I first found zombo.com somewhen around 2002. It was actually launched in 1999 as a mockery over website frontend flash loaders. Rather mind blowing that this single screen site has been sitting there, entertaining people, for the last 13 years. Recently, an html5 version popped up just for iPortable users because Apple products don’t support flash.
And so, while enjoying zombocom the other day, I started to wonder what version of flash was available in 1999. I could look up the developmental history of flash, but that still doesn’t tell me exactly which version is being used by the infinitely possible zombocom. At the very least, I knew it was a Macromedia version from before the time when Adobe had acquisitioned them. So let’s do this!
curl zombo.com
This gets us the html source code for the website. The flash file in questions is inrozxa.swf so . . .
curl zombo.com/inrozxa.swf
Well, that gets us mostly garbage. But you’ll notice the first few characters are FWS?x_? which has SWF in it backwards. Let’s read up on the SWF specifications! OK! First 3 bytes are ‘FWS’ so that’s in order. The 4th byte is the version number, but why is that a question mark? Because it’s an unsigned single byte integer, not a character silly! My terminal is replacing a low-value control character with the question mark. So how do we find the value of this buggar?
curl zombo.com/inrozxa.swf | od -t u1 -N 4
gets us : 70 87 83 4
What I did was load the flash file from zombo.com and then piped it’s data into a command called od which is an octal, decimal, hex, and ASCII dumper. I tuned it to display only the first 4 single bytes in unsigned integer form. So, from the data above, can you guess which version of flash zombo.com is running on?!?
Macromedia Flash v4 FTW!!
Now read this XKCD strip!
We can all rest easy tonight!! :D
Filed under — Hacking
Tags —
bash, curl, hacking, od, zombocom