Simple AS3 Decompiler Using Tamarin
From FlashSec
Note: With Flex 4 there is a more convenient possibility to decompile Flash 9 files, called swfdump (see Disassembling a SWF with swfdump for more information and get the Open Source Flex SDK from the repository to build it from source).
[edit] How to build Tamarin
- Obtain Mercurial, the SCM used by Mozilla Foundation
- Getting the Tamarin source (hg clone http://hg.mozilla.org/tamarin-central tamarin-central)
-
If you are running an OS != Win32: change shell/DataIO.h (line 124 - 131) according to the endianess of your system if necessary. - Build Tamarin (http://developer.mozilla.org/en/docs/Tamarin_Build_Documentation#Building_Tamarin)
MacOS X:
cd tamarin-central/core xcodebuild -project platform/mac/shell/shell.xcodeproj
- Download and install the Adobe Flex 2 SDK (http://www.adobe.com/products/flex/downloads/)
- The ActionScript compiler is found in lib/asc.jar. Copy lib/asc.jar from the Flex SDK installation directory to tamarin-central/utils/
- Use asc.jar to compile the Tamarin intrinsics into builtin.abc:
cd tamarin-central/core java -ea -DAS3 -Xmx200m -DAVMPLUS \ -classpath ../utils/asc.jar macromedia.asc.embedding.ScriptCompiler \ -d -builtin -out builtin builtin.as Math.as Error.as RegExp.as Date.as XML.as
Note: Under MacOS X avmplus is under platform/mac/shell/build/Release/shell. For convenience reasons you can copy shell to utils/avmplus. You can now use asc.jar and builtin.abc to compile applications. Use the -help options of asc.jar and avmplus for more details.
Here's an example for testing your installation. Take a simple AS3 file "hello.as":
package { print ( "Hello World!" ); }
Now compile this as file using java -jar asc.jar hello.as
java -jar asc.jar hello.as hello.abc, 85 bytes written
Now run avmplus with hello.abc:
avmplus hello.abc
Hello World!
Et voilĂ ! Now it's possible to build a AS3 Bytecode Decompiler.
[edit] How to build an AS3 decompiler
java -jar utils/asc.jar core/builtin.as java -jar utils/asc.jar shell/ByteArray.as java -jar utils/asc.jar -exe avmplus -import core/builtin.abc -import shell/ByteArray.abc utils/abcdump.as
Note: If there is trouble compiling ByteArray.as with an error such as "Error #1017: The definition of base class Object was not found." add the following line to core/builtin.as: include "../shell/ByteArray.as". The import option for shell/ByteArray is not necessary after adding this line.
Now the simple decompiler is ready to use:
utils/abcdump.exe path/to/as3.swf
[edit] References
- Tamarin Docs: http://developer.mozilla.org/en/docs/Tamarin
- TamarinBuild Documentation: http://developer.mozilla.org/en/docs/Tamarin_Build_Documentation
- AS3 Decompiler: http://www.5etdemi.com/blog/archives/2007/01/as3-decompiler/
- avmplus 101: http://ecmascript.zwetan.com/2007/04/avmplus-101.html
- Tamarin Gotchas: http://ecmascript.zwetan.com/2007/05/tamarin-gotchas.html
- Precompiled Windows binary: http://nsdevaraj.wordpress.com/2008/01/30/flash-9-decompiler-with-source/ (download via registration only)
