search

teesquared / flasturbate

A SWF obfuscator.
GNU General Public License v3.0
28 stars 7 forks source link

Static string const values are renamed. #3

Closed vpmedia closed 2 months ago

vpmedia commented 9 years ago

Example:

ClassA contains a public variable myVar : String; ClassB contains a static public const MY_VAR : String = "myVar";

Flasturbating ...

ClassA.myVar -> 1t7688s0 ClassB MY_VAR : String = "1t7688s0"; // Error

In my opinion string values should not be renamed at all.

Thanks!

vpmedia commented 9 years ago

Public variable (Class A):

trait slot QName(PackageNamespace(""), "myVar") type QName(PackageNamespace(""), "Number") end

Public static const (Class B):

trait const QName(PackageNamespace(""), "MY_VAR") type QName(PackageNamespace(""), "String") value Utf8("myVar") end
vpmedia commented 9 years ago

As I've checked the swfobfuscated.d iterates over abc.strings array. This array of strings contains EVERY strings in the SWF? Both property names and string values? I've found an isObfuscatable method which checks for abc.isNamespace(n) || abc.isMultiname(n) .. So const values are sorted to Multiname?

teesquared commented 9 years ago

Yeah this is an issue I knew about. To work around it you can either exclude the string or rename the string or variable name so they don't match. The reason why I don't check for string usage is because I believe it will require digging through the byte code to determine if that string is being uses as a string value. The look ups it does right now just use the name tables the disassembler had already created so it was an easier check.

teesquared commented 9 years ago

And the name tables it uses (namespace and multiname) do not include strings, only symbol names. The code you mention above is exactly what we would need to search through the byte code to find. I bet there are probably other ways strings can be used as well. It will be a bit of work to fix this one.

vpmedia commented 9 years ago

Thank you for the quick response, I'll go with excluding these vars for a while, there are only a few of them..

johnou commented 7 years ago

string values should not be changed at all, seems like a pretty huge issue, @vpmedia are you still using this library?

vpmedia commented 7 years ago

No, I don't use it anymore, AS3 lost its popularity so I'm with the 'enemy' now (JS) :)

johnou commented 7 years ago

@CyberShadow if I cleanup Teesquared's fork would you be willing to accept a merge request into your RABCDAsm repo?

CyberShadow commented 7 years ago

You mean, the entire project?

I've been planning to refactor RABCDAsm's code base so it's easier to use it as a library.

johnou commented 7 years ago

@CyberShadow this fork https://github.com/Teesquared/RABCDAsm , essentially building on top of your repo and adding support for obfuscating SWFs.

teesquared commented 7 years ago

What do you mean by cleanup?