SWF AS3 string replacing
AS3 constant string is be defined by Constant Pool that is at the head of the ABC binary.
so I think string replacing is easy, and I implemented it powered by PHP.
IO_SWF, IO_Bit is not used this time.
Program
- https://github.com/yoya/flashswf
- https://github.com/yoya/flashswf/blob/master/swfas3strreplace.php
- ^ Please use it with flashswf.php and as3abc.php in same directory.
Process
- SWF => SWFHeader(8byte) + SWFMovieHeader + SWFMovie
- If sig = CWS then zlib uncompress SWFMovie
- SWFMovie => TAG & TAG + ...
- TAG (DoABC) => TagHeader + flag(4byte) + name(string) + ABC
- ABC => version(4 byte) + intList + uintList + doubleList + stringList + etc.
- stringList => strlen(u30) + string(strlen byte) + strlen ...
- replace string!
- overwrite each length field by re-calculated value.
- contatinate all data.
u30 type
ABC primitive type u30 has little complex data structure.
- 0 ~ 2^7-1 => (1byte) 0XXXXXXX
- 2^7 ~ 2^(7+7)-1 => (2byte) 1XXXXXXX 0XXXXXXXX
- 2^(7+7) ~ 2^(7+7+7)-1 => (3byte) 1XXXXXXX 1XXXXXXX 0XXXXXXX
- ...
Usage
You can replace AS3 string by swfas3strreplace.phpyoya@sakura:~/git/flashswf$ php swfas3strreplace.phpThe list of the AS3 character string can be acquired by passing only SWF.
Usage: swfas3strreplace.php <swf> # listing
Usage: swfas3strreplace.php <swf> <from> <to> [<from2> <to2> [...]]
yoya@sakura:~/git/flashswf$ php swfas3strreplace.php topbg.swfSuitable character string (hmhm) to be listing is suitably rewritten.
string_count: 34
[0]: (null string)
[1]: madoka_fla
[2]: OP_1
[3]: flash.display
[4]: MovieClip
[5]: madoka_fla:OP_1
[6]:
[7]: mami
[8]: hmhm
[9]: anko
[10]: syk
<略>
yoya@sakura:~/git/flashswf$ php swfas3strreplace.php topbg.swf hmhm yoyayoya > output.swfResult
yoya@sakura:~/git/flashswf$ php swfas3strreplace.php output.swf | grep -C 1 yoya
[7]: mami
[8]: yoyayoya
[9]: anko
Reference
You can see strings of Constant Pool also wish swfmill.yoya@sakura:~/git/flashswf$ swfmill swf2xml topbg.swf | grep -A 42 "<DoABCDefine"
<DoABCDefine flags="1" name="">
<actions>
<Action3 minorVersion="16" majorVersion="46">
<constants>
<Constants>
<ints/>
<uints/>
<doubles/>
<strings>
<String2 value="madoka_fla"/>
<String2 value="OP_1"/>
<String2 value="flash.display"/>
<String2 value="MovieClip"/>
<String2 value="madoka_fla:OP_1"/>
<String2 value=""/>
< omit ...>
