You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

610 lines
22 KiB

  1. from __future__ import unicode_literals
  2. import collections
  3. import io
  4. import struct
  5. import zlib
  6. from .utils import (
  7. compat_str,
  8. ExtractorError,
  9. )
  10. def _extract_tags(file_contents):
  11. if file_contents[1:3] != b'WS':
  12. raise ExtractorError(
  13. 'Not an SWF file; header is %r' % file_contents[:3])
  14. if file_contents[:1] == b'C':
  15. content = zlib.decompress(file_contents[8:])
  16. else:
  17. raise NotImplementedError(
  18. 'Unsupported compression format %r' %
  19. file_contents[:1])
  20. # Determine number of bits in framesize rectangle
  21. framesize_nbits = struct.unpack('!B', content[:1])[0] >> 3
  22. framesize_len = (5 + 4 * framesize_nbits + 7) // 8
  23. pos = framesize_len + 2 + 2
  24. while pos < len(content):
  25. header16 = struct.unpack('<H', content[pos:pos + 2])[0]
  26. pos += 2
  27. tag_code = header16 >> 6
  28. tag_len = header16 & 0x3f
  29. if tag_len == 0x3f:
  30. tag_len = struct.unpack('<I', content[pos:pos + 4])[0]
  31. pos += 4
  32. assert pos + tag_len <= len(content), \
  33. ('Tag %d ends at %d+%d - that\'s longer than the file (%d)'
  34. % (tag_code, pos, tag_len, len(content)))
  35. yield (tag_code, content[pos:pos + tag_len])
  36. pos += tag_len
  37. class _AVMClass_Object(object):
  38. def __init__(self, avm_class):
  39. self.avm_class = avm_class
  40. def __repr__(self):
  41. return '%s#%x' % (self.avm_class.name, id(self))
  42. class _ScopeDict(dict):
  43. def __init__(self, avm_class):
  44. super(_ScopeDict, self).__init__()
  45. self.avm_class = avm_class
  46. def __repr__(self):
  47. return '%s__Scope(%s)' % (
  48. self.avm_class.name,
  49. super(_ScopeDict, self).__repr__())
  50. class _AVMClass(object):
  51. def __init__(self, name_idx, name):
  52. self.name_idx = name_idx
  53. self.name = name
  54. self.method_names = {}
  55. self.method_idxs = {}
  56. self.methods = {}
  57. self.method_pyfunctions = {}
  58. self.variables = _ScopeDict(self)
  59. def make_object(self):
  60. return _AVMClass_Object(self)
  61. def __repr__(self):
  62. return '_AVMClass(%s)' % (self.name)
  63. def register_methods(self, methods):
  64. self.method_names.update(methods.items())
  65. self.method_idxs.update(dict(
  66. (idx, name)
  67. for name, idx in methods.items()))
  68. class _Multiname(object):
  69. def __init__(self, kind):
  70. self.kind = kind
  71. def __repr__(self):
  72. return '[MULTINAME kind: 0x%x]' % self.kind
  73. def _read_int(reader):
  74. res = 0
  75. shift = 0
  76. for _ in range(5):
  77. buf = reader.read(1)
  78. assert len(buf) == 1
  79. b = struct.unpack('<B', buf)[0]
  80. res = res | ((b & 0x7f) << shift)
  81. if b & 0x80 == 0:
  82. break
  83. shift += 7
  84. return res
  85. def _u30(reader):
  86. res = _read_int(reader)
  87. assert res & 0xf0000000 == 0
  88. return res
  89. u32 = _read_int
  90. def _s32(reader):
  91. v = _read_int(reader)
  92. if v & 0x80000000 != 0:
  93. v = - ((v ^ 0xffffffff) + 1)
  94. return v
  95. def _s24(reader):
  96. bs = reader.read(3)
  97. assert len(bs) == 3
  98. last_byte = b'\xff' if (ord(bs[2:3]) >= 0x80) else b'\x00'
  99. return struct.unpack('<i', bs + last_byte)[0]
  100. def _read_string(reader):
  101. slen = _u30(reader)
  102. resb = reader.read(slen)
  103. assert len(resb) == slen
  104. return resb.decode('utf-8')
  105. def _read_bytes(count, reader):
  106. assert count >= 0
  107. resb = reader.read(count)
