Angry Birds: Breakfast (1, 2) + Friends (Flash) *.SWF

[LolHacksRule]

I want to view the SWF files of the games, but the scripts in it are obfuscated in a way I cannot understand... Anyone willing to deobfuscate them for me?

ABBreakfast SWF (both games use the same file): https://drive.google.com/open?id=1ZD2UA ... kreWLS8juJ

[aluigi]

The 2 samples no longer exist

[LolHacksRule]

I'll re-up today. UPDATE: Done. The game's are obfuscated with SecureSWF, Rovio left in this file for both games, it could help with deobfuscation...

[LolHacksRule]

Anything?

[sniper21]

LolHacksRule, decompress archive ABFriends SWF with http://aluigi.altervista.org/bms/cws2fws.bms

[LolHacksRule]

I can open it fine in JPEXS decompiler, just cannot read the names of and content relating to scripts obfuscated by SecureSWF v3.x.

[z4ruz]

https://github.com/ThisTestUser/FlashSuite

[LolHacksRule]

That tool is very dated, you sure it could help?

[z4ruz]

Here's the python script restoring 'Old' names. To be run near map.xml and scripts folder, extracted from JPEXS. It doesn't changes original files, but writes to new folder.
Tested on ABB.

Based on: 'New' numbers are character codes in decimal. For example: 51,33,86 <=> 3!V. JPEXS wraps it with § making it §3!V§. It's very smart, since several long names might contain smaller one, say $3!V0, and brute replacement would make it $name0, which is wrong. Marking start and end of name helps here.

Scripts of swf modified with FlashSuite (+WinRABCDAsm) differ from original. Having both scripts, one can compare and choose the better one.

The resulted Action Script 3 code might be inserted into any SWF with JPEXS: take some simple basis project as draft, add new class and fill with the code. JPEXS automatically creates packages and renames classes. In some cases you can even combine several scripts into one and paste it. If all dependencies are ok, JPEXS will automatically split it into several classes. But usually they rely on each other and have to be added staged, following dependency chain.
After saving code, it might obtain §§ instructions, even they not existed in input code - seems a bug, and you need to find a way to get rid of those instructions while keeping program functional.
You can as well use this code in IDE like FlashDevelop.
I would also liked to find AS3 interpreter and run code without compiling into file.

I didn't found entry point (class) in SWF, but liked to, as it gives potential to change code flow any way, like making it extract the files from pak. But still, SWF is spoiled and might be hard to work with, unlike extracted scripts. Don't know of a way to restore names in original swf, except manually recreating new one from extracted code (and assets).

Good luck and have fun!

[LolHacksRule]

Thank you so much for that, I already manually deobfuscated nearly every script (after reading on how SecureSWF's map table works, aside from third parties/adobe) including the name and content in my own time but there were a large portion of typos found. Scrapping that and using the script would probably be way better for accuracy. Unfortunately this can't be used with other AB Flash titles as they don't have a map file publicly distributed but being able to do so for Breakfast would help with messing with them or the engine of AB Flash Player 11 titles as a whole. I'm also not near my PC right now so I myself can't test it. I will probably notify people in my Discord about this script.

UPDATE: There were errors, luckily there are very little but here are currently the following that failed to be deobfuscated by the script:

§]!"§ = _location
§&O§ = isHexDigit
§"7§ = mResponseLogin
§#!4§ = ServerCall
§&`§ = mResponseRegister

UPDATE2: There's a few files that were titled and incorrectly deobfuscate:

static: StateTemplate
class: ?
final: ?

UPDATE3 (MEGALATE): A large portion of values from Box2D don't have their symbols recovered, there's also some functions with a GetGravity string after the obfuscated string.