Posted February 12 2011
apple art bits c code evil games interaction iphone java js mathematica micro optimization php quine reveng sound swf updates useless video whine xterm zip
Feeds: RSS / Twitter
Feb 12 2011
ASCII/UTF-8 SWFs
I needed some valid SWF files with constrained character sets for an injection PoC. Putting them here in case someone else needs some.
Jul 6 2009
GOTO for Java
PHP has finally taken the plunge into the 1960s by implementing GOTO. Here's an implementation for Java.
Jun 7 2009
Unofficial Java Vulnerability Fix
A patch for a serious Java bug. No longer needed as of June 16.
Jun 2 2009
Max/MSP Multitouch drivers
Max & Michael have written a Max/MSP driver based on the multitouch code.

My CSS-fu is weak; please use a recent browser.

Some rights reserved.

Random, semi-related image by Erik J. Gustafson.

ASCII/UTF-8 SWFs

I needed some valid SWF files with constrained character sets for an injection PoC. Putting them here in case someone else needs some.

Valid UTF-8

Raw file | Hex | Disassembly

This one is technically not a valid SWF file, but undefined tags are ignored by the player, so it still works. The invalid chunks are needed to get around the fact that the push opcode (0x96) used to introduce string constants can only appear as part of a utf-8 sequence.

ASCII only

Raw file | Hex | Disassembly

This one avoids constants altogether by spinning its own strings out of pieces of fluff it finds lying around: The current time stamp xored with itself is 0. The length of "0" is 1. From there, you can use + to create the other positive integers, then pass them to ActionAsciiToChar to create the strings you need.

Alok's

Alok Menghrajani optimized the shit out of the ASCII flash. 79 bytes, no nulls, no high bytes. Needs parameters to work.

Comments