After looking at the sample file provided I decided I wanted to look at a real flash application. Since I had Pandora running in the background I figured that it would be a perfect since I always wondered if I could extend the client or create my own. After a quick look at the page source I found the location of the SWF file.
<EMBED src="https://www.pandora.com:443/radio/tuner_9_1_0_0_pandora.swf"
quality=high
bgcolor=#FFFFFF
allowscriptaccess=always...
Using wget I downloaded the file and opened it up in IDA Pro. Unfortunately the SWF plug-in for IDA won't show any code because the file has been compressed and the plug-in does not know how to decompress the file. You can tell it's been compressed because the signature is CWS instead of FWS.
After a little googleing I found a ton of sites that offered me flash decompilers but I wasn't about to pay $80+ and the free options smelled of adware. After a little more searching I came across a blog post about Improving SWF Compression. In the post he describes how to compress SWF files and even provides an archive with tools and source. Since his intention was to use ZIP utilities to compress the SWF data he dumped the data out into a file, then zipped it and reinserted it into a compressed SWF file. Looking at his source it was easy to tweak it a little to extract the data from a compressed SWF file, decompress it, and recreate an uncompressed file that could be read by IDA's SWF plug-in.
The source code can be found here: SWFDecompress.java
Updated: Added the link to the SWF plug-in.
On a side not I also discovered that you can embed the Pandora player in your own webpages, Click Here to see (click again to hide).
No comments:
Post a Comment