[ Go back to normal view ]
BW2 :: the bitwise supplement :: http://www.bitwisemag.com/2
Flash Decompiler Trillix 4
Compiled ActionScript decompilation1 May 2010
by Huw Collingbourne
Flash Decompiler Trillix 4
SWF/FLA/ActionScript conversion tool
$79.95
Eltima Software: http://www.eltima.com/products/flashdecompiler/
Most .NET users are probably familiar with .NET Reflector, a tool that peers into compiled .NET assemblies and displays their contents as human-readable C# or Visual Basic code. Flash Decompiler Trillix 4 is a similar tool for Flash developers. It peers into compiled SWFs and displays their contents as ActionScript.
This may look like my original ActionScript source code but it isn’t. It is Flash Decompiler Trillix’s reconstruction of the source code based on the information in a compiled SWF file. Flash Decompiler Trillix lets you browse to a SWF using an integrated disk explorer then simply drag the file into a task pane to view its code ‘decompiled’. Typically this will show a tree-structure mimicking the original project structure with ‘folder’ nodes for the various packages and ‘file’ nodes for the individual classes. Here you can open each file node to view its contents or you can click a button to extract the code onto disk at which time the real files and folders will be created. In the case of a Flash project, a FLA file will also be created to let you load the decompiled code into the Flash IDE. In the case of a Flex project, no FLA is created but, instead, the original Flex directory structure and the project files required by Flex/Flash Builder are created.
If you haven’t taken measures to obfuscate your code, the results of decompilation are scary. The Flash Decompiler cannot recreate the source code perfectly - for example, local variable names are lost, comments (of course) are gone and MXML files are reconstructed as ActionScript. But, even so, in my tests it did a pretty good job of reconstructing code that was far too damn’ close for comfort to the original source. Class names, method names, class-level variable names, constant names and even the names of arguments passed to functions are all retained.
The original code structures - the ‘for’ loops, ‘if’ tests and so on - may not exactly match those in the original code, but the overall logic is preserved and it wouldn’t take a halfway competent programmer very long to see exactly what the code is up to.
In a complex project it is highly likely that you would need to rewrite certain parts of the decompiled code before it could be compiled again. For example, in some decompiled Flex projects which I tested out there were various errors such as ‘illegal assignment to a variable specified as a constant’ and a couple of incorrect class references. But, really, nothing huge - nothing that a bit of judicious editing could not fix.
Flash Decompiler Trillix has a pretty slick user interface with the an Office 2007-style tabbed toolbar which groups buttons by function: Manage, Extract, Convert, Edit and Search. The search tools can locate names in multiple classes and packages and it displays the results on the branches of a tree. Click a branch to navigate to the code.
The Decompiler provides various conversion and extraction options - for example to extract resources (jpg, mp3 and so on) - and to apply formatting to extracted code (e.g. by putting braces on new lines or on the same line).
By now, maybe some of you are wondering why anyone would legitimately want to decompile SWF code. Isn’t this sort of ‘reverse engineering’ of interest only to those people with dubious intent? The makers of the Flash Decompiler gives four examples of its use for legitimate purposes: “Restore your original FLA file from SWF in case you have lost it; Make changes to SWF file when you don’t have its source code (original FLA file); Modify protected SWF file“ and “Improve your designer’s skills by learning from others”.
But let’s be honest about this: a Flash decompiler would undoubtedly be of enormous value to anyone who wanted to examine or copy compiled ActionScript programs to which they have no legitimate right. Put more bluntly, it can help people to rip off your code. This isn’t the only decompilation tool that could be used malicious purposes. Even Hewlett-Packard’s free ‘SWF security checking’ program, SWFScan, could do that (this is a useful tool in its own right, by the way, though it does not do as complete a job of project reconstruction as Flash Decompiler Trillix).
This brings me to what I consider to be the main legitimate use of a decompiler. As a Flash or Flex developer, you need to take reasonable measures to protect your code. That means you should assume that other people may be using decompilers to poke around inside your SWFs. So it is up to you to make sure that they can’t see anything you don’t want them to see. The way to do that is 1) to protect your SWFs by scrambling their contents using an obfuscator and 2) using a decompiler to verify that the resulting SWF cannot be easily reconstructed. For this last task, Flash Decompiler Trillix is the perfect tool!
