Skip to main content

有关swf加密的一点感想

最近想把某flash游戏的1代和2代下载下来玩,但是都有域名验证,于是只好搬出decompiler

1代没有加密,结果是这么判断的

if(_url.indexOf("http://") != -1){
// ok
}else{
// error
}

当然直接爆破就好了
2代加了密,而且好像是swfencypt的模式,一开始是想放弃了,但是一想其实那个swfencrypt只是插了段恶心的tag,代码其实没有变,所以想碰碰运气

于是接着看1代的raw code,如下

//96 0e 00 08 00 07 01 00 00 00 08 01 07 0f 00 00 00
_push "http://" 1 "" 15
//22
_getProperty
//96 02 00 08 02
_push "indexOf"
//52
_callMethod
//96 05 00 07 ff ff ff ff
_push 4294967295
//49
_equals2
//12
_not
//4c
_dup
//12
_not
//9d 02 00 23 00
_if true goto #21

原来得到_url是靠压一个0f进栈,然后调22

然后拿ue去2代的swf里搜0f 00 00 00 22,只有一处,我晕,然后往后看,很多都和1代代码相似,只是'indexOf'的位置不一样,所以push的值也有少许区别。

由于判断的是!=,所以一般会有个not,结果不远处果然有个 12 9d, 然后把12改成01。

然后竟然就能玩了。。。

感想是:

1.swfencrypt的加密某种方面来说还是很弱
2.写代码时注意安全才是最重要的 -- 但是给程序员带来了而外的麻烦。。。
3.今天运气不错~~

Comments

Popular posts from this blog

Determine Perspective Lines With Off-page Vanishing Point

In perspective drawing, a vanishing point represents a group of parallel lines, in other words, a direction. For any point on the paper, if we want a line towards the same direction (in the 3d space), we simply draw a line through it and the vanishing point. But sometimes the vanishing point is too far away, such that it is outside the paper/canvas. In this example, we have a point P and two perspective lines L1 and L2. The vanishing point VP is naturally the intersection of L1 and L2. The task is to draw a line through P and VP, without having VP on the paper. I am aware of a few traditional solutions: 1. Use extra pieces of paper such that we can extend L1 and L2 until we see VP. 2. Draw everything in a smaller scale, such that we can see both P and VP on the paper. Draw the line and scale everything back. 3. Draw a perspective grid using the Brewer Method. #1 and #2 might be quite practical. #3 may not guarantee a solution, unless we can measure distances/p...

Hardware Password Manager

[Updates 2025-01-20] The original blog post assumes that all passwords are stored in one password manager, and the password manager either unlocks everything or nothing (e.g. Keepass). After discussing with friends, I realized that if I use something like pass , and I use a hardware GPG token, I can actually store and sync all encrypted passwords to all devices, because I will only decrypt the passwords on demand, and the computer will not see the GPG private key. The compromise is that the computer will see the list of all password entries (e.g. accounts), as well as a few other issues . I've been using Keepass for many years. I don't use online password services because I cannot fully trust them. Besides, I may not always have Internet connection, which is why I also don't use a self-hosted service. Everything has been working fine, until I turn my paranoid knob to the max. Here's the thought experiment . The Imaginary Scenario Let's say I have 100 PCs for differe...

Installing Linux on Surface Pro 1g

Windows 10 will soon reach its end of life, and my 1-gen Surface Pro is not supported by Windows 11. I (finally) decided to install Linux to it. Fortunately, it's a not-so-easy nice adventure: The device has only one USB port, so I have to bring back my 10+-year old USB hub. My live USB drive cannot boot directly, I have to disable Secure Boot first, by holding Volume Up during boot. I think years ago I learned that booting on USB might not work through a USB hub, but fortunatelly it worked well with my setup. This is done by holding Volume Down during boot. Wifi adapter was detected in the live Linux environment, but not functional. And I don't have a USB-Ethernet adapter. Luckily, nowadays we have USB-tethering from Android phones, which works out-of-the-box. Originally I planned to following this guide to set up root on ZFS, however, the system froze when building the ZFS kernel module. Then I decided to just use EXT4, yet I still learned a lot from the guide about disk par...