However, I cant insert larger texts than originals in ssf archives.I have studied the ssf file structure and it seems something like this: CES is the header From 24 position there is the beginning offsets of each file in ssf archive, e.g: 18C1 - 9034 34D9 - 514F E118 - 1645 In next there is the size of each file, 9034 inverted and converted to decimal is the size of file beginning in the 18C1 offset.
I would can insert the files manually with the Hxd and update the offsets and size of every file. But the problem is the bigger number of files in the ssf archives, there is a archives with about 15,000 files inside, and to insert a single larger file is needed to recalculate the positions of all others files, an slow work and painful Someone can write for me a unpackerrepacker for this archive Here is a link with some samples of ssf files:. There are many ways of making static unpacking painful and very long. Sff Unpacker Packer Code Showing ItBut you cant reach a code showing it with a classic approach through the decompilers. I should mention youll not reach any resources (Bitmaps, Sounds, Fonts, etc) via decompilers if they will be there too, because target SWF is placed inside of SWF you have and usually it is encrypted. Usually all you can get with decompilers from a such SWF is a decryptorunpacker code (usually hardly obfuscated), and, probably, target encrypted SWF (if your decompiler is able to show you the DefineBinaryData tag) This kind of packing could be achieved with simple Flex Embed tag. As FP cant play packed SWF as is, it should be unpacked and decrypted into the memory before loading (as example, with Loader.loadBytes() ). More important, it will be in the memory all the time while its running to allow FP properly display end execute it. Sff Unpacker Packer Free And PaidDoesnt provide you a feeling youre a true cracker There are several tools for it available both free and paid. One of most advanced is a SWF Revealer, free tool for the ASV licence owners. It could bypass domain checks (which will prevent SWF to unpack and decrypt) in some cases and force SWF to load and decrypt target SWF. Also you may find some other tools for dumping on the web using google. If you never tried it, you definitely should try It could be useful to improve your skills with hex a bit and to provide you a feeling yourself a true cracker) For search you could use any Hex editor supporting RAM editingviewing. If youll try to search for packed SWF in the sample file I linked before, you should start from searching the FWS signature (uncompressed SWF) just search for the FWS string in the Flash Players (or Flash Player pluginbrowser with SWF running in it) process because FP decompresses SWF before executing if it was compressed. If youll search in a browser, be careful and close all other tabs with SWFs to decrease amount of the false positives. So if youre not sure, I recommend you to check all found entries. Well, what to do with found signature youll ask How to validate it, how to know, where is the end of the SWF Please, look at this screenshot: This is a signature for the one of the SWFs found in the FP memory (accidentally its a signature of the target packed SWF ) ) by looking for FWS string. So, what next Next you should check the length of the found SWF. Length is placed at the 4 bytes starting from 4 byte: How did I knew that Its simple, I just read the SWF File Format Specification (The SWF header section) Since its a hexadecimal number written in memory, you should know its bytes are written from right to left. So resulting number is: 00 00 04 DB in hexadecimal and 1243 in decimal. After making this with all suitable FWS entries youll, youll have target unpacked SWF file in one of the saved SWFs Now you should be able to decompile it as usual and look into its sources or resources. So you should double check if header has valid length and how it looks at all. Experienced in reversing people (like me:p) could say if header fake or not just looking on it and on several tens of bytes after the header. Sff Unpacker Packer License File BeforeAs example, packers loader could check current domain or some kind of the license file before unpacking SWF. In this case youll need to patch that checks (as example, with bytecode disassemblers like Yogda or RABCDasm) or provide needed files (probably with crypto keys for decrypting) to make SWF run and unpack in memory. Well, this kind of unpacking usually comes to help when you have no chance with unpacking your SWF dynamically (who knows why you cant run SWF) Static unpacking could be very difficult because of many possible safety precautions of the packer developer.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |