Flash as2 reverse

[3t3r4n]

I decompiled a flash file and this was inside:

Code:

     var _local2 = new LoadVars();
     _local2.password = password;
     _local2.userID = userID;
     _local2.action = _root.action;
     _local2.price = _root.price;
     _local2.itemnum = _root.action_sourcenum;
     _local2.itemnum2 = _root.action_targetnum;
     _local2.expected_itemtype = _root.action_sourcetype;
     _local2.expected_itemtype2 = _root.action_targettype;
     _local2.expected_itemprice = _root.action_targetprice;
     _local2.renameto = _root.new_name;
     _local2.buynum = _root.buynum;
     _local2.creditsnum = _root.creditsnum;
     _local2.sc = sc;
     _local2.templateID = templateID;
     _local2.pagetime = _root.pagetime;
     _local2.hash = SKeyGen();     //////("y27bigaOAA1" is returned)
     for (key in _local2) {
         if (key != "hash") {
             _local2.hash = _local2.hash + _local2[key];
         }
     }
     _local2.hash = _local2.hash.MD5();
     _local2.sendAndLoad(_root.serverURL + "inventory_new.php", userData, "POST");

with a sniffer i found what request send:

Code:

inventory_new.php?
hash=3655cd4808aa5dc1fa78697124d99970&
pagetime=1435338544&
templateID=undefined&
sc=603019bcdb04a628a00761de8d29bbd7&
creditsnum=undefined&
buynum=undefined&
renameto=undefined%60undefined&
expected%5Fitemprice=%2D1&
expected%5Fitemtype2=&
expected%5Fitemtype=nerotonin8b&
itemnum2=0&
itemnum=21&
price=3000&
action=newsell&
userID=11486565&
password=6e6cf5e31300f375c039199fc6b4eb842c23dee6

so i try fo find how hash is generated but no succes

Code:

post order

0a982ac658e53af4c748b9f1b0b937a3 undefined and encoded char
y27bigaOAA13655cd4808aa5dc1fa78697124d999701435338544undefined603019bcdb04a628a00761de8d29bbd7undefinedundefinedundefined%60undefined%2D1nerotonin8b0213000newsell114865656e6cf5e31300f375c039199fc6b4eb842c23dee6

1ae197b155bda755a38fc95faa4bda04 undefined and no encoded char
y27bigaOAA13655cd4808aa5dc1fa78697124d999701435338544undefined603019bcdb04a628a00761de8d29bbd7undefinedundefinedundefined`undefined-1nerotonin8b0213000newsell114865656e6cf5e31300f375c039199fc6b4eb842c23dee6

49315382488b977cc801719d8f92e0fb no undefined and encoded char
y27bigaOAA13655cd4808aa5dc1fa78697124d999701435338544603019bcdb04a628a00761de8d29bbd7%2D1nerotonin8b0213000newsell114865656e6cf5e31300f375c039199fc6b4eb842c23dee6

ca5940684766551653c6af3eaff4ac79 no undefined and no encoded char
y27bigaOAA13655cd4808aa5dc1fa78697124d999701435338544603019bcdb04a628a00761de8d29bbd7-1nerotonin8b0213000newsell114865656e6cf5e31300f375c039199fc6b4eb842c23dee6

in file order

eec9c6020457a99dffd5ea4af747d693 undefined and encoded char
y27bigaOAA16e6cf5e31300f375c039199fc6b4eb842c23dee611486565newsell3000210nerotonin8b%2D1undefined%60undefinedundefinedundefined603019bcdb04a628a00761de8d29bbd7undefined1435338544

28d1850b8af3dd62c955b0c2c97f7bb4 undefined and no encoded char
y27bigaOAA16e6cf5e31300f375c039199fc6b4eb842c23dee611486565newsell3000210nerotonin8b-1undefined`undefinedundefinedundefined603019bcdb04a628a00761de8d29bbd7undefined1435338544

1a467d141994243b764ae65984f41984 no undefined and encoded char
y27bigaOAA16e6cf5e31300f375c039199fc6b4eb842c23dee611486565newsell3000210nerotonin8b%2D1603019bcdb04a628a00761de8d29bbd71435338544

a7a40b05da14da211195d3307d5f3e4c no undefined and no encoded char
y27bigaOAA16e6cf5e31300f375c039199fc6b4eb842c23dee611486565newsell3000210nerotonin8b-1603019bcdb04a628a00761de8d29bbd71435338544

someone have any ideea?

[qqdev]

Concatenate "hash" with all values in "_local2" and get the MD5 hash of that. Attention: You have to get the correct order of the items you concatenate.