  108. assert len(resb) == count
  109. return resb
  110. def _read_byte(reader):
  111. resb = _read_bytes(1, reader=reader)
  112. res = struct.unpack('<B', resb)[0]
  113. return res
  114. class SWFInterpreter(object):
  115. def __init__(self, file_contents):
  116. code_tag = next(tag
  117. for tag_code, tag in _extract_tags(file_contents)
  118. if tag_code == 82)
  119. p = code_tag.index(b'\0', 4) + 1
  120. code_reader = io.BytesIO(code_tag[p:])
  121. # Parse ABC (AVM2 ByteCode)
  122. # Define a couple convenience methods
  123. u30 = lambda *args: _u30(*args, reader=code_reader)
  124. s32 = lambda *args: _s32(*args, reader=code_reader)
  125. u32 = lambda *args: _u32(*args, reader=code_reader)
  126. read_bytes = lambda *args: _read_bytes(*args, reader=code_reader)
  127. read_byte = lambda *args: _read_byte(*args, reader=code_reader)
  128. # minor_version + major_version
  129. read_bytes(2 + 2)
  130. # Constant pool
  131. int_count = u30()
  132. for _c in range(1, int_count):
  133. s32()
  134. uint_count = u30()
  135. for _c in range(1, uint_count):
  136. u32()
  137. double_count = u30()
  138. read_bytes(max(0, (double_count - 1)) * 8)
  139. string_count = u30()
  140. self.constant_strings = ['']
  141. for _c in range(1, string_count):
  142. s = _read_string(code_reader)
  143. self.constant_strings.append(s)
  144. namespace_count = u30()
  145. for _c in range(1, namespace_count):
  146. read_bytes(1) # kind
  147. u30() # name
  148. ns_set_count = u30()
  149. for _c in range(1, ns_set_count):
  150. count = u30()
  151. for _c2 in range(count):
  152. u30()
  153. multiname_count = u30()
  154. MULTINAME_SIZES = {
  155. 0x07: 2, # QName
  156. 0x0d: 2, # QNameA
  157. 0x0f: 1, # RTQName
  158. 0x10: 1, # RTQNameA
  159. 0x11: 0, # RTQNameL
  160. 0x12: 0, # RTQNameLA
  161. 0x09: 2, # Multiname
  162. 0x0e: 2, # MultinameA
  163. 0x1b: 1, # MultinameL
  164. 0x1c: 1, # MultinameLA
  165. }
  166. self.multinames = ['']
  167. for _c in range(1, multiname_count):
  168. kind = u30()
  169. assert kind in MULTINAME_SIZES, 'Invalid multiname kind %r' % kind
  170. if kind == 0x07:
  171. u30() # namespace_idx
  172. name_idx = u30()
  173. self.multinames.append(self.constant_strings[name_idx])
  174. else:
  175. self.multinames.append(_Multiname(kind))
  176. for _c2 in range(MULTINAME_SIZES[kind]):
  177. u30()
  178. # Methods
  179. method_count = u30()
  180. MethodInfo = collections.namedtuple(
  181. 'MethodInfo',
  182. ['NEED_ARGUMENTS', 'NEED_REST'])
  183. method_infos = []
  184. for method_id in range(method_count):
  185. param_count = u30()
  186. u30() # return type
  187. for _ in range(param_count):
  188. u30() # param type
  189. u30() # name index (always 0 for youtube)
  190. flags = read_byte()
  191. if flags & 0x08 != 0:
  192. # Options present
  193. option_count = u30()
  194. for c in range(option_count):
  195. u30() # val
  196. read_bytes(1) # kind
  197. if flags & 0x80 != 0:
  198. # Param names present
  199. for _ in range(param_count):
  200. u30() # param name
  201. mi = MethodInfo(flags & 0x01 != 0, flags & 0x04 != 0)
  202. method_infos.append(mi)
  203. # Metadata
  204. metadata_count = u30()
  205. for _c in range(metadata_count):
  206. u30() # name
  207. item_count = u30()
  208. for _c2 in range(item_count):
  209. u30() # key
  210. u30() # value
  211. def parse_traits_info():
  212. trait_name_idx = u30()
  213. kind_full = read_byte()
  214. kind = kind_full & 0x0f
  215. attrs = kind_full >> 4
  216. methods = {}
  217. if kind in [0x00, 0x06]: # Slot or Const
