03-23-2010 06:31 PM
I read the FAQ, it didn't help me. Can someone point us to a log file so that we can find out what needs to be done to get around this issue? Also we have the source in our hand, do we really need to decompile? Can't we just have the tool scan the source for vulnerabilities?
04-20-2010 07:19 PM
According to the off-line developer discussion...
<<Unfortunately, I don’t think I can provide you with a workaround for this issue. The error you are getting means that there is some tag format (most probably in the header) of the binary SWF file that SWFScan cannot understand. There is no real logging mechanism used by the tool. The only way to identify the issue is for us to run the tool in debug mode and see where during the decompilation process it is failing.
Also it cannot simply consume the ActionScript source code and audit it, since the tool generates a custom object model during the decompilation phase which is then used for detecting vulnerabilities.>>
-- Habeas Data