FLARE – Flash Decompiler to Extract ActionScript


Flare processes an SWF and extracts all scripts from it. The output is written to a single text file. Only ActionScript is extracted, no text or images. Flare is freeware. Windows, Mac OS X and Linux versions are available.

The main purpose of decompiler is to help you recover your own lost source code. However, there are other uses, like finding out how a component works, or trying to understand poorly documented interface. Depending on where you live, some of them may be forbidden by law. It’s your responsibility to make sure you don’t break the law using Flare.

If you develop Flash applications for living, you probably know that your code is not secure in SWF. It’s not the existence of decompiler that makes your code insecure though, it’s design of SWF format. Although no ActionScipt is stored there, most of it can be recovered from bytecodes.

Most recent Flare version is 0.6.

Windows Explorer Shell Extension

Download flare06setup.exe. After installation right-click on any SWF file in Windows Explorer and choose Decompile from context menu. Flare will decompile somename.swf and store decomiled code in somename.flr in the same folder. somename.flr is a simple text file, you can open it with your favorite text editor. If Flare encounters problems during decompilation, it will display some warnings. If everything goes well, it will quit silently. That’s all, Flare has no other GUI. To unistall, execute Start>Programs>Flare>Uninstall.

Mac OS X Droplet


Get flare06.dmg. After mounting the disc image drop an SWF file onto the Flare icon in Finder. The decompiled ActionScript will be stored in SWF’s folder with FLR extension. Open it with your text editor. You can decompile multiple SWF files at once. The droplet is compiled on OS X 10.3. It should work on 10.2 and 10.4. There is no Flare for OS 9.

Command Line Versions

DOS/Windows binary: flare06doswin.zip
Mac OS X binary: flare06mac.tgz
Linux x86 binary: flare06linux.tgz
Linux x86 64-bit binary: flare06linux64.tgz
Solaris x86 binary: flare06solaris.tgz

There is no installation procedure for command line versions. Just create a folder named flare somewhere and unpack the archive there. To uninstall, delete the folder and you’re done.

Or read more here.

Posted in: Hacking Tools, Secure Coding, Web Hacking

, ,


Latest Posts:


zBang - Privileged Account Threat Detection Tool zBang – Privileged Account Threat Detection Tool
zBang is a risk assessment tool for Privileged Account Threat Detection on a scanned network, organizations & red teams can use it to identify attack vectors
Memhunter - Automated Memory Resident Malware Detection Memhunter – Automated Memory Resident Malware Detection
Memhunter is an Automated Memory Resident Malware Detection tool for the hunting of memory resident malware at scale, improving threat hunter analysis process.
Sandcastle - AWS S3 Bucket Enumeration Tool Sandcastle – AWS S3 Bucket Enumeration Tool
Sandcastle is an Amazon AWS S3 Bucket Enumeration Tool, formerly known as bucketCrawler. The script takes a target's name as the stem argument (e.g. shopify).
Astra - API Automated Security Testing For REST Astra – API Automated Security Testing For REST
Astra is a Python-based tool for API Automated Security Testing, REST API penetration testing is complex due to continuous changes in existing APIs.
Judas DNS - Nameserver DNS Poisoning Attack Tool Judas DNS – Nameserver DNS Poisoning Attack Tool
Judas DNS is a Nameserver DNS Poisoning Attack Tool which functions as a DNS proxy server built to be deployed in place of a taken over nameserver to perform targeted exploitation.
dsniff Download - Tools for Network Auditing & Password Sniffing dsniff Download – Tools for Network Auditing & Password Sniffing
Dsniff download is a collection of tools for network auditing & penetration testing. Dsniff, filesnarf, mailsnarf, msgsnarf, URLsnarf, and WebSpy passively monitor a network


6 Responses to FLARE – Flash Decompiler to Extract ActionScript

  1. Jose Luis May 5, 2008 at 4:54 pm #

    I love flare, tried and really good tool to learn.

    Thanks

  2. foo May 8, 2008 at 7:12 am #

    Great, the more decompilers there are the more we have to encrypt our code to save our sourcecodes from being stolen. You suck man.

  3. bar May 17, 2008 at 9:30 pm #

    Write better code and it wont be a problem foo

  4. Tiago Albineli Motta June 4, 2008 at 1:50 pm #

    It doesn’t work for AS3

  5. john June 26, 2008 at 6:36 am #

    @Foo

    Stop whining, noone wants your shit code anyways.
    Build your apps better, don’t blame others for your shit.

  6. thejart August 7, 2008 at 2:07 pm #

    dammit, i need solaris sparc. it works great on my linux box, tho! any chance you’ll release the source code? or have you and i’m just missing it?