  218. u30() # Slot id
  219. u30() # type_name_idx
  220. vindex = u30()
  221. if vindex != 0:
  222. read_byte() # vkind
  223. elif kind in [0x01, 0x02, 0x03]: # Method / Getter / Setter
  224. u30() # disp_id
  225. method_idx = u30()
  226. methods[self.multinames[trait_name_idx]] = method_idx
  227. elif kind == 0x04: # Class
  228. u30() # slot_id
  229. u30() # classi
  230. elif kind == 0x05: # Function
  231. u30() # slot_id
  232. function_idx = u30()
  233. methods[function_idx] = self.multinames[trait_name_idx]
  234. else:
  235. raise ExtractorError('Unsupported trait kind %d' % kind)
  236. if attrs & 0x4 != 0: # Metadata present
  237. metadata_count = u30()
  238. for _c3 in range(metadata_count):
  239. u30() # metadata index
  240. return methods
  241. # Classes
  242. class_count = u30()
  243. classes = []
  244. for class_id in range(class_count):
  245. name_idx = u30()
  246. cname = self.multinames[name_idx]
  247. avm_class = _AVMClass(name_idx, cname)
  248. classes.append(avm_class)
  249. u30() # super_name idx
  250. flags = read_byte()
  251. if flags & 0x08 != 0: # Protected namespace is present
  252. u30() # protected_ns_idx
  253. intrf_count = u30()
  254. for _c2 in range(intrf_count):
  255. u30()
  256. u30() # iinit
  257. trait_count = u30()
  258. for _c2 in range(trait_count):
  259. trait_methods = parse_traits_info()
  260. avm_class.register_methods(trait_methods)
  261. assert len(classes) == class_count
  262. self._classes_by_name = dict((c.name, c) for c in classes)
  263. for avm_class in classes:
  264. u30() # cinit
  265. trait_count = u30()
  266. for _c2 in range(trait_count):
  267. trait_methods = parse_traits_info()
  268. avm_class.register_methods(trait_methods)
  269. # Scripts
  270. script_count = u30()
  271. for _c in range(script_count):
  272. u30() # init
  273. trait_count = u30()
  274. for _c2 in range(trait_count):
  275. parse_traits_info()
  276. # Method bodies
  277. method_body_count = u30()
  278. Method = collections.namedtuple('Method', ['code', 'local_count'])
  279. for _c in range(method_body_count):
  280. method_idx = u30()
  281. u30() # max_stack
  282. local_count = u30()
  283. u30() # init_scope_depth
  284. u30() # max_scope_depth
  285. code_length = u30()
  286. code = read_bytes(code_length)
  287. for avm_class in classes:
  288. if method_idx in avm_class.method_idxs:
  289. m = Method(code, local_count)
  290. avm_class.methods[avm_class.method_idxs[method_idx]] = m
  291. exception_count = u30()
  292. for _c2 in range(exception_count):
  293. u30() # from
  294. u30() # to
  295. u30() # target
  296. u30() # exc_type
  297. u30() # var_name
  298. trait_count = u30()
  299. for _c2 in range(trait_count):
  300. parse_traits_info()
  301. assert p + code_reader.tell() == len(code_tag)
  302. def extract_class(self, class_name):
  303. try:
  304. return self._classes_by_name[class_name]
  305. except KeyError:
  306. raise ExtractorError('Class %r not found' % class_name)
  307. def extract_function(self, avm_class, func_name):
  308. if func_name in avm_class.method_pyfunctions:
  309. return avm_class.method_pyfunctions[func_name]
  310. if func_name in self._classes_by_name:
  311. return self._classes_by_name[func_name].make_object()
  312. if func_name not in avm_class.methods:
  313. raise ExtractorError('Cannot find function %s.%s' % (
  314. avm_class.name, func_name))
  315. m = avm_class.methods[func_name]
  316. def resfunc(args):
  317. # Helper functions
  318. coder = io.BytesIO(m.code)
