Author Topic: [Help] Bypassing Flash Sitelock to obtain .swf source code for usable functions (Read 3089 times)

Racerboy · February 22, 2015, 09:31:09 PM

Original Reddit Thread: http://www.reddit.com/r/hacking/comments/2ts52d/bypassing_sitelock_in_a_flash_game
Game: Haxball.com

Quote

I'm to make a third party hostbot for a game called haxball (look it up it's fun) but I've ran into a couple problems.
I tried decompiling the source code using a swf file decompiler, but it seems the app uses a preloader to load the final code. The first swf runs and loads the second using means that I haven't seen before. I'm not very experienced in programming with actionscript so I have no idea what the app is doing to load the second swf and how to intercept it so I can decode the source.
My ultimate goal is to be able to spoof functions like sending chat to the other clients connected so I could, for example, change my username at the press of a button.
Here's some of the source files for the first .swfs: http://pastebin.com/8jFFaF5U http://pastebin.com/PsaZgdck http://pastebin.com/LraKxckb
If someone could help me with the interception of the second .swf that would help greatly.

The .swf we are trying to decompile is here: http://haxball.com/haxball13.swf

The creator of this thread is Aide33 on the forums here. We are working on the project currently together. Help?

Ad Bot · Advertisement

Katla · February 22, 2015, 09:43:33 PM

Uh, could you explain why you can't use the solutions the people in the Reddit thread suggested?

Ayxrion · February 22, 2015, 10:22:31 PM

omgg haxball
that game was amazinggg

portify · February 23, 2015, 03:31:30 AM

It looks like you don't have all there is to the Main_bytes class. It's loading some binary data embedded in the code and doing primitive XOR-based decryption with a constant key of 4294967295 to obtain the address to load the rest from. As stated in the thread, you really should just intercept Flash's network traffic when it loads that.

Racerboy · February 25, 2015, 05:46:08 PM

Quote from: Katla on February 22, 2015, 09:43:33 PM

Uh, could you explain why you can't use the solutions the people in the Reddit thread suggested?

Well I don't know if Aide33 has tried them yet, I have like minimal contact with him currently...

We need some help with this if anyone is willing to actually do it. Even if you get us past this part.

Racerboy · February 25, 2015, 09:05:10 PM

portify · February 26, 2015, 12:21:42 AM

Again, your best bet is most likely some kind of HTTP traffic sniffer.

Racerboy · February 26, 2015, 10:39:06 AM

Quote from: portify on February 26, 2015, 12:21:42 AM

Again, your best bet is most likely some kind of HTTP traffic sniffer.

ok well I don't know how to do any of this lol, that's why I PM'd you and posted here that i literally don't know how to do any of this.

I was merely asking these questions for Aide33 in hopes that he would be able to do it but he's really busy nowadays and I'm just looking for someone else to perhaps step in.

You might even get paid.