Introducing Adobe SWF Investigator


Peleus Uhley
Created
5 March 2012
Today I am launching a beta of a tool on Adobe Labs called, Adobe SWF Investigator. This Adobe AIR-based application is a suite of tools that may be useful to SWF developers, quality engineers, and security researchers. The tool allows you to examine every aspect of SWF from both a static and dynamic analysis perspective. The tool is also being released as an open-source application on Open@Adobe so it can be extended or customized for your particular needs.
As a security researcher for the Flash runtime team, I have to look at SWF applications on many different levels. This application started as a way for me to experiment with the AIR runtime and view Local Shared Objects (LSOs). Over time, I continued adding new features to the tool as I encountered new challenges. While I didn't start out with the intention of releasing the tool publicly, it seems to have become useful enough now to merit sharing with a larger audience.
This tool is similar in concept to any multi-purpose tool. It is a collection of simple tools to allow you to quickly address common problems. SWF Investigator's disassembler isn't meant to replace all the features of a high-end, commercial decompiler. However, if you just need a quick overview of the SWF, then this tool has all the features necessary to give you the basic information and perform some quick tests.
Adobe SWF Investigator includes the capability to view the SWF tags, disassemble the ActionScript, and provide a binary view of the SWF. You can also view information related to SWFs such as LSOs and settings files. From a dynamic perspective, you can load files from the local file system into the security context of your domain and with the parameters of your choosing. You can then interact with the SWF as it is running. From a security perspective, the tool includes functionality to test for cross-site scripting vulnerabilities and perform simple fuzzing on AMF services. There are also a few supporting utilities such as a basic ActionScript 3.0 compiler and a simple web server.
Authoring the tool in ActionScript has several advantages. One advantage is that I can achieve more natural interactions with SWF content by using the Flash runtime engine than I would with a Java application. Another advantage is that, as an open-source ActionScript-based application, the tool will be easier for SWF developers to understand and extend. My hope is that developers will quickly want to build on the tool's foundation to meet their more advanced needs. One of the major goals for this project is to provide an easily extensible framework for SWF testing that could be easily modified to meet specific needs by the ActionScript developer community.
This tool is mostly targeted at developers with enough SWF application experience to understand the numerous ActionScript development technical references within the application. However, tool tips were included for many fields as well as a help guide. Having access to the source should also help in understanding any ambiguities. While the overall project is large, it is in essence just a collection of many small components. I will soon post videos that demo the application's functionality.
Since the tool is open-source, please feel free to contribute your ideas and feedback in the forums. You can find the binary on Adobe Labs and the source on the Open@Adobe web site. The source and binaries are provided as-is to the ActionScript development community, but we do welcome any feedback and suggestions you have.