  319. s24 = lambda: _s24(coder)
  320. u30 = lambda: _u30(coder)
  321. registers = [avm_class.variables] + list(args) + [None] * m.local_count
  322. stack = []
  323. scopes = collections.deque([
  324. self._classes_by_name, avm_class.variables])
  325. while True:
  326. opcode = _read_byte(coder)
  327. if opcode == 17: # iftrue
  328. offset = s24()
  329. value = stack.pop()
  330. if value:
  331. coder.seek(coder.tell() + offset)
  332. elif opcode == 18: # iffalse
  333. offset = s24()
  334. value = stack.pop()
  335. if not value:
  336. coder.seek(coder.tell() + offset)
  337. elif opcode == 36: # pushbyte
  338. v = _read_byte(coder)
  339. stack.append(v)
  340. elif opcode == 42: # dup
  341. value = stack[-1]
  342. stack.append(value)
  343. elif opcode == 44: # pushstring
  344. idx = u30()
  345. stack.append(self.constant_strings[idx])
  346. elif opcode == 48: # pushscope
  347. new_scope = stack.pop()
  348. scopes.append(new_scope)
  349. elif opcode == 66: # construct
  350. arg_count = u30()
  351. args = list(reversed(
  352. [stack.pop() for _ in range(arg_count)]))
  353. obj = stack.pop()
  354. res = obj.avm_class.make_object()
  355. stack.append(res)
  356. elif opcode == 70: # callproperty
  357. index = u30()
  358. mname = self.multinames[index]
  359. arg_count = u30()
  360. args = list(reversed(
  361. [stack.pop() for _ in range(arg_count)]))
  362. obj = stack.pop()
  363. if isinstance(obj, _AVMClass_Object):
  364. func = self.extract_function(obj.avm_class, mname)
  365. res = func(args)
  366. stack.append(res)
  367. continue
  368. elif isinstance(obj, _ScopeDict):
  369. if mname in obj.avm_class.method_names:
  370. func = self.extract_function(obj.avm_class, mname)
  371. res = func(args)
  372. else:
  373. res = obj[mname]
  374. stack.append(res)
  375. continue
  376. elif isinstance(obj, compat_str):
  377. if mname == 'split':
  378. assert len(args) == 1
  379. assert isinstance(args[0], compat_str)
  380. if args[0] == '':
  381. res = list(obj)
  382. else:
  383. res = obj.split(args[0])
  384. stack.append(res)
  385. continue
  386. elif isinstance(obj, list):
  387. if mname == 'slice':
  388. assert len(args) == 1
  389. assert isinstance(args[0], int)
  390. res = obj[args[0]:]
  391. stack.append(res)
  392. continue
  393. elif mname == 'join':
  394. assert len(args) == 1
  395. assert isinstance(args[0], compat_str)
  396. res = args[0].join(obj)
  397. stack.append(res)
  398. continue
  399. raise NotImplementedError(
  400. 'Unsupported property %r on %r'
  401. % (mname, obj))
  402. elif opcode == 72: # returnvalue
  403. res = stack.pop()
  404. return res
  405. elif opcode == 74: # constructproperty
  406. index = u30()
  407. arg_count = u30()
  408. args = list(reversed(
  409. [stack.pop() for _ in range(arg_count)]))
  410. obj = stack.pop()
  411. mname = self.multinames[index]
  412. assert isinstance(obj, _AVMClass)
  413. construct_method = self.extract_function(
  414. obj, mname)
  415. # We do not actually call the constructor for now;
  416. # we just pretend it does nothing
  417. stack.append(obj.make_object())
  418. elif opcode == 79: # callpropvoid
  419. index = u30()
  420. mname = self.multinames[index]
  421. arg_count = u30()
  422. args = list(reversed(
  423. [stack.pop() for _ in range(arg_count)]))
  424. obj = stack.pop()
  425. if mname == 'reverse':
  426. assert isinstance(obj, list)
  427. obj.reverse()
  428. else:
  429. raise NotImplementedError(
  430. 'Unsupported (void) property %r on %r'
