Skip to main content

Plarium part two. Working with swf

Flash is old but still usable. 

Flash is very old  but still  usable. Few year ago I was sure that this product be killed by WebGL or other modern technology. Now Flash is alive and  very popular for some application.  Flash  contains not only sprites and images ,  actionscript code is also included in swf file. By running  this code flsdh has ability to  work with  user control and send command via network. 

Start JPEXS Free Decompiler  and open previous downloaded swf file. Navigate to script section:
  Unfortunately my Imac has problem with text searhing(searching is stopped with 'out of memory' error). In this case I'm looking  for potential file using personal meaning. File which has "sign-code" reference is placed at next path: scripts-> model-> logic->server->commands->JsonCallCmd
Function name is call() and contain  another one fuction generateRequestSignature(data,paramTextForSignatureCalculation) where  data are data which are send to server and paramTextForSignatureCalculation is sum of wellknown string started from "The Matrix" , method, userid , and usersocailauthkey.  Last three strings are also added to HTTP Header. 
you can verify this investigation by python interpretator: 
python
Python 2.7.10 (default, Oct 13 2015, 09:42:49) 
[GCC 4.2.1 Compatible Apple LLVM 7.0.0 (clang-700.0.72)] on darwin
Type "help", "copyright", "credits" or "license" for more information.
>>> import hashlib
>>> matrix_string = "The Matrix has you..."
>>> http_data= """{"s":{"s":true,"o":1,"l":true,"f":true,"c":"en-US","p":0,"m":true,"z":0.6361773255813953,"g":false,"a":true},"u":1492615673749,"r":77,"o":{"i":44,"b":null},"y":[518],"sm":[],"km":9,"g":21193,"t":1492615694942,"q":[64,1,44,55,56,57,58,59,60,61,62,63]}"""
>>> http_command="CloseQuest"
>>> authkey='secretkey'
>>> userid='itsasecret'
>>> print hashlib.md5((matrix_string+http_data+http_command+userid+authkey).encode('ascii')).hexdigest()
8917c927db57bf6d7dbcb7a72b25151d
If you have received the same value as in http header then you have done your job well.
Labels:

Comments

Post a Comment

Popular posts from this blog

Update grub using dracut

Fixing grub using dracut Last kernel update was not successful to me. Centos can not boot with next messages:  [ 180.098802] dracut-initqueue[376]: Warning: dracut-initqueue timeout - starting timeout scripts [ 180.610167] dracut-initqueue[376]: Warning: dracut-initqueue timeout - starting timeout scripts [ 181.121619] dracut-initqueue[376]: Warning: dracut-initqueue timeout - starting timeout scripts [ 181.633093] dracut-initqueue[376]: Warning: dracut-initqueue timeout - starting timeout scripts [ 182.144831] dracut-initqueue[376]: Warning: dracut-initqueue timeout - starting timeout scripts [ 182.656146] dracut-initqueue[376]: Warning: dracut-initqueue timeout - starting timeout scripts [ 183.167306] dracut-initqueue[376]: Warning: dracut-initqueue timeout - starting timeout scripts [ 183.678755] dracut-initqueue[376]: Warning: dracut-initqueue timeout - starting timeout scripts  Of course simples way  is creating  linux  usb stick  and fix it. But dracut
Post a Comment
Read more
  debian,  amavis,  virus inside archive   One my client asked informed me, that amavis skips some files types. mail server configuration is really simple: Postfix as SMTP server and  amavis working as context filter. Also amavis runs spamassasin and clamd antivirus. Amavis gets files from attachment and unpack it. lha file is not detected. short investigation First I deceided to run amavis  in debug mode and verify how virus passed postix+amavis.  root@newserver:/var/lib/amavis# /etc/init.d/amavis stop [ ok ] Stopping amavis (via systemctl): amavis.service. root@newserver:/var/lib/amavis# /etc/init.d/amavis debug Trying to run amavisd-new in debug mode. Debug mode inform about loaded plugins: ' Nov 13 22:07:23.335 newserver. /usr/sbin/amavisd-new[40334]: Found decoder for .cpio at /bin/pax Nov 13 22:07:23.336 newserver. /usr/sbin/amavisd-new[40334]: Found decoder for .tar at /bin/pax Nov 13 22:07:23.336 newserver. /usr/sbin/amavisd-new[40334]
Post a Comment
Read more

Postfix can not start via systemd (simple fix)

Solving problem related to systemd process I like postfix.   This is really smart and secure mail server. I'm helping above  dozen clients around the world and  tunning  postfix is really fun task. This morning I was downgrading postfix  to the stable version for one of the my friends and come across interesting issue.  root@newserver:/etc/init.d# systemctl status postfix ● postfix.service Loaded: masked (/dev/null; bad) Active: inactive (dead) since вт 2017-06-13 14:35:41 EEST; 1h 48min ago Main PID: 25145 (code=exited, status=0/SUCCESS) чер 13 14:47:09 newserver systemd[1]: Stopped postfix.service. чер 13 14:47:29 newserver systemd[1]: Stopped postfix.service. чер 13 14:58:22 newserver systemd[1]: Stopped postfix.service. чер 13 14:58:23 newserver systemd[1]: Stopped postfix.service. чер 13 15:05:20 newserver systemd[1]: Stopped postfix.service. чер 13 15:29:06 newserver systemd[1]: Stopped postfix.service. чер 13 15:29:06 newserver systemd[1]: Stopp
Post a Comment
Read more