SWF file analysis
ShockWave Flash files can also contain code. Basically, flash files are legitimately written to follow a sequence of tasks. But just like any other code, it can be abused to carry out malicious activities.
The SWF file we are going to analyze can be downloaded from https://github.com/PacktPublishing/Mastering-Reverse-Engineering/blob/master/ch13/demo01.swf.
The main tool used for analyzing SWF at the time of writing this book is the JPEXS SWF decompiler. Besides this let's first talk about other existing tools that are able to parse SWF files. These tools are as follows:
- SWFTools
- FLASM
- Flare
- XXXSWF
SWFTools
SWFTools is a collection of tools for reading and building SWF files. It can be downloaded from http://www.swftools.org/. To successfully install SWFTools, it should be run as administrator. The tools are used at the command line. There are two tools here that can extract information about the SWF file: swfdump
and swfextract
. Here's what swfdump
gives us:
The result tells...