PDA

View Full Version : FLash Actionscript 2 Obfuscation


tonixxr
August 7th, 2012, 09:40

Today I stumbled around an obfuscated Flash Actionscript 2 Code that looked like this when decompiled. I've been looking around to find out what kind of encryption this is and yet no luck. I'm really curious to know what kind of encryption/obfuscation it is and how strong  it is.

Anyone can help?




function _-k(d, g)

    {

        with (UL.UL[UL])

        {

            if (UL == 0.000000)

            {

                UL = UL;

                UL = UL - 1;

            }

            else if (UL == 1)

            {

                UL = UL + 1;

                UL = UL;

            }

            else if (UL == 2)

            {

                UL = UL;

                UL = UL + 1;

            }

            else if (UL == 3)

            {

                UL = UL - 1;

                UL = UL;

            }

        }

    } 


tonixxr
August 7th, 2012, 10:30
I happen to have both unencrypted and encrypted version, and by using HxD, I can see that It has removed variable and function names to nonsense junk. Now what I don't understand is why when using SWF Investigator it throws an error "Error parsing SWF. Error #1125"

I am really interested in knowing what kind of protection this is.


I have opened it in Amayeta SWF Encrypt 6, and it shows it as encrypted. WHile I tried to compile a flash file with another encryptor, SWF Encrypt 6 didnt show it as encrypted. Does this mean that the file is protected with SWF encrypt?

If so, how is it that, when I protect my swf with SWF Encrypt 6, it shows a lot of eval('\x03') statements instead of those UL.UL() when decompiled.

YesItsMe
August 11th, 2012, 03:03
What you are seeing is junk code, this is not encryption, it's simply junk code to fool decompilers.

tonixxr
August 14th, 2012, 06:39
but why don't I see any real code?
how can that junk code be removed?