Decompile Flash files with HP SwfScan
Pay a visit to HP’s download pages and for the most part you know exactly what you’re going to get: drivers, manuals and all the usual installation software you’d expect from the company’s wide range of products.
Look a little closer, though, and you’ll also find one or two more generally interesting freebies. And so HP’s Web Security Application Group, for instance, has produced a tool called SwfScan, which can both decompile SWF applets and analyze them for security vulnerabilities.
The program is reasonably easy to use. Give it a URL or the path of a local file, click “Get” and in a moment you’ll be able to browse the applet’s code. A search tool (with regular expression support) helps you locate the details you need, and there’s also an option to export the source as a text file if you’d like to examine it elsewhere.
SwfScan is also able to scan the code for a few security issues: just click “Analyze” and check the Vulnerabilities list to see what turns up. The program only performs a basic analysis, so an empty vulnerability list doesn’t mean you’re safe -- there could be many other issues that it’s missed -- but it’s better than not checking your code at all.
And SwfScan also makes it easy to find URLs within the applet, and export them for checking later.
This is all fairly basic. There’s no option to extract or view applet resources, for instance; you don’t get an applet player; and the executable was last updated back in March 2009. Still, the decompiler is compact and reliable, and the vulnerability scanner is a useful extra touch, so if you don’t currently have a Flash decompiler at all then SwfScan could be worth a quick look.