The SWFRETools are a collection of tools built for vulnerability analysis of the Adobe Flash player and for malware analysis of malicious SWF files. The tools are partly written in Java and partly in Python and are licensed under the GPL 2.0 license.
The basic architecture of SQFRETools is as follows:
The list of tools are part of the SWFRETools:
- Flash Dissector: Flash Dissector is a GUI tool that allows you to inspect SWF files on a binary level. When you open a SWF file in Flash Dissector you have the ability to look through the structures defined in the SWF file in a hex editor and in a structure viewer. This makes it easy to understand what bytes of a SWF file hold what functionality.
- SWF Parser: SWF Parser is an open-source SWF file parser implemented in Java that you can build upon when you want to create your own Flash reverse engineering tools.
- Minimizer: The Minimizer program takes a SWF input that makes Flash Player crash and automatically removes the parts of the SWF file that are not related to the crash. This makes it easier to determine what the root cause of a crash is.
- FP Debugger: This Flash Player hooking script hooks important functionality in Flash Player at runtime and dumps information about what Flash Player is parsing and executing. This is very useful in situations where Flash Player trips up and static analysis are out of sync with what Flash Player is doing.
- StatsGenerator: Generate stats over SWF files.
Detailed information about using the above mentioned tools can be found in the “readme” files in the each of their directories. Application testing or code review businesses are in boom in the IT and Financial sectors. Tools such as SWFREtools help you as you try to analyze SWF file based exploits or even with stuff such as metadata from the extracted images.
This SWF file reverse engineering framework depends on the following lists of files and softwares:
- Java FileDrop
Download SWFREtools (swfretools_100.zip)
Last edited by firebits; 05-12-2011 at 01:59 PM.