Welcome to HBH! If you had an account on hellboundhacker.org you will need to reset your password using the Lost Password system before you will be able to login.

Problem while trying to hack flah...

  1. Home
  2. Forum
  3. Hacking in general
  4. Problem while trying to hack flah...

ghost's Avatar

ghost

0 0

Hi,

I am new here. I apologize if I poste this in the wrong section but I need a little help…

I download a game swf file and try to hack the game but I found part of the code has been obfuscated…

Here is part of the code…

function ()
{
    \x03 = 2772 % 511 * true;
    return (eval("\x03"));
} // End of the function
var \x01 = 714 + \x04\x05();
while (\x01 = eval("\x01") + 12, eval("\x01") == 907)
{
    \x01 = eval("\x01") + 39;
    break;
} // end while
if (eval("\x01") == 691)
{
    \x01 = eval("\x01") - 235;
    
} // end if
\x01 = eval("\x01") + 621;
...```

I am thinking there ma be a way to decrypt the code but does anyone have any idea what I can do?

p4plus2's Avatar

p4plus2

Member
0 0

When flash is compiled into byte code(kinda like java) name mashing occurred. This is also what happens in other languages like C/C++ making them difficult to be decompiled(as well as several other factors). The compiler will sometimes use a basic naming structure to help make things easier but it will never be easy. On top of this there are also other transformations applied to the code when compiled such as changing datatypes around into a more computer legible version.

This data has not been obfuscated, this is just what happens from decompiling a swf file. Furthermore, it would have required a password if it was truly obfuscated.


ghost's Avatar

ghost

0 0

Hi p4plus2,

Thanks for the explanations. I am curious if there is a way to revert all those weird codes back to their orginal form?

I have seen someone uploaded another swf but all the codes are visible in their origial form…


p4plus2's Avatar

p4plus2

Member
0 0

Older versions of the swf did not mangle names nearly as much. With the introduction of actionscript 3 is when we begin to see code which is much less human readable. The best thing I could suggest would be trying various decompilers until you come across one that will give variables and functions artificial names, but don't hold your breathe odds are there probably is not one out there yet. Sothink, trillix, and flash decompiler gold all had no successes for me.


ghost's Avatar

ghost

0 0

Thanks for the detailed explanation. :D

I think I found out what program what used to produced such codes…

Knowing what program it is originated from, would it be possible to reverse engineer the program to obtain the encryption routine or help decrypt the encoded actionscript in someway?


p4plus2's Avatar

p4plus2

Member
0 0

In some situations knowing the program used can help but in the case of flash, from my experience at least, this does not seem to apply. Flash seems to have a very distinct naming structure that must be followed in order for the idea to function properly. The following links may be of particular interest you if the internal workings of flash works. http://www.adobe.com/devnet/swf/pdf/swf_file_format_spec_v10.pdf

EDIT: be prepared its 278 pages long. I have not read the document myself(but I plan to), and it will likely go way more in depth than you need. Remember ctrl-f is your friend.