• Stars
    star
    148
  • Rank 249,983 (Top 5 %)
  • Language
    C++
  • Created over 10 years ago
  • Updated over 10 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Dynamic instrumentation tool for Adobe Flash Player built on Intel Pin

Sulo

Sulo is a dynamic instrumentation tool for Adobe Flash Player. It is built on Pin.

Supported Flash versions

The following Flash Player builds are supported:

  • 10.3.181.23 standalone debug
  • 10.3.181.23 standalone non-debug
  • 10.3.181.23 ActiveX
  • 11.1.102.62 standadlone non-debug
  • 11.1.102.62 ActiveX

You can add support for another Flash Player build by specifying some RVAs and offsets in FlashPlayerConfigBuilder.cpp.

Limitations

Sulo supports ActionScript3 method calls only - AVM1 is not (yet) supported.

Building

The easiest way to build Sulo is to use the sulo_vs2010.sln solution file with Visual Studio 2010.

  1. Download Intel Pin kit for Visual Studio 2010
  2. Extract the ZIP
  3. Clone Sulo to pin-2.13-65163-msvc10-windows\source\tools\Sulo
  4. Open sulo_vs2010.sln and build the solution

Plugins

Sulo comes with three plugins:

  1. Call tracer - logs all ActionScript method calls, including arguments and return values
  2. Flash dumper - dumps Flash objects loaded with Loader.loadBytes() to disk
  3. SecureSWF - logs decrypted strings from secureSWF-protected files

Creating your own plugin is easy: just inherit your class from ISuloPlugin, implement the virtual methods, and add the object to m_plugins in SuloPluginManager::init().

Instrumenting Flash Player with Sulo

pin.exe -t source\tools\sulo\Debug\sulo.dll -- "C:\path\to\Adobe\Flash\Player.exe"

Command-line options

Option Default Plugin Explanation
fast false General Enables faster analysis by disabling call trace logging
early_tracing false Call tracer Start logging ActionScript method calls as early as possible (already before any calls from the actual Flash)
tracefile "calltrace.txt" Call tracer Filename for storing the call trace
flash_dump_prefix "dumped" Flash dumper Filename prefix for dumped Flash objects
secureswf "" SecureSWF Name of the string secureSWF decryption method

License

Apache License, Version 2.0

More Repositories

1

see

Sandboxed Execution Environment
Python
805
star
2

mittn

Mittn: Security test tool runner for test automation in CI
Python
193
star
3

mqtt_fuzz

A simple fuzzer for the MQTT protocol
Python
73
star
4

elevation-of-privacy

Privacy Cards for Software Developers
48
star
5

reflash

ActionScript3 dynamic instrumentation tool
D
36
star
6

pytest-voluptuous

A pytest plugin for asserting data against voluptuous schema
Python
29
star
7

flaky-tests-detection

Python
22
star
8

headless-scanner-driver

A Burp Suite extension that starts scanning on requests it sees, and dumps results on standard output
Python
20
star
9

Synounlocker

Tool for decrypting files encrypted by the SynoLocker ransomware
Python
14
star
10

murphy

Python
14
star
11

resource-api

A framework that allows developers declaratively define resources and relationships between them
Python
10
star
12

sysvkit

A toolkit for running systemd-centric services on sysvinit systems
C
8
star
13

gdpr-subject-rights-api

An OpenAPI specification for fulfilling data subject requests under the GDPR
8
star
14

failures-analysis

Groupping automatically similar failures in the CI/CD pipeline
Python
7
star
15

pytest-rts

Coverage-based regression test selection (RTS) plugin for pytest
Python
7
star
16

distci

Python
5
star
17

fstrace

trace logging library
C
4
star
18

dvmps

Dynamic Virtual Machine Provisioning Service
Python
4
star
19

unixkit

unix-specific utility functions
C
3
star
20

atlant-api

F-Secure Atlant API Examples
Python
3
star
21

flaky-test-ci

Python
3
star
22

fsdyn

collection of elementary data structures
C
2
star
23

pglookout

2
star
24

async

event loop on top of epoll and kqueue with stackable streams
C
2
star
25

pyvsphere

Python
2
star
26

change-analyzer

Python
1
star
27

encjson

JSON encoding and decoding library
C
1
star
28

asynctls

client-side and server-side TLS async streams on top of openssl and macOS Secure Transport
C
1
star