Some questions i have while trying to learn to aob
they are kinda noobish, so dont expect much
Troubadour´s dog

So i was searching for some tutorial to learn how to make AOB hacks, and i stumbled on this post http://konghack.com/view_topic.php?tid=72999 , and after seeing the video i think i got the hang of it.
Tthe problem is that in the games where i got kinda confident enough to download the swf file and try it, they were encrypted (or i think so, the names of the variables were things just like "xly" ), and another problem i got is that sometimes when i download the swf file, it doesnt have nothing releavant it, just the animations, shapes and sprites and just that no functions.
So the few questions are:
-Is there a tool to decrypt it? i found one in the forum, for most of the swf it says that a problem ocurred while trying to recover it, and it the swf that it worked, it does  nothing at all.
-And would there be a way to be sure if i downloaded the correct swf (or better said looking at the correct sources)?; ironically enough, i tried it with the tutorial game (gemcraft labyrinth), and some others, where the swf files where just 1 or 2 (i downloaded them all just to check them) they had my 2nd problem, that inside of them i couldnt seem to find any functions, just the sprites, shapes and the like.

My sothink decompiler is 3.6 just in case is relevant.

Thanks for your attention and consideration.

P.S: is off topic, but i cant seem to find the spoiler button (or can it be do the old way?)

The Laziest Man on KongHack

Well before you do anything, upgrade sothink decompiler to 7.0 or 7.4

now you should be able to open the swf like its a folder with the + and - sign next to it. usually the "functions" are in the actions area. sprites very rarely have the functions inside them, but ive only ever seen 1 case like that. most of the times the actions are quite clear what they do. if you see anything with .com or kontagent, thats unrelated. its all debugging or kongregate api stuff and you dont need that. as i said the stuff youre looking for is in the action area. look around inside there.

to answer your questions, we usually dont decrypt swf's. sometimes they are obfuscated, and theres a few programs that can de-obfuscate. but decryption isnt very popular here. unless someone makes a tutorial, youre on your own for that one.

a sure-fire way to make sure youre downloading the correct swf is by using charles. its a pain in the ass, but it works. you load up charles and the game page, start recording, refresh the page until its loaded, stop recording, search charles (ctrl+f) for ".swf" and youll find the file. there might be a shell, or a preloader. you dont want those. if the game doesnt have a shell/preloader, you can easily get the swf by getting adblockplus on your browser, and acting like youre gonna block it. it tells you the swf that its going to block (the one you wanna download) so you can copy it and paste it into your url, and save the page as whatever.swf


ps. there is a spoiler i think, but i have no idea where it is lol. [tags] no longer work since its all html




( ͡° ͜ʖ ͡°)

SWFdecrypt is only good for removing a few lines of codes (or what ever it does) so that we can view encrypted swfs that would otherwise cause SoThink to crash. You'd know you got the right swf if the game loads when you open SoThink, there's the center box where it should load the game where you also view the codes. But normally you can just see if it's right based on the action script files and what's inside (SoThink 5.something).
 




Flash .sol locations
Chrome: \AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\
Normal: \AppData\Roaming\Macromedia\Flash Player\#SharedObjects

Never let a computer tell me shit.

 

thenewcomer Posted on: 07/30/2013 12:34am

to answer your questions, we usually dont decrypt swf's. sometimes they are obfuscated, and theres a few programs that can de-obfuscate. but decryption is very popular here. unless someone makes a tutorial, youre on your own for that one.


I have no fucking clue what tnc is trying to say. So I will offer you some advice that is hopefully more coherent.


When the names of the variables [are] things just like "xly" there are two things you might be looking at.
Thing 1 is amayeta's as2 encryption. you will know it immediately by the \X02 nonsense. To remove this encryption is very simple. You must use a program called UnSWFEncryptUNP  you can download it over here in this thread. http://konghack.com/view_topic.php?t=7918

Thing 2 is called obfuscation. this is just a lazy ass way to keep lazy ass people from reading code by changing variable names to just random letters. basically you will either have to rename them 1 by 1 as you find out what they do, or simply adapt your brain to know that "_kxuf#3" means "health"


For finding the right swf I always use the swf dumper tool I wrote. I dump all the likely suspects and then open them 1 by 1 until I find the one I'm after.

spoilers can be be found in templates button




I use this AoB tool to make all the AoBs I post. Try the online version if you dont feel like downloading it.
"Obviously, windows are central to Windows. They are so important that they named the operating system after them. But what is a window?"

protected !

you can try: JPEX Free Flash Decompiler.

I never used Sothink since discovering JPEX. The search engine is slower, but it never crashed so far.
Also i like the ability to view the as3 soure code and equivalent byte code in one window (unlike Sothink u have to start two instances)

For finding the right SWFs use Colonel's SWF Dumper. Dump them all to disk and open them. When using Sothink the game won't load if it's the wrong SWF.


According Name obuscation:
 

full article here: An Introduction to SWF Obfuscation

Name obfuscation is simple. Take the names of every class, variable and function and change it to some randomly generated junk.

For example, if you had a class named "player", it might be renamed to "d+.{8]R0%9r". This makes it difficult to easily identify what classes/functions/properties do what. Name obfuscation is impossible to reverse.

The best you can do is change it to something like class1, class2, class3... function1, function2, function3... ect. Or alternatively, you can reverse engineer the classes and manually re-name them as you figure out what they do, but that is incredibly time consuming,  impossible to automate and you still won't end up "reversing" the obfuscation as such, just giving useful labels to the obfuscated classes.

Troubadour´s dog

Ok, first of all thanks for  your answers.
Apparently sothink version was one of my drawback problems (since i tried the same game and now the action folder was shown). I havent used the decrypt tool (since the swf file i tried wasnt obfuscated)
But while learning, there where new question that arised, and i would really apreciate if you could answser to them too:
https://konghack.com/games/game_view.php?game_id=11187089
I made 2 aob for it, that kinda changed the process (instead of drecreasing, it adds)

Using this 2 post for reference:
https://konghack.com/view_topic.php?t=58 (to help my self to see how the process are labeled, you know, the kind of "if happens do this" )
http://konghack.com/view_topic.php?tid=3245311 (for the opcodes)



Well the quiestions are: Is there a way to know which process  can be NOP without causing problems?, at the moment for what i have been seeing and trying, one can only NOP the functions that does things like searching, calling or conditions (doing it with things that does arithmetical operations, values or variable settings can make the game crash).
Or you just need to fail and keep trying?

And for what i read of the definition of "obfuscation" it feels that you are just guessing and hoping that is correct.

Again thanks, for your helpful answers, attention and consideration.





 

The Laziest Man on KongHack
kolonelkadat Posted on: 07/30/2013 2:57am
I have no fucking clue what tnc is trying to say. So I will offer you some advice that is hopefully more coherent.


err, decryption bro. its not popular here. you know, when theres a nice string in the abcfile that you reverse and then run the rest of the swf through that reversed string to get the original code. its a ridiculously tedious process, and in the end doesnt help anything.