Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Reverse-Engineering Flash Files with SWFRETools<br />Sebastian Porst (sp@porst.tv) – SOURCE Boston 2011<br />
About Me<br />2<br />
Current Work<br />3<br />
What this talk is about<br />Ship it!<br />4<br />
What this talk is not about<br />5<br />
Why is this relevant?<br />6<br />
SWF Files: An Overview<br />Header<br />Tag 1<br />Tag 2<br />Tag 3<br />Tag 4<br />…<br />Tag n<br />7<br />
SWF Files: Interesting Aspects<br />8<br />
Existing Tools<br />SWFTools<br />Flash Dump Decompiler<br />swfmill<br />Sothink SWF Decompiler<br />9<br />
Problems with existing tools<br />SWFTools<br />Flash Dump Decompiler<br />Crashes<br />Old<br />Limited<br />Wrong tool<b...
Introducing SWFRETools<br />11<br />
Goals<br />12<br />
Architecture<br />13<br />
Tool I: The Parser<br />14<br />
Parser Goals<br />15<br />
Workflow Intermezzo I<br />16<br />
Tool 2: Flash Dissector<br />17<br />
Flash Dissector Goals<br />18<br />
Flash Dissector Demo<br />19<br />
Weaknesses of Flash Dissector<br />20<br />
Flash Dissector Future<br />21<br />
Workflow Intermezzo II<br />22<br />
Static analysis vs Dynamic analysis<br />23<br />
Detour: Flash Player Debugger<br />24<br />
Detour: Flash Player Debugger<br />25<br />
Tool  III: Tracer/Debugger<br />26<br />
Tracer Implementation<br />27<br />
Last week in China<br />28<br />
Last week in China<br />29<br />
Tracer Plans<br />30<br />
Workflow Intermezzo III<br />31<br />
Minimizing sample files<br />32<br />
Minimizing files without templates<br />33<br />
Do not forget RETURN<br />34<br />Function A<br />Function B<br />Crash here<br />
Tool IV: Minimizer<br />35<br />
Automated minimizing<br />36<br />
Minimizer Goals<br />37<br />
Off to GitHub we go!<br />Shipped!<br />https://github.com/sporst<br />38<br />
Call for participation<br />39<br />
Summary<br />40<br />
Thank you!<br />41<br />?<br />
Let me help …<br />42<br />
Image Credits<br />http://www.flickr.com/photos/markchadwick/4592186576/<br />43<br />
Upcoming SlideShare
Loading in …5
×

of

Sebastian Porst - Reverse-Engineering Flash Files with SWFRETools Slide 1 Sebastian Porst - Reverse-Engineering Flash Files with SWFRETools Slide 2 Sebastian Porst - Reverse-Engineering Flash Files with SWFRETools Slide 3 Sebastian Porst - Reverse-Engineering Flash Files with SWFRETools Slide 4 Sebastian Porst - Reverse-Engineering Flash Files with SWFRETools Slide 5 Sebastian Porst - Reverse-Engineering Flash Files with SWFRETools Slide 6 Sebastian Porst - Reverse-Engineering Flash Files with SWFRETools Slide 7 Sebastian Porst - Reverse-Engineering Flash Files with SWFRETools Slide 8 Sebastian Porst - Reverse-Engineering Flash Files with SWFRETools Slide 9 Sebastian Porst - Reverse-Engineering Flash Files with SWFRETools Slide 10 Sebastian Porst - Reverse-Engineering Flash Files with SWFRETools Slide 11 Sebastian Porst - Reverse-Engineering Flash Files with SWFRETools Slide 12 Sebastian Porst - Reverse-Engineering Flash Files with SWFRETools Slide 13 Sebastian Porst - Reverse-Engineering Flash Files with SWFRETools Slide 14 Sebastian Porst - Reverse-Engineering Flash Files with SWFRETools Slide 15 Sebastian Porst - Reverse-Engineering Flash Files with SWFRETools Slide 16 Sebastian Porst - Reverse-Engineering Flash Files with SWFRETools Slide 17 Sebastian Porst - Reverse-Engineering Flash Files with SWFRETools Slide 18 Sebastian Porst - Reverse-Engineering Flash Files with SWFRETools Slide 19 Sebastian Porst - Reverse-Engineering Flash Files with SWFRETools Slide 20 Sebastian Porst - Reverse-Engineering Flash Files with SWFRETools Slide 21 Sebastian Porst - Reverse-Engineering Flash Files with SWFRETools Slide 22 Sebastian Porst - Reverse-Engineering Flash Files with SWFRETools Slide 23 Sebastian Porst - Reverse-Engineering Flash Files with SWFRETools Slide 24 Sebastian Porst - Reverse-Engineering Flash Files with SWFRETools Slide 25 Sebastian Porst - Reverse-Engineering Flash Files with SWFRETools Slide 26 Sebastian Porst - Reverse-Engineering Flash Files with SWFRETools Slide 27 Sebastian Porst - Reverse-Engineering Flash Files with SWFRETools Slide 28 Sebastian Porst - Reverse-Engineering Flash Files with SWFRETools Slide 29 Sebastian Porst - Reverse-Engineering Flash Files with SWFRETools Slide 30 Sebastian Porst - Reverse-Engineering Flash Files with SWFRETools Slide 31 Sebastian Porst - Reverse-Engineering Flash Files with SWFRETools Slide 32 Sebastian Porst - Reverse-Engineering Flash Files with SWFRETools Slide 33 Sebastian Porst - Reverse-Engineering Flash Files with SWFRETools Slide 34 Sebastian Porst - Reverse-Engineering Flash Files with SWFRETools Slide 35 Sebastian Porst - Reverse-Engineering Flash Files with SWFRETools Slide 36 Sebastian Porst - Reverse-Engineering Flash Files with SWFRETools Slide 37 Sebastian Porst - Reverse-Engineering Flash Files with SWFRETools Slide 38 Sebastian Porst - Reverse-Engineering Flash Files with SWFRETools Slide 39 Sebastian Porst - Reverse-Engineering Flash Files with SWFRETools Slide 40 Sebastian Porst - Reverse-Engineering Flash Files with SWFRETools Slide 41 Sebastian Porst - Reverse-Engineering Flash Files with SWFRETools Slide 42 Sebastian Porst - Reverse-Engineering Flash Files with SWFRETools Slide 43
Upcoming SlideShare
Hack with YUI
Next
Download to read offline and view in fullscreen.

