CyberShadow’s blog

RABCDAsm (Robust ABC (ActionScript Bytecode) [Dis-]Assembler) is a collection of utilities including an ActionScript 3 assembler/disassembler, and a few tools to manipulate SWF files.

This package was created due to lack of similar software out there.
Particularly, I needed an utility which would allow me to edit ActionScript 3 bytecode (used in Flash 9 and newer) with the following properties:

• Speed. Less waiting means more productivity. rabcasm can assemble large projects (>200000 LOC) in under a second on modern machines.
• Comfortably-editable output. Each class is decompiled to its own file, with files arranged in subdirectories representing the package hierarchy. Class files are #included from the main file.
• Most importantly – robustness! If the Adobe AVM can load and run the file, then it must be editable – no matter if the file is obfuscated or otherwise mutilated to prevent reverse-engineering. RABCDAsm achieves this by using a textual representation closer to the ABC file format, rather than to what an ActionScript compiler would generate.

Read more on the project’s homepage on GitHub.

I’ve moved all my cheat-related stuff to a new website, leethax.net. Stuff that isn’t meant for mass public consumption (that is, my little experiments) got a separate section – the lab.

Considering how popular the Bejeweled Blitz cheats were, I might add more content to the site from time to time.

I probably should have known better when I started down this path with “cracking” PopCap’s latest version of Bejeweled Blitz. This has taken way more of my time than I had initially planned. On the other hand, now I know how to use Adobe Flash Builder, Adobe Flex SDK, XML schemas and JAXB and brushed up on my Java as well.

My previous versions of the cheat consisted of a Mozilla Firefox extension which redirected requests for the game SWF (and data.xml, a configuration file) to my server. The server (configured as a HTTP proxy) sent back an older version of the game SWF, which still had some debugging code left in which allowed you to edit the game board using hotkeys. PopCap has once changed the MD5 salt used to calculate validation checksums (after removing the debugging code), but I got away with it once by uncompressing (gzip) the SWF file, hex-editing the salt, and compressing it back. However, the latest build of the game was obfuscated, so no such tricks would pass this time.

In retrospect (as I wrote on the cheat page), I could have used simpler techniques such as memory editing and replay attacks, but all these could eventually be “patched up”. It would probably even have been simpler if I had written a bot (or just updated the old one) – there really isn’t much to do against screen-scraping bots, other than heuristics and changing the UI every once in a while. Still, I have written an ActionScript 3 deobfuscator.
(continue reading…)

Bejeweled Blitz was updated recently, breaking score updates for the Firefox extension. The on-server files have been updated accordingly – clear your cache if your scores aren’t saving.

A TAS extension for Cryptic Sea’s demo/preview of No Quarter, plus a TAS video created using that.

Discussion thread on TASvideos.org forums.

You can follow my progress of solving Kwirk in this thread at the TASvideos.org forums.