewhere right?"..

If you are right, why not explore that method and see what you get??

asf8
01-25-2008, 08:35 PM
What are you wanting out of this ASF8? I thought you were looking for an anti-decompilation method. Well if you finding a hole, and me leaving it open is what you want.. then ok. But if you want something that works, this is how you go about it.

Well if you have not figured it out over the last 6 months ;-) I too am interested in protection the same as you. However I dont know how to achieve the technique you are/have been implementing, thus I was interested in this whole process and the outcome. Since the fact you said you would share before and here again.

As soon as I conclude that the method is good enough that no one can break it, I'd write something... .

Of course I agree regarding a secure working solution.

And to your response asf8, "Also just curious mattkenefick, but as stated in this thread how are you gonna handle caching and the SWF being on the machine in the Temp Folder when the site is viewed? Which is the case on any broswer machine, no? Its it comes across the pipes it there somewhere right?".. If you are right, why not explore that method and see what you get??

I tried, and the closest I can get is this from a cache file and I can not confirm its one of yours (but I think it is, but maybe not):
) 5a0 y?^ ymOB ٟ eIP?v

You mentioned this over at Kirupa:
You can use Firefox / Opera / Safari / Netscape for PC / Mac.. the only one that I've found to not work at the moment is IE. So for the test, give it a go on one of those browsers.

What is it about IE that doesnt work, or allows a whole in this technique?

mattkenefick
01-25-2008, 09:45 PM
I think it refuses to work in IE because it removes itself from the cache so the browser won't load it.

asf8
01-25-2008, 10:04 PM
I think it refuses to work in IE because it removes itself from the cache so the browser won't load it.

Does it remove the file from cache at the point of it being loaded or after you leave the page?

asf8
01-28-2008, 10:13 PM
:confused:

So I saw your conversation with routinet over at experts-exchange, based on the below comment are we to assume that this was all just for us Guinea Pigs to try out your method?

MattKenefick
01.25.2008 at 11:41AM PST, ID: 20745653
I'll continue working on this and see what I can do. It's not bad so far though. It blocks media tab, swf catchers, direct downloading, hotlinking, etc..

And really.. you have to be a little clever to figure this one out. But as good as it is so far, it is worthless once one person gets it.

I would figure then that there will be no write up, no sharing, no nothing, since that means you sharing it would then be one++ people knowing it.

Am I correct ? Or to the contrary might we see something on this ?

Your response? :eek::confused:

creynders
01-29-2008, 02:32 PM
I don't get it.
What's the challenge? To decompile the served swf?
Then it took me exactly 10 seconds.


https://www.seesaw-server.net/decompile/ 200 GET www.seesaw-server.net /decompile/ 43027 ms 1,15 KB Complete
https://www.seesaw-server.net/decompile/js/swfobject.js 200 GET www.seesaw-server.net /decompile/js/swfobject.js 4541 ms 7,42 KB Complete
https://www.seesaw-server.net/decompile/flash/initial.swf 200 GET www.seesaw-server.net /decompile/flash/initial.swf 4578 ms 1,11 KB Complete 550x400 v9 12fps
https://www.seesaw-server.net/favicon.ico 200 GET www.seesaw-server.net /favicon.ico 4618 ms 1,27 KB Complete 32x32
https://www.seesaw-server.net/decompile/swf.php 200 POST www.seesaw-server.net /decompile/swf.php 4609 ms 1,03 KB Complete
https://www.seesaw-server.net/decompile/swf.php 200 GET www.seesaw-server.net /decompile/swf.php 4912 ms 1,07 KB Complete 550x400 v9 12fps

I saved the last swf.php, renamed it to whatever.swf and ran a decompiler.
Inside the swf I found

hi.text = "flyyyyyyy"


That's it??

mattkenefick
01-30-2008, 07:22 PM
Yes you're guinea pigs, are you going to shed a tear over it or something? You're way overly emotional about this.

creynders
01-31-2008, 09:53 AM
To be honest I don't quite get what you're trying to do. There's no way that you can serve the swf w/o it being possible to intercept it. Renaming it to php is going to fool a few, but not most.

CobaltBlueDW
07-19-2008, 10:48 PM
Yeah. Concept Failure. I'm sure I don't even know how to setup all thee little things you tried to do to stop description, but I DO know that it is impossible to give someone the file without giving them it.

Flash can't play the file unless it has the file, and if flash gets the file the clients computer got the file. You can't encrypt the file in any way that the computer can't already decrypt, so your boned.

That is simple logic. Good job wasting other peoples time while you were wasting your own. Now you don't have to feel as badly about such ridiculous failure.

Oh, was this a flame? Oh shoot.

evride
07-29-2008, 09:09 AM
actually mattkenefick is a great flasher and he obviously is trying to find the best way to secure his work and secure data used by the play. I applaud him on his neverending quest and hope he succeeds at some point (then shares with the rest of us).

He like many other flashers does not like the fact that cheaters are out there trying to steal your code and either use it against you by using links to server-side scripts or just outright steal your work.