As3Crypto has been open-source from the start, but the development, iteration and feedback process isn’t quite as open and collaborative as it should be.
There is this one guy controlling every aspect of it, hiding his precious source code until he deems it ready for another release, and generally being way too slow at moderating blog (…)
A couple years ago, I wrote this little Java Explorer script that used Liveconnect to inspect available Java classes. It included a little console that made it easy to play with those classes and their members to see what they seemed to do.
More recently, when the Flash Player 10 beta came out, I ended up (…)
Here we go. ESC is far along enough to start treating it like a working ecmascript compiler. Combined with my little JSObject hack and some glue, you end up with something that gives you a taste of things to come.
So here is ScreamingDonkey. Not to be confused with ScreamingMonkey, a serious project done by the (…)
I’ve grabbed some recent .abc binaries from the Mozilla Tamarin repository. The ESC project is moving along quite nicely apparently, as this version is able to compile a lot more constructs. For example, it has enough namespace support to let scripts access objects located in other packages (see the sample code on the “Eval UI” (…)
Back in the days, Netscape created this neat layer of glue called LiveConnect. Among other things, it would expose javascript objects to Java through a JSObject class.
Fast forward to ActionScript. ExternalInterface provides a way of eventually doing the same thing. Things like FABridge make things somewhat friendlier, but FABridge only deals with accessing ActionScript goodies (…)
Over a year ago, Adobe open sourced Tamarin, and there was much rejoicing.
As part of the source drop, Adobe included an actionscript compiler written in actionscript.
A few folks noticed that it sounded a whole lot like an “eval()” method, and thought that once the good folks at Mozilla and Adobe hammered at it for a (…)
If you missed it, an Adobe engineer, Scott Petersen, gave a talk at Chicago Max a couple of months ago, showcasing some crazy side project of his, that allows him to run c/c++ code on top of an unmodified Flash player.
This has various implications, one of which is one could someday interface their as3 code (…)
Apparently, ActionScript 2 isn’t dead yet.
While I anxiously await the day popular gizmos like the Wii or the iPhone get to run as3 bytecode, there are apparently still legitimate reasons to want to code with As2.
There already are various chunks of code out there to encrypt stuff with As2, the most popular being probably still (…)
There we go, Flash now has a TLS 1.0 implementation written entirely in ActionScript.
In spite of my previous post, I didn’t feel right releasing something that didn’t have a shot at protecting against Man-in-the-middle attacks, so I took a few more days to implement some X.509 certificate parsing and validating.
This release ships with a number (…)
Right now, any ByteArray you feed to MD5 will get messed with, in 2 ways:
Some padding will be added to the end of it
The endianness of the array will be forced to little-endian.
You see, TLS has this “finished” message as part of its handshake that requires to compute an MD5 hash and a SHA-1 hash (…)
You are currently browsing the archives for the actionscript category.
Metal Hurlant is a Silicon Valley Code Monkey with an interest in Security, Web Applications and their intersection.