1000+ Free Flash Games Updates Archive Page 2 Page 3. Bookmark (CTRL-D) Andkon Arcade Obstacles Guide Reverse 2 Flash will stop working on January 12, 2021. Play Free Online Games at coolbuddy.com - flash games, play, free action games, arcade, strategy and online puzzle games.
Adventures of Guy
Apotheosis: Madness Combat 4
Madness Combat is back- better than before.
Blast your enemies out of the sky.
Raiden-style fast-paced sidescroller.
Heavy Metal Girl
Kill the robots with heavy metal blasts.
Claymation at its best- and funniest.
A timeless, innovative boardgame.
Blast your opponent away in many mazes.
Fast-paced action, powerups, and new enemies.
Can you survive on the streets of Russia?
This strategy game will test your tactics.
Thing Thing Final 2
Type Type Revolution
Dance Dance Revolution - on a keyboard!
A fun puzzle game featuring the warthog out of Halo. Use grenades to blast it into the banshees!
|Action||Arcade||Just for Fun||Racing|
Flash has always intimidated me. Websites usually use it to evade inspection(together with minified JS) or to make use of specific features (clipboard, memory, …).
Turns out, in practice Flash helps in reverse-engineering. This is because thereare few Flash obfuscators and people don’t think anyone is ever going to lookinside their SWFs, so they don’t use them. Sometimes I even find additionaldebug info, like the complete filename of each source file, line numbers, etc.
Flash is high-level assembly, like Java. You get function names, parameter names,class names, field names and the assembly is easy to understand once you’reaccostumed to it. That, plus the fact it runs in a sandboxed environment (justlike Java applets) makes it really easy to deal with.
There’s open-source, high quality software out there that allows for precisemanipulation of SWFs. But before we dive in, let’s talk briefly about the SWF.
Small Web Format
I don’t know much about the format, but every SWF consists of a header(indicating, among other things, Flash version and compression) and thena series of tags. A tag can contain other tags, text, controls, multimedia,vector paths, compiled ActionScript or arbitrary binary content, to name a few.
If you have never programmed in ActionScript, there’s an important thing tonote. In Flash, classes “reference” objects on the SWF if the name matchesand they extend the correct class.
For example, if the SWF has a button named
example.Submit and the ActionScriptdeclares a class named
Submit on package
example that extends
flash.display.Button, then adding event listeners on that class will add themonto the original button, and so on.
Similarly for binary tags, declaring a class named
Payload that extends
flash.utils.BinaryArray allows ActionScript to access the binary content ofa binary tag with the same name, that could be a hidden resource or a compressedasset.
ActionScript ByteCode (ABC)
ActionScript source is compiled to bytecode, that is run by the ActionScriptVirtual Machine. I strongly recommend you to read anoverview of the AVMnow, to be able to understand the assembly better.
ActionScript bytecode is placed into a
DoABC tag on the SWF. An SWF cancontain multiple
DoABC tags. When such a tag is found, the player loads thebytecode, verifies it1 and runs it.
We’re going to install the software that will allow us to see inside SWFs.
We need a working D compiler. Better download it from the official site, since theAPT version often causes trouble. Then, install it:
flashplugin-installer is installed (not
Git, the JDK, and LZMA development files are also needed:
RABCDAsm contains utilities for:
- Extracting ABC blocks from an SWF file (
abcexport), and replacing them(
- Disassembling the ABC blocks into a well structured assembly language(
rabcdasm) and assembling them back (
- Extracting binary tags from an SWF file (
swfbinexport), and replacing them(
swfbinreplace). We’ve said earlier that these tags can contain any data,and are often used to hide resources or whole SWFs.
- Manual compression and decompression of an SWF file. All the other utilitiescan deal with compressed SWF —there’s no need to decompress them first—but these are provided for debugging and manual inspecting of SWFs.
The code also allows for programmatic parsing and manipulation of SWFs and theirtags, as well as deep parsing and manipulation of ActionScript blocks. Thedisassembler can be easily tuned to modify the formatting of the disassembly.
RABCDAsm is fast and resistent to any obfuscations applied to the bytecode.It’s typically used like this:
Which disassembles each block in the directories
file-2,… After editing, to assemble the ABC and update the SWF:
redasm-abc is a simple assistant to RABCDAsm. It aims to remove the tediousworkflow you just saw. To use redasm-abc, put the SWF in an empty directory,then just run:
And it will disassemble all the blocks at
block-2, …When you have made changes and want to update the SWF, run again:
And it will reassemble the files that have changed. It will work from everywhereinside the directory of the SWF. It also creates a backup of the SWF, just incase.
redasm-abc is especially useful in SWFs with lots of blocks,and it doesn’t create intermediate files so it’s more comfortable to use.Sometimes though, RABCDAsm utilities need to be used directly.
Flash Player debugger
The Flash Player content debugger is essential if you’re going to modify yourSWF. You get a nice error box showing the error instead of the player stoppingabruptly.
To switch between the regular Flash player and the debugger, do:
And restart the web browser to use it. Edit: Chromium recently dropped support for NSAPI,so the flash debugger won’t work in it. Use another browser instead. If someone knows a way todebug with PepperFlash, please post a comment!
about:plugins to verify that the correct plugin has loaded.
To install, download the ZIP for Linux and extract it.
Vizzy is a small tool to display the Flash Player logs. You just run the JARand it shows highlighted real-time logs, allowing you to filter by keywords.
This is handy when you want to get some values from the SWF at runtime.To see them in the logs, just
They have some interesting utilities, namely:
swfdumpparses the SWF and outputs a dump of its structure.You can see which tags, sprites, IDs, are there, and at which offsetthey’re found.
swfextractextracts specific assets from an SWF (images, streams or wholeframes). You need to lookup their IDs through
swfstringsextracts strings out of an SWF.
I won’t go into their usage, that’s out of the scope of this post.But the dump should be minimally intuitive to read, especially ifyou have worked with Flash before.
Requests made by Flash aren’t usually logged on the Developer Tools console (even thoughthey’re cached by the browser) so you’ll often need a good MITM proxy to save SWF files,see what other SWFs are being loaded and serve the reassembled copy instead.
I’ve been using MITMProxy (which works with HTTPS out of the box, and with IPTables youcan do transparent proxying) together with a hand-written Node proxy server, but I findthat too low-level.
Fiddler also has an alpha build for Linux that looks promising, but it isn’t open-source.
There are some other open-source utilities for SWFs, but I don’t consider themto be of much use in reverse-engineering.The Ming library, swfmill,
swfc (part of SWFTools), the Flex toolkit,JPEXS —that one might beuseful, but I haven’t tried it against obfuscated files—Flasm, MTASC.
Reverse Free Flash Games To Play
Put the SWF in his own directory and add the files to a Git repositoryjust after disassembling it:
Always run these commands when getting on an SWF, even if you’re only planningto read the assembly. You’ll thank me later.
Save this pageas a reference for the AVM instructions.Also, the syntax used in the disassembly is explained in the README.
While it’s a bit tedious to read the disassembly, these tools really give usa lot of control over the SWF, and the fact they’re open-source gives you theability to tune them or build on top of them (like I did with redasm-abc).
Reverse Free Flash Games Download
“Verification” means the code is checked for overflows, invalid jumps or other illegal operations. At any point is the SWF checked for a signature from the publisher, which can be done in Java. ↩