JPEXS Free Flash Decompiler Issue Tracker

If you are looking for the decompiler itself, visit

List of issuesList of issues

#1197 Detect obfuscated files and show a warning to try deobfuscator
Author: user raghu16
Date created:
Type: feature
Visibility: Everybody
Assigned to:
Labels: Deobfuscation
State: closed Help

> What steps will reproduce the problem? I was trying to read as2 file. > What is the expected output? What do you see instead? Instead of displaying proper decrypted code its showing encrypted code with some symbols > What version of the product are you using? Is it "nightly build"? Which operating system do you have? V8.0.1 > Please provide any additional information below. If the problem is related to a SWF file, attach it here, otherwise we can't help you. When I read the same file with ver 1.7.1 its working perfectly with almost all latest builds its not working. Earlier I had raised same issue thru mail to Jindra & Honfika. I am attaching the encrypted as2 file.
Hi, You should enable Settings->Automatic deobfuscation. Since 2.x onwards, it is not enabled by default. Some people keep using 1.7.1 because of this, but there is really no reason to use the old version. Just enable this switch and it works like before. Do you have any ideas how we can let know users about this? People still don't get it. I'd like to prevent such questions like this. On Download->Archive page on this site, there is info about this. Can we do somehow more? Maybe in FAQ section? Please if you can give us any advice, we will appreciate it.
State: new→upgraded
Title: AS2 decryption failed→Using 1.7.x AS2 decryption failed
Type: bug→question
Ooops I didn't even checked that, big sorry for that. When ever any user opens as1/as2 encrypted file the application should check whether the file is encrypted or not. If encrypted then it should check whether "automatic deobfuscation" checked or not. If not a pop message would be better.
The problem is that "check whether the file is encrypted or not" is not so easy. We can set a limit when the number decompilation errors reaches this limit, we assume that it is encrypted. Or when most of the variable names are invalid. But sometimes there are invalid identifier in non obfuscated variables. (they are readable, for example I saw like "something$anyting", i don't know what does it mean) Sometimes the obfuscation is very weak, and the code like: if (1 + 100 = 101) { //do something } How do you know that it is an obfuscation or not? So telling "check whether the file is encrypted or not" is easy, but implementing it with 100% sure is not so easy. Don't you think that we already thought about this?
I think the easiest and fast way which covers most of the better obfuscated scripts is to count the "§§" strings in the decompiled text. And show a message when it is more than 10:) I'd prefer an information bar above the script, like the yellow bar when you select a binary data tag which contains swf.
Yea, when clicked on that bar it enables deobfuscation
honfika: Great idea. I thought also about "Deobfuscation" switch right on the top of ActionScript code panel. An icon on ActionScript panel toolbar, like that one for adding trait in AS3. So users can easily try to view script with and without deobfuscation enabled. It could also has some buttons regarding other configuration options (use lineinfo, use debug register names,...) so user can try to press buttons until he find something that looks okay to him. I don't know wheter to switch it globally or only on that one AS or SWF (or figure out some UI selection of global/AS/SWF)
State: upgraded→new
Title: Using 1.7.x AS2 decryption failed→Detect obfuscated files and show a warning to try deobfuscator
Type: question→feature
In nightly 2338, there is button for deobfuscation on the toolbar and second for deobfuscation options.
State: new→closed