On Mon, 1 Nov 2010 10:11:06 -0700 Matthias Kramm <kr...@quiss.org> wrote:
> On Mon, Nov 1, 2010 at 3:38 AM, Chris <list_s...@mavdns.net> wrote: > > On Sun, 31 Oct 2010 19:19:51 -0700 > > Matthias Kramm <kr...@quiss.org> wrote: > > >> I'd actually be interested on how this happened... > > > > ..do you mean as in what the obfuscation code actually did to the swf? > > Obfuscation only changes a bytecode program from one legitimate form > to another, also legitimate, albeit less readable, form. I wasn't arguing the case of it not being legitimate code, which of course it has to be, unless the flash plug-in architecture allows for some way to hook in extra executable code - as in an on-the-fly decryption routine. Not being that familiar with the way the plug-in works, I don't know whether such a thing is possible or not. ( This takes me back to decoding and reconfiguring the old tape based loading routines from games written for many of the home computers of the 80's! ) > As the code in question is still valid, swfdump should be able to disassemble > it, not segfault. Which does mean that Amayeta, along with several other programs of a similar ilk that purport to encrypt, are, to put it mildly, overzealously described! > Besides, segfaults are always bad, as they are potential security holes. Indeed. I shall have to test the latest git version and see what happens! The original question still hangs though. Is it possible to hook into the Flash player plug-in? Chris