Junk Byte Code for Kicks


How to piggyback Console into flash content on the web

What does it mean?

Add console into flash content that's on the web, letting you use console features as if it was your own.
Ofcourse you may not see logs unless it is hooked up, but you can still do other things such as Display roller, CommandLine, FPS / memory monitor. This is 'not a hack' but a trick, probably a security concern for a lot of the case...
Considering you can do this a lot easier with javascripts AND the fact that you can de-compile swf files, this particular method is not a massive security concern.

What can you do with it?

Mainly just out of curiosity.
Maybe you just want to know how things are structured, how good is the FPS , etc...

You can start the display roller 'RL' and see how the display list is constructed.
Capture the display list and start introspecting the properties and methods of classes.

If you know some of the code base (decompile the game?), you probably also know what classes there are, so you can access them live via console - and even modify values.

If your victim flash content have bad security checks on server end, you can probably hack it out to give your self many points / credit, etc. - or at least on that one session.


Console 3.0 is coming

Just thought I'll post an update about Console.

3.0 is coming with main focus on modularity.
It will make features to be more easily modified or added on top of base console.
No new out-of-the-box functionality will be added.

Replaceable base modules: (replaceable by sub-classing and registering to console)

  • ConsoleLogger - Handles formatting the logs,  add log processors to add custom log output formats
    • IConsoleLogProcessor - adds custom log entry formatting, example, if you want to underline effect on numbers when logging, you can create ConsoleNumberProcessor, which adds <u></u> around number types.
  • ConsoleLogs - Handles keeping logs history and channels
  • MainPanelModule - There will be sub modules under this to handle Menu, Logs and Commandline
  • ChannelsPanelModule
  • TooltipsModule

Modules that can be added:

  • Referencing - handles mapping references to objects via id, for use by other modules
  • CommandLine -  implement ICommandLine to replace behavior
  • Remoting  - implement IRemoting to replace behavior
  • KeyStates - can store the state of key presses, for use by other modules
  • KeyBinder - handles binding keys to function callbacks
  • DisplayRoller
  • RulerModule
  • TraceModule - call trace() on all logs
  • UncaughtErrorsListenerModule - logs when there are uncaught errors
  • UserDataModule - allows other modules to store user data (SharedObject)
  • StayOnTopModule - Keeps console on top
  • GarbageCollectModule - calls System.gc()
  • GarbageCollectionMonitor
  • InspectorModule - allows you to introspect in UI

Not everything is there yet and its very much under construction... The general picture is coming together.

See 'spirit' svn branch for code progress. https://flash-console.googlecode.com/svn/branches/spirit

Filed under: Console, Flash 1 Comment