Flare
Jump to navigation
Jump to search
Description
Flare processes an SWF and extracts all scripts from it. The output is written to a single text file. Only ActionScript is extracted, no text or images.
Flare is freeware and supports Windows, Mac OS X and Linux.
Installation
$ mkdir /data/tools/flare/ $ cd /data/tools/flare/ $ wget http://www.nowrap.de/download/flare06linux.tgz $ tar xzvf flare06linux.tgz
Usage
Usage: flare filename.swf
Example
Simply run flare with the SWF file to analyze, as follows:
$ flare zoxdgeysjn6.swf
The above command creates a *.flr file:
$ cat zoxdgeysjn6.flr
movie 'zoxdgeysjn6.swf' {
// flash 6, total frames: 136, frame rate: 12 fps, 1x1 px, compressed
// unknown tag 88 length 78
frame 15 {
getURL('http://moyapodruzhka.com/?wmid=44&sid=44', );
}
}
Limitation
The biggest limitation with flare is that it only supports old versions of ActionScript (lower than ActionScript 3).
Our example is about a Flash file that is using ActionScript 3 (refer to this table)
$ file clipboard-poc.swf clipboard-poc.swf: Macromedia Flash data (compressed), version 9
As you can see, flare is not able to help us because of this limitation (ActionScript 3 not supported):
$ flare clipboard-poc.swf
$ cat clipboard-poc.flr
movie 'clipboard-poc.swf' {
// flash 9, total frames: 1, frame rate: 12 fps, 550x400 px, compressed
// unknown tag 86 length 11
// unknown tag 82 length 515
// unknown tag 76 length 26
}