All geek questions in one place

Strange Method in DoACC ActionScript Tag

when testing my own implementation of the DoABC tag parser (Actiontec byteecode), I came across a SWF file that had something strange in it. There is a method with a bytecode that makes little sense (even opcodes that are not defined!).

I found some more swf files that have such a method. Oddly enough, this method always has the same length and is always determined last, but the bytecode varies from file to file. However, it seems that the swf file is in no way dependent on this method, since it works fine. I realized that perhaps this method is not being called, but I cannot verify this at the moment.

Does anyone have an idea what the purpose of this method is? For reference, one such file is located here: http://swf.tubechop.com/tubechop.swf

+3
source share
2 answers

This swf has some very strange things, I'm sure it was confusing. For example, this appears at the beginning of each method:

#1    pushbyte  byteValue: 37
#2    pushbyte  byteValue: 34
#3    ifne  reference: #6

What is decompiled in

if(37 != 34)

Regarding the method you found, it looks like it is just complete jibberish. There are no references to it, so the verifier will never even look at the code. Definitely a good technique to stop decomposition.

I checked this with my own application: http://swfwire.com/inspector

+3
source

Trillix "Out of memory" swf ActionScript. , (, ) .

+1

Source: https://habr.com/ru/post/1793867/

More articles:


All Articles