If you are looking for the decompiler itself, visit https://github.com/jindrapetrik/jpexs-decompiler
NEW : We have got a new blog where we post some interesting SWF internals info.
List of issues#50 AS1/2 function body deobfuscation bug
Author: 
pepka
pepkaDate created:
Type: bug
Visibility: Everybody
Assigned to:
State: closed 
<b>What steps will reproduce the problem?</b>
Decompile an obfuscated file that contains AS1/2 (most typical for secureSWF).
<b>What is the expected output? What do you see instead?</b>
In some cases (most typical for branches - if, switch) the source code is skewed. Or even
an error arise (Try DoInitAction 35 in the attached file).
The inspection has shown that there is a problem while deobfuscating functions with a lot
of dead code. An internal addressing of the function could exceed the address of the next
(after the function) instruction.
Action Push register1 "_tf" is at 2104
Action GetMember is at 2111
Action Push "embedFonts" is at 2112
Action GetMember is at 2117
Action Return is at 2118
Action Push "embedFonts" 3 register2 "addProperty" is at 2119
Action CallMethod is at 2133
Action Pop is at 2134 <<< last instruction of the function's body
Action SetMember is at 2091 <<< next address after function
Action Push 1 null "mx" is at 2092
Action GetVariable is at 2103
Action Push "styles" is at 2104
Action GetMember is at 2109
Action Push "CSSTextStyles" is at 2110
Action GetMember is at 2115
Action Push "prototype" is at 2116
Action GetMember is at 2121
Action Push 3 "ASSetPropFlags" is at 2122
Action CallFunction is at 2132
Action Pop is at 2133
Action Push is at 2134
This often leads to wrong reference definition:
GetMember
Return
}
Push "embedFonts" 3 register2 "addProperty"
loc0855:CallMethod <<< wrong location, which is actually taken as it
occurs first
Pop
}
SetMember
Push 1 null "mx"
GetVariable
Push "styles"
GetMember
Push "CSSTextStyles"
GetMember
Push "prototype"
GetMember
Push 3 "ASSetPropFlags"
CallFunction
loc0855:Pop <<< right location
Nop
<b>What version of the product are you using? On what operating system?</b>
1.4.1u1
Windows 7 64-bit
<b>Could you provide the SWF file you have problem with?</b>
<b>If the answer is yes, then please attach it here or send me it via email.</b>
<b>Could you at least attach PCode source?</b>
<b>Do you have the original source code which produced the wrong</b>
<b>decompilation? If yes, then please attach it.</b>
<b>Please provide any additional information below.</b>
What steps will reproduce the problem?
Decompile an obfuscated file that contains AS1/2 (most typical for secureSWF).
What is the expected output? What do you see instead?
In some cases (most typical for branches - if, switch) the source code is skewed. Or even
an error arise (Try DoInitAction 35 in the attached file).
The inspection has shown that there is a problem while deobfuscating functions with a lot
of dead code. An internal addressing of the function could exceed the address of the next
(after the function) instruction.
Action Push register1 "_tf" is at 2104
Action GetMember is at 2111
Action Push "embedFonts" is at 2112
Action GetMember is at 2117
Action Return is at 2118
Action Push "embedFonts" 3 register2 "addProperty" is at 2119
Action CallMethod is at 2133
Action Pop is at 2134 <<< last instruction of the function's body
Action SetMember is at 2091 <<< next address after function
Action Push 1 null "mx" is at 2092
Action GetVariable is at 2103
Action Push "styles" is at 2104
Action GetMember is at 2109
Action Push "CSSTextStyles" is at 2110
Action GetMember is at 2115
Action Push "prototype" is at 2116
Action GetMember is at 2121
Action Push 3 "ASSetPropFlags" is at 2122
Action CallFunction is at 2132
Action Pop is at 2133
Action Push is at 2134
This often leads to wrong reference definition:
GetMember
Return
}
Push "embedFonts" 3 register2 "addProperty"
loc0855:CallMethod <<< wrong location, which is actually taken as it occurs
first
Pop
}
SetMember
Push 1 null "mx"
GetVariable
Push "styles"
GetMember
Push "CSSTextStyles"
GetMember
Push "prototype"
GetMember
Push 3 "ASSetPropFlags"
CallFunction
loc0855:Pop <<< right location
Nop
What version of the product are you using? On what operating system?
1.4.1u1
Windows 7 64-bit
external_call_secureSWF_standard.swf (56 KiB)State: →new
Title: AS1/2 function body deobfuscation bug→AS1/2 function body deobfuscation bug
Type: →bug
Visibility: →Everybody
Title: AS1/2 function body deobfuscation bug→AS1/2 function body deobfuscation bug
Type: →bug
Visibility: →Everybody
State: new→opened
Hi, I have moved this issue to new Issue Tracker.
You should have received email info about registering there(with specific link) and
gaining access to this issue. If you have not received any email, please check your SPAM
inbox or write to my email.
Hi, try new version 1.4.3, it should work. Let me know.
State: opened→upgraded
Thanks! Now its fixed.
State: upgraded→closed