The SWFRETools are a collection of tools built for vulnerability analysis of the Adobe Flash player and for malware analysis of malicious SWF files. The tools are partly written in Java and partly in Python and are licensed under the GPL 2.0 license.
The following tools are part of the SWFRETools:

  • Flash Dissector: Binary viewer for SWF files
  • SWF Parser: Build your own tools using this parser
  • Minimizer: Automatically minimize crashing SWF files
  • FP Debugger: Trace the Flash Player dynamically
  • StatsGenerator: Generate stats over SWF files

Changelog

This new version 1.3.0 focuses primarily on allowing users to pass command line arguments to Flash Dissector to do useful things like unpack compressed SWF files or dump the content of SWF files to stdout. The latter is very useful because it is easier to understand disassembled ActionScript code when you have it in a real code editor instead of the (still) crude GUI of Flash Dissector. Here is an example of what the output of such a dump looks like.

Changes:

  • Feature: It is now possible to dump the content of a SWF file to stdout by doing ‘dissector.jar -dump <input file>’.
  • Feature: It is now possible to decompress SWF files by doing ‘dissector.jar -decompress <input file> -o <output file>’.
  • Feature: It is now possible to open files in SWF Dissector from the command line doing ‘dissector.jar <file1> <file2> … <filen>’.
  • Feature: Function bodies defined by the ActionScript 2 functions DefineFunction and DefineFunction2 are now aligned better in the GUI to improve readability of the code.
  • Feature: Individual elements of a SWF file can now be dumped to a new file by right-clicking on the elements in the main tree of the GUI.
  • Bugfix: Fixed a bug in the Minimizer that prevented it from working with compressed SWF files.

Download

Download Post in PDF Save Post as PDF