Embrace the timeline….

On creating rich, flashy and immersive advertising experiences online by Owen van Dijk

Project X, Number 65.

with 5 comments

As posted in my previous posting, i’ve been busy with several versions of the Flashplayer, codename “Project X”. After all, this is the starting point of all technologies and tools based on the Macromedia Flash File Format. Flash, FlashCom, Flash Remoting, Central and Flex wouldn’t be anywhere without this important, but often overlooked, piece of software. In my research, i found some interesting stuff which i will share with you.

the Magic Number?I often asked myself, why there is a checkbox in Flash MX 2004 to optimize for version 6.0.65.0 and later, but not earlier revisions. Also, i’ve read that Macromedia Central was based on version 6.0.65.0. Was there some magic code involved in creating that version? Was 65 considerd a ‘lucky number’ within Macromeda? After a quick search and going through several release notes i think i found something that would clarify the magic that is “Number 65”. On December 12, 2002 Macromedia and eEye Digital Security found an exploit in the Flash file format. I’m not a security expert, so i can’t go into the nitty-gritty detail, but basically it bottled down to this:

If you were manually editing the SWF file published by Flash, using for instance a hex-editor, you could create a malformed header, suplying more frame data then the decoder ( Flashplayer ) is expecting. This is the basis for a “Buffer Overflow”, which eventually gives the attacker a possible entrance to your system.

Macromedia quickly released version 6.0.65.0 that, along with several other bugfixes, solved this exploit. After this release, there are no found exploits, either in the Flash file format or the Player, so i think that explains why you have a nice little checkbox in Flash MX 2004.

Then again, i could be totally wrong about this, but hey…it’s a nice story 😉

More postings on Project X later…

Advertisements

Written by ohwhen

March 19, 2004 at 2:49 pm

Posted in Web/Tech

5 Responses

Subscribe to comments with RSS.

  1. One of many…

    – Central built in installer
    – optimized bytecode

    JesterXL

    March 19, 2004 at 3:29 pm

  2. the function2 tag was introduced in .65
    http://flasm.sourceforge.net/#function2

    claus wahlers

    March 19, 2004 at 3:45 pm

  3. There were also some fixes concerning IE hanging when loading an mp3 file with an invalid header, if I remember correctly. Pretty annoying bug… 🙂

    Martijn de Visser

    March 19, 2004 at 4:00 pm

  4. The number of registers used went up, and there were changes of how variables were handled in the player due to this. That is one of the reasons the 65 player is so much faster.

    Kenny Bunch

    March 19, 2004 at 4:25 pm

  5. to be exact: function2 is not a tag, but a bytecode instruction. function2 allocates up to 255 registers, which makes it pretty fast.
    however, this will only work with swfs that are optimised to work with r69 or above. These files won´t work with previous players.
    Afaik support for function2 was introduced with FlashMX2004 and AS2.

    Florian Krüsch

    March 19, 2004 at 6:13 pm


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: