Reversefree Flash Games

THE FLASH VS THE REVERSE FLASH Final Battle INJUSTICE 2For the Latest in Trailers & Gameplay go ahead and click that Subscribe button:). Reverse is a simple but challenging board game involving strategy and played by two players on a board with 8 rows and 8 columns and a set of distinct pieces for each side. The game revolves around the Flash and is a side-story that complements the main events during Justice League Heroes of the Playstation 2 and Xbox consoles. Destroy the robot invaders and the goons who try to attack you in this side-scrolling action-packed platformer video game. Kongregate has free games that you can play online. Choose from thousands of free flash games. Complete online game achievements to win badges.

  1. Reverse Free Flash Games Downloads
  2. Reverse Free Flash Games Online
  3. Reverse Free Flash Games To Play

Flash has always intimidated me. Websites usually use it to evade inspection(together with minified JS) or to make use of specific features (clipboard, memory, …).

Turns out, in practice Flash helps in reverse-engineering. This is because thereare few Flash obfuscators and people don’t think anyone is ever going to lookinside their SWFs, so they don’t use them. Sometimes I even find additionaldebug info, like the complete filename of each source file, line numbers, etc.

Flash is high-level assembly, like Java. You get function names, parameter names,class names, field names and the assembly is easy to understand once you’reaccostumed to it. That, plus the fact it runs in a sandboxed environment (justlike Java applets) makes it really easy to deal with.

There’s open-source, high quality software out there that allows for precisemanipulation of SWFs. But before we dive in, let’s talk briefly about the SWF.

Small Web Format

I don’t know much about the format, but every SWF consists of a header(indicating, among other things, Flash version and compression) and thena series of tags. A tag can contain other tags, text, controls, multimedia,vector paths, compiled ActionScript or arbitrary binary content, to name a few.

If you have never programmed in ActionScript, there’s an important thing tonote. In Flash, classes “reference” objects on the SWF if the name matchesand they extend the correct class.

Games

For example, if the SWF has a button named example.Submit and the ActionScriptdeclares a class named Submit on package example that extendsflash.display.Button, then adding event listeners on that class will add themonto the original button, and so on.

Similarly for binary tags, declaring a class named Payload that extendsflash.utils.BinaryArray allows ActionScript to access the binary content ofa binary tag with the same name, that could be a hidden resource or a compressedasset.

ActionScript ByteCode (ABC)

ActionScript source is compiled to bytecode, that is run by the ActionScriptVirtual Machine. I strongly recommend you to read anoverview of the AVMnow, to be able to understand the assembly better.

ActionScript bytecode is placed into a DoABC tag on the SWF. An SWF cancontain multiple DoABC tags. When such a tag is found, the player loads thebytecode, verifies it1 and runs it.

Setting up

We’re going to install the software that will allow us to see inside SWFs.

Reverse free flash games download

Basic things

We need a working D compiler. Better download it from the official site, since theAPT version often causes trouble. Then, install it:

Make sure flashplugin-installer is installed (not adobe-flashplugin):

Git, the JDK, and LZMA development files are also needed:

RABCDAsm

Reverse Free Flash Games Downloads

RABCDAsm contains utilities for:

  • Extracting ABC blocks from an SWF file (abcexport), and replacing them(abcreplace).
  • Disassembling the ABC blocks into a well structured assembly language(rabcdasm) and assembling them back (rabcasm).
  • Extracting binary tags from an SWF file (swfbinexport), and replacing them(swfbinreplace). We’ve said earlier that these tags can contain any data,and are often used to hide resources or whole SWFs.
  • Manual compression and decompression of an SWF file. All the other utilitiescan deal with compressed SWF —there’s no need to decompress them first—but these are provided for debugging and manual inspecting of SWFs.

The code also allows for programmatic parsing and manipulation of SWFs and theirtags, as well as deep parsing and manipulation of ActionScript blocks. Thedisassembler can be easily tuned to modify the formatting of the disassembly.

