Yesterday Mila posted a Doc file exploiting the recent flash bug (CVE-2012-0754). Having not looked at it yet, I thought this would be a good way to test the new SWF tools Adobe released last night. I downloaded the files from the Contagio site here and the new Adobe tool here.
I like the fact that the tool runs on Mac or Windows. When reversing SWFs I typically find myself on the command line trying to convert the file into some mangled ActionScript, so it’s nice to have a GUI to navigate the file. Aside from SWFREtools, I know of no other GUI to reverse SWF files. What I like best about this tool is that the engineers who built it are located in the same area as those who created/support Flash.
Using the Tool
Once you have loaded your SWF file, using the tool is simple. You are presented with statistics on the file at first glance which in this case shows the tag “DoABC2” which could end up being worthwhile.
Adobe has put together a nice tool and I really enjoy it. I am not certain how it will be for really digging into the actual vulnerability being exploited, but for a high-level overview with some technical details, this is great. I also find it useful that you can run and emulate the SWF files all within one place. I plan to add this to my arsenal and continue to use it.