understading the flash/flex shared objects and hashing technique

Question

I was trying to observe how some of the top browser game makers are implementing the asset management and also study their animation techniques. So I was trying to crack my browsers cache and share-object paths to peep into the assets.

What I have noticed is that all the files are hashed or encrypted with unreadable names and all of them have .sol extension example somethingbigandunredable.png.sol or somethinglesebigandhugestring.swf.sol and so on.

I thought they are just suffixed with .sol and just removed the .sol and tried to open the png but its neither showing the previw nor opening in the browser. Same with the swf file.

So I was wondering if there is any way to peep into their assets. I am aware of swf decompiler tool (currently using) which can extract only the unecrypted swfs.

Can ony one help?

Answer 1

You could use this one: http://blog.coursevector.com/minerva (you need the free AIR runtime installed, http://get.adobe.com/it/air/). Anyway, this is to read data inside .sol file (that is, you don't get any SWF or PNG or other asset).

To extract resources or get the code you need extractors or decompilers (useful in your case when swf are not protected).

Consider the fact that assets could be loaded at runtime (not directly embedded in the main swf): check https://addons.mozilla.org/en-US/firefox/addon/httpfox/, http://kevinlangdon.com/serviceCapture/ (or http://www.charlesproxy.com/) and http://www.o-minds.com/products/flashfirebug.