RABCDAsm is fast and resistent to any obfuscations applied to the bytecode.It’s typically used like this:

Which disassembles each block in the directories file-0, file-1, file-2,… After editing, to assemble the ABC and update the SWF:

redasm-abc

redasm-abc is a simple assistant to RABCDAsm. It aims to remove the tediousworkflow you just saw. To use redasm-abc, put the SWF in an empty directory,then just run:

And it will disassemble all the blocks at block-0, block-1, block-2, …When you have made changes and want to update the SWF, run again:

And it will reassemble the files that have changed. It will work from everywhereinside the directory of the SWF. It also creates a backup of the SWF, just incase.

redasm-abc is especially useful in SWFs with lots of blocks,and it doesn’t create intermediate files so it’s more comfortable to use.Sometimes though, RABCDAsm utilities need to be used directly.

Flash Player debugger

The Flash Player content debugger is essential if you’re going to modify yourSWF. You get a nice error box showing the error instead of the player stoppingabruptly.

To switch between the regular Flash player and the debugger, do:

And restart the web browser to use it. Edit: Chromium recently dropped support for NSAPI,so the flash debugger won’t work in it. Use another browser instead. If someone knows a way todebug with PepperFlash, please post a comment!

Visit about:plugins to verify that the correct plugin has loaded.

Vizzy

To install, download the ZIP for Linux and extract it.

Vizzy is a small tool to display the Flash Player logs. You just run the JARand it shows highlighted real-time logs, allowing you to filter by keywords.

This is handy when you want to get some values from the SWF at runtime.To see them in the logs, just trace() them:

SWFTools (optional)

They have some interesting utilities, namely:

  • swfdump parses the SWF and outputs a dump of its structure.You can see which tags, sprites, IDs, are there, and at which offsetthey’re found.
  • swfextract extracts specific assets from an SWF (images, streams or wholeframes). You need to lookup their IDs through swfdump first.
  • swfstrings extracts strings out of an SWF.

I won’t go into their usage, that’s out of the scope of this post.But the dump should be minimally intuitive to read, especially ifyou have worked with Flash before.

Intercepting proxy

Requests made by Flash aren’t usually logged on the Developer Tools console (even thoughthey’re cached by the browser) so you’ll often need a good MITM proxy to save SWF files,see what other SWFs are being loaded and serve the reassembled copy instead.

I’ve been using MITMProxy (which works with HTTPS out of the box, and with IPTables youcan do transparent proxying) together with a hand-written Node proxy server, but I findthat too low-level.

Fiddler also has an alpha build for Linux that looks promising, but it isn’t open-source.

Other software

There are some other open-source utilities for SWFs, but I don’t consider themto be of much use in reverse-engineering.The Ming library, swfmill,swfc (part of SWFTools), the Flex toolkit,JPEXS —that one might beuseful, but I haven’t tried it against obfuscated files—Flasm, MTASC.

Some tips

Put the SWF in his own directory and add the files to a Git repositoryjust after disassembling it:

Always run these commands when getting on an SWF, even if you’re only planningto read the assembly. You’ll thank me later.

Save this pageas a reference for the AVM instructions.Also, the syntax used in the disassembly is explained in the README.

Conclusion

Reverse Free Flash Games Online

While it’s a bit tedious to read the disassembly, these tools really give usa lot of control over the SWF, and the fact they’re open-source gives you theability to tune them or build on top of them (like I did with redasm-abc).

  1. “Verification” means the code is checked for overflows, invalid jumps or other illegal operations. At any point is the SWF checked for a signature from the publisher, which can be done in Java. ↩

Login to rate
Description: Reverse
Clickomania

Treasures of the Mystic Sea

Original Blast Billiards 2008

Icy Tower free online game - Very popular and fun, awesome online flash based game, try jump as high as posibl…

Jewel Mania Online - Swap adjecent tiles to align three or more of the same to remove the tiles from the field…

Ring Pass Not 2

Real Hospital

Reverse Free Flash Games To Play


Bubble Shooter

Fruit Crazy - Make a series of four or more fruits of the same kind, in a column or row, to remove them from t…

Clever Clover

Isoball
89

Guardian Rock
14

Dark Legion
29

Battleship War
11

Parking Space
101

When I Was Young
16

Voyager Breakout 2
49

Two Marbles
6

Treasure Caves 2
48

Ocean Princess Puzzle
47