  431. % (mname, obj))
  432. elif opcode == 86: # newarray
  433. arg_count = u30()
  434. arr = []
  435. for i in range(arg_count):
  436. arr.append(stack.pop())
  437. arr = arr[::-1]
  438. stack.append(arr)
  439. elif opcode == 93: # findpropstrict
  440. index = u30()
  441. mname = self.multinames[index]
  442. for s in reversed(scopes):
  443. if mname in s:
  444. res = s
  445. break
  446. else:
  447. res = scopes[0]
  448. stack.append(res[mname])
  449. elif opcode == 94: # findproperty
  450. index = u30()
  451. mname = self.multinames[index]
  452. for s in reversed(scopes):
  453. if mname in s:
  454. res = s
  455. break
  456. else:
  457. res = avm_class.variables
  458. stack.append(res)
  459. elif opcode == 96: # getlex
  460. index = u30()
  461. mname = self.multinames[index]
  462. for s in reversed(scopes):
  463. if mname in s:
  464. scope = s
  465. break
  466. else:
  467. scope = avm_class.variables
  468. # I cannot find where static variables are initialized
  469. # so let's just return None
  470. res = scope.get(mname)
  471. stack.append(res)
  472. elif opcode == 97: # setproperty
  473. index = u30()
  474. value = stack.pop()
  475. idx = self.multinames[index]
  476. if isinstance(idx, _Multiname):
  477. idx = stack.pop()
  478. obj = stack.pop()
  479. obj[idx] = value
  480. elif opcode == 98: # getlocal
  481. index = u30()
  482. stack.append(registers[index])
  483. elif opcode == 99: # setlocal
  484. index = u30()
  485. value = stack.pop()
  486. registers[index] = value
  487. elif opcode == 102: # getproperty
  488. index = u30()
  489. pname = self.multinames[index]
  490. if pname == 'length':
  491. obj = stack.pop()
  492. assert isinstance(obj, list)
  493. stack.append(len(obj))
  494. else: # Assume attribute access
  495. idx = stack.pop()
  496. assert isinstance(idx, int)
  497. obj = stack.pop()
  498. assert isinstance(obj, list)
  499. stack.append(obj[idx])
  500. elif opcode == 115: # convert_
  501. value = stack.pop()
  502. intvalue = int(value)
  503. stack.append(intvalue)
  504. elif opcode == 128: # coerce
  505. u30()
  506. elif opcode == 133: # coerce_s
  507. assert isinstance(stack[-1], (type(None), compat_str))
  508. elif opcode == 160: # add
  509. value2 = stack.pop()
  510. value1 = stack.pop()
  511. res = value1 + value2
  512. stack.append(res)
  513. elif opcode == 161: # subtract
  514. value2 = stack.pop()
  515. value1 = stack.pop()
  516. res = value1 - value2
  517. stack.append(res)
  518. elif opcode == 164: # modulo
  519. value2 = stack.pop()
  520. value1 = stack.pop()
  521. res = value1 % value2
  522. stack.append(res)
  523. elif opcode == 175: # greaterequals
  524. value2 = stack.pop()
  525. value1 = stack.pop()
  526. result = value1 >= value2
  527. stack.append(result)
  528. elif opcode == 208: # getlocal_0
  529. stack.append(registers[0])
  530. elif opcode == 209: # getlocal_1
  531. stack.append(registers[1])
  532. elif opcode == 210: # getlocal_2
  533. stack.append(registers[2])
  534. elif opcode == 211: # getlocal_3
  535. stack.append(registers[3])
  536. elif opcode == 212: # setlocal_0
  537. registers[0] = stack.pop()
  538. elif opcode == 213: # setlocal_1
  539. registers[1] = stack.pop()
  540. elif opcode == 214: # setlocal_2
  541. registers[2] = stack.pop()
  542. elif opcode == 215: # setlocal_3
  543. registers[3] = stack.pop()
  544. else:
  545. raise NotImplementedError(
  546. 'Unsupported opcode %d' % opcode)
  547. avm_class.method_pyfunctions[func_name] = resfunc
  548. return resfunc