In the previous post we managed to obtain the original SWF, but discovered that the exploit is embedded in a ByteArray. Will we be able to obtain it?
First of all, we must extract the contents stored in the ByteArray. To do this, we need a Flash decompiler desktop: Adobe SWF Investigator (It’s free!). Once installed we open the last file obtained: uncompressed_exploit.swf. We go to “Tag Viewer” and select “DefineBinaryData” among all the tags. Then we save it by clicking in “Dump to file” and naming it as “dump_exploit.bin”, for example.