Backdooring Flash Objects (the walkthrough)
The following article is in narrative format and it is purely experimental. Feedback on whether you like it or not will be highly appreciated.
I started my work station. The old DELL Inspiron 8100 laptop switched automatically to Windows XP SP2 after 30 seconds of countdown in Grub. "What is going to be?" The Prodigy seamed to be quite alright for the situation. These guys have never let me down. There is something about their music. When I am listening to their stuff my brain switches to state of mind which I usually call hackmode.
People in hackmode loose their perception of real and virtual world. To them all it matters is performing something that is valuable in this very moment. Hackmode requires total concentration and the feeling of it usually starts like this:
The brain dysfunctions 70% of your body. You feel relaxed. It almost seams like you are in a bubble. Now there is another 10% of brain activity gain. You don't need to calculate the distance between you and other objects in your surrounding environment. There is no need to perform unnecessary reflexive calculations too. There is only you and the object of your concentration.
On that day, my area of concentration was Backdooring Flash Objects. By saying backdooring I mean everything... from trojaning to infecting with viral code. It is quite hard to differentiate between viral infection and trojan infection. At the end of the day it is all about enhancing an object with some malicious functionalities. If it is a virus, the malicious code will introduce itself automatically. If it is a trojan, the user help is needed to introduce the code.
Both of these are quite disruptive activities used by biological viruses that have been with us since the day of our creation. We have been exploited by them and that's the reason why we spend a lot of time figuring out how they work. That they I was exercising malicious infection of otherwise harmless Flash files for the same reasons.
My first aim was to download some tools. I used to play with Flash and its IDE in the past, however I needed something more robust. The first tool to download was Mtasc from Nicolas Cannasse. I had found it couple of weeks ago but I had never had time to do some serious play with it. To me it looked quite sophisticated little tool, great to hacking around Flash.
For the purpose of my training day I needed to download a SWF file that would be eventually enhanced with my demo backdoor as well. After couple of seconds in Google, I found "The Corruptibles". This is quite interesting and well composed animation that was just perfect for my proof of concept.
I unziped Mtasc project into my
C:/ drive and started to fiddle around with it. The command line of the tool is not as straight forward as you might think. There are several options that could confuse you but it is OK. Good tools are usually like that; too much functionalities to put inside the same shell.
After reading the usage, I realized that I need to have a hello world backdoor before even thinking of executing the compiler. So, I switched to my browser window and started reading Mtasc project page. A few minutes later I had the following sample script.
"Voila! There is my backdoor, trojan or virus. So now what? Hard to say!"