Learn to Fly 2

For all non-RuneScape games located on the 2009scape.org website.
Post Reply
User avatar
Red Bracket
Retired Staff
Posts: 317
Joined: Thu Aug 11, 2022 7:18 am
Location: Varrock West Bank
Has thanked: 282 times
Been thanked: 74 times
Contact:

Learn to Fly 2

Post by Red Bracket »

Use this thread to post hiscores within the 2009scape Community, strategies and more!
User avatar
Red Bracket
Retired Staff
Posts: 317
Joined: Thu Aug 11, 2022 7:18 am
Location: Varrock West Bank
Has thanked: 282 times
Been thanked: 74 times
Contact:

Re: Learn to Fly 2

Post by Red Bracket »

Feel free to view the source code with a SWF decompiler like https://github.com/jindrapetrik/jpexs-decompiler, which is what was used to get the game running and preserved on the website to begin with :lol:
User avatar
between3and20
Froob
Posts: 71
Joined: Sun Oct 09, 2022 8:11 pm
Location: Kadath
Has thanked: 32 times
Been thanked: 14 times

Re: Learn to Fly 2

Post by between3and20 »

#Commit d9a87a5

ageofwar.swf
MD5: 41d9fc9f15b605d13ab6b323dcc5de5c
SHA1:7c864c5582d84920d502e268fb68be7e6f4271ed

Distribution include:
Trojan:Win32/Wacatac.H!ml
Trojan.Win32.BitCoinMiner.la
Trojan.Agent.Win32.2205396
TrojanDropper.VB.auce
Generic ML PUA (PUA)

Of which 1 was detected by microsoft defender, it is possible that this is just a mistake and erroneous reports.
User avatar
between3and20
Froob
Posts: 71
Joined: Sun Oct 09, 2022 8:11 pm
Location: Kadath
Has thanked: 32 times
Been thanked: 14 times

Re: Learn to Fly 2

Post by between3and20 »

Of course, these are false positive reports. Although without the source you will never know. The decompiler is useless here. The most surprising thing is that this is a not common visited site and as a person who relies on open source projects, it's a very strange idea to make such things available, especially here. As for the trojan horse, I have a bike.
User avatar
Red Bracket
Retired Staff
Posts: 317
Joined: Thu Aug 11, 2022 7:18 am
Location: Varrock West Bank
Has thanked: 282 times
Been thanked: 74 times
Contact:

Re: Learn to Fly 2

Post by Red Bracket »

between3and20 wrote: Mon Mar 27, 2023 11:57 pm #Commit d9a87a5

ageofwar.swf
MD5: 41d9fc9f15b605d13ab6b323dcc5de5c
SHA1:7c864c5582d84920d502e268fb68be7e6f4271ed

Distribution include:
Trojan:Win32/Wacatac.H!ml
Trojan.Win32.BitCoinMiner.la
Trojan.Agent.Win32.2205396
TrojanDropper.VB.auce
Generic ML PUA (PUA)

Of which 1 was detected by microsoft defender, it is possible that this is just a mistake and erroneous reports.
Do you get this when you visit any of the other game pages? I can remove Age of War (or tweak the .swf to avoid the hash detection), even if it's a false positive (although this thread isn't about that)
User avatar
between3and20
Froob
Posts: 71
Joined: Sun Oct 09, 2022 8:11 pm
Location: Kadath
Has thanked: 32 times
Been thanked: 14 times

Re: Learn to Fly 2

Post by between3and20 »

Flash allows javascript to be called, which allows the flash developer to access cookies, as well as the DOM for the same origin for which the site was served.
So if you allow users to serve a SWF file on, this means that any visitor to your client's site can perform an XSS attack if the client used the same origin as your site. i.e. put swf files on https://2009scape.org/services/m=funorb/games/, you are really owned at that point, because any client can catch authentication cookies, but I could be wrong.
User avatar
between3and20
Froob
Posts: 71
Joined: Sun Oct 09, 2022 8:11 pm
Location: Kadath
Has thanked: 32 times
Been thanked: 14 times

Re: Learn to Fly 2

Post by between3and20 »

I might as well compare it to certain sites on which there allow you to download rsps sources, although there is now a plague of uploading on github, indicating that the downloader(user) is finding that this is a safer option because people consider it more secure even though that's nonsense. Most is ok, some are great, and some contain libraries that are usually old that contains critical vulnerability that a RCE, RPE, RRRCE.

Example for old CVE RPE : Attacker can access the mysql account, access the /var/log or /var/lib/mysql directories (belonging to the mysql user) and thus easily delete the error.log file and replace it with a symlink to any system file for further privilege escalation.... PIKA PIKA

So just be careful. But it doesn't relate to the thread, I'm not interested in it there. It's your source, also I have nothing more to say.
User avatar
Red Bracket
Retired Staff
Posts: 317
Joined: Thu Aug 11, 2022 7:18 am
Location: Varrock West Bank
Has thanked: 282 times
Been thanked: 74 times
Contact:

Re: Learn to Fly 2

Post by Red Bracket »

The .swfs run via Ruffle disables JS calls (they can be enabled but they aren't on 2009scape.org). I'll take a moment to also say that Ruffle isn't "Let's bring back Flash and ignore the vulnerabilities", it's a full reimplementation without the stupid stuff. It doesn't access cookies, it uses LocalStorage for everything (meaning all saved states are compliant with data protection laws like GDPR, and our privacy policy). Pages are all subject to modern browser protections, including CORS, so the local data that can be accessed is data on 2009scape.org (which there is none).

To also clarify, 2009scape.org is not my website. I'm putting games up with permission from Ceikry and Ryan, because people thought it was a good idea. If folks don't like it, they can be removed (although I would personally be sad :cry:). Post a thread on viewforum.php?f=26-website-games (or anywhere else with visibility) if you want to start that discussion, since not many people are reading it here.

It would also be great if you could check other games sending off the antivirus alert, since that is an actual problem. I've reuploaded Age of War as a deobfuscated version, so hopefully it won't set off the hash-based antivirus check.
User avatar
between3and20
Froob
Posts: 71
Joined: Sun Oct 09, 2022 8:11 pm
Location: Kadath
Has thanked: 32 times
Been thanked: 14 times

Re: Learn to Fly 2

Post by between3and20 »

github is not responding

https://i.imgur.com/KC9jXsL.png
User avatar
Red Bracket
Retired Staff
Posts: 317
Joined: Thu Aug 11, 2022 7:18 am
Location: Varrock West Bank
Has thanked: 282 times
Been thanked: 74 times
Contact:

Re: Learn to Fly 2

Post by Red Bracket »

Damnit GH using 2 days of our build credits failing to deploy.

Forced it to deploy, should be good now
Post Reply