1 Like

Share

Download to read offline

Sebastian Porst - Reverse-Engineering Flash Files with SWFRETools

Download to read offline

Related Books

Free with a 30 day trial from Scribd

See all

Sebastian Porst - Reverse-Engineering Flash Files with SWFRETools

  1. 1. Reverse-Engineering Flash Files with SWFRETools<br />Sebastian Porst (sp@porst.tv) – SOURCE Boston 2011<br />
  2. 2. About Me<br />2<br />
  3. 3. Current Work<br />3<br />
  4. 4. What this talk is about<br />Ship it!<br />4<br />
  5. 5. What this talk is not about<br />5<br />
  6. 6. Why is this relevant?<br />6<br />
  7. 7. SWF Files: An Overview<br />Header<br />Tag 1<br />Tag 2<br />Tag 3<br />Tag 4<br />…<br />Tag n<br />7<br />
  8. 8. SWF Files: Interesting Aspects<br />8<br />
  9. 9. Existing Tools<br />SWFTools<br />Flash Dump Decompiler<br />swfmill<br />Sothink SWF Decompiler<br />9<br />
  10. 10. Problems with existing tools<br />SWFTools<br />Flash Dump Decompiler<br />Crashes<br />Old<br />Limited<br />Wrong tool<br />swfmill<br />Sothink SWF Decompiler<br />10<br />
  11. 11. Introducing SWFRETools<br />11<br />
  12. 12. Goals<br />12<br />
  13. 13. Architecture<br />13<br />
  14. 14. Tool I: The Parser<br />14<br />
  15. 15. Parser Goals<br />15<br />
  16. 16. Workflow Intermezzo I<br />16<br />
  17. 17. Tool 2: Flash Dissector<br />17<br />
  18. 18. Flash Dissector Goals<br />18<br />
  19. 19. Flash Dissector Demo<br />19<br />
  20. 20. Weaknesses of Flash Dissector<br />20<br />
  21. 21. Flash Dissector Future<br />21<br />
  22. 22. Workflow Intermezzo II<br />22<br />
  23. 23. Static analysis vs Dynamic analysis<br />23<br />
  24. 24. Detour: Flash Player Debugger<br />24<br />
  25. 25. Detour: Flash Player Debugger<br />25<br />
  26. 26. Tool III: Tracer/Debugger<br />26<br />
  27. 27. Tracer Implementation<br />27<br />
  28. 28. Last week in China<br />28<br />
  29. 29. Last week in China<br />29<br />
  30. 30. Tracer Plans<br />30<br />
  31. 31. Workflow Intermezzo III<br />31<br />
  32. 32. Minimizing sample files<br />32<br />
  33. 33. Minimizing files without templates<br />33<br />
  34. 34. Do not forget RETURN<br />34<br />Function A<br />Function B<br />Crash here<br />
  35. 35. Tool IV: Minimizer<br />35<br />
  36. 36. Automated minimizing<br />36<br />
  37. 37. Minimizer Goals<br />37<br />
  38. 38. Off to GitHub we go!<br />Shipped!<br />https://github.com/sporst<br />38<br />
  39. 39. Call for participation<br />39<br />
  40. 40. Summary<br />40<br />
  41. 41. Thank you!<br />41<br />?<br />
  42. 42. Let me help …<br />42<br />
  43. 43. Image Credits<br />http://www.flickr.com/photos/markchadwick/4592186576/<br />43<br />
  • hiropooh

    May. 9, 2011

Views

Total views

175,111

On Slideshare

0

From embeds

0

Number of embeds

2,351

Actions

Downloads

82

Shares

0

Comments

0

Likes

1

×