+ update 2020: WARNING - support of the decompiler is now VERY LIMITED. There are no active developers. This means we will NOT develop new features and/or fix most of bugs. We left the tracker running in case somebody from community would like to work on it. Sorry for the inconvenience.
State: upgraded new: Initial state. As long as issue is in this state, the work on the issue has not yet begun. opened: Opened state means developer started working on the issue. Feature/Fix will probably be in the next release. postponed: This means developer is not working on it now, for some reason it cannot be implemented now. Issue may be opened again in the future. upgraded: Issue is in upgraded state when developer made changes to the program and new version was released. closed: This means the user is satisfied with issue results and no more changes are needed. invalid: These issues cannot be solved. ignored: Developer decided to take no action on this issue. returned: Program changes were made but user is not satisfied and returned the issue.
> What steps will reproduce the problem?
Open the attach file with rename invalid identifiers turned on will cause the loading of
the file to fail with the exception attached the file can be loaded without this option
but code is unreadable as automatic deobfuscation has no effects on the code at all.
> What is the expected output? What do you see instead?
The invalid identifiers should be renamed instead an error is received. It would also be
nice if JPEXS was able to deobfuscate the swf.
> What version of the product are you using? Is it "nightly build"? Which operating system
do you have?
I am using the latest stable version 10.0.0 on Windows 8.1 but have have tested the
nightly version and the problem still exists.
> Please provide any additional information below. If the problem is related to a SWF
file, attach it here, otherwise we can't help you.
File was obfuscated with the Leawo obfuscater, I believe it was the latest version which
is 188.8.131.52 which was released in 2012.
Despite of me not working on the decompiler anymore, I looked quickly on the SWF file
and with a little manual work, the script can be transferred to more readable version.
Some tips for you:
- The P-code (on the right in the GUI) contains multiple ConstantPool instructions.
- Constantpool is list of all strings including variable of function names.
- For FFDec to correctly display ActionScript source in central panel, it must detect
correct Constantpool instruction.
- Standard compiled AS1/2 SWF contains usually only 1 Constantpool instruction per script,
this is easy
- Obfuscators insert various ConstantPool instructions (with often invalid identifier
names) and also some p-code on the beginning of the file, which selects the correct one
ConstantPool for the app.
- The code which selects ConstantPool cannot be executed by FFDec automatically(FFdec
tries a lot, but obfuscators are usually one step ahead) thus FFDec does not know which of
ConstantPools is correct, which leads to incorrect display of its constants in central
- You can help FFDec to identify correct ConstantPool in your file:
1) Uncheck checkbox "Automatic deobfuscation" and "Auto rename identifiers"
2) Uncheck checkbox "Simplify expressions"
3) Uncheck "Resolve constants" button above P-code section (this disables using
ConstantPool strings detection in P-code editor, making constantXX identifiers instead)
4) Find the correct ConstantPool instruction in the P-code (it is usually the one which
has easily readable strings) - in your SWF file it's on line 30
5) Identify P-code which calculates the correct ConstantPool instruction - it is in the
beginning of the file, in your file its everything before line 61.
6) Press "Edit P-code" on the bottom right.
7) Remove code from step 5 and replace it with the ConstantPool instruction from step 4
8) Press "Save" (P-code) on the bottom right
9) The AS code in central panel should now be pretty readable as FFDec detected the
ConstantPool correctly now.
- In your case, the code still contains few variables with § mark (invalid identifiers),
but it's visible what's going on there in the code.