"The year is 2021 A.D. The internet is entirely occupied by HTML5. Well, not entirely... One small management console of indomitable legacy still holds out against the invader. And life is not easy for the tired sysadmins who garrison the unfortified camps of Flash, Shockwave, Silverlight and Java ..."
With the well deserved "death" of Adobe Flash at the end of 2020 everyone had hoped to finally get rid of all the clunky management consoles but life is not that nice to us sysadmins.
A few months after Flash was disabled in all modern browsers and refused to even let itself be invoked through legacy options a co-worker from our server team contacted me and asked if I had any way to still run Flash because otherwise they would not be able to access their "Oracle Enterprise Manager Database Express 12c" console anymore. And from here it all went downhill ...
The solution I came up with based on this reddit post was to basically install an old Firefox version, in my case "Firefox 78.6.1 ESR (x64)" and an old Adobe Flash version that did not have the killswitch in it yet. Here I went with 32.0.0.330. Why that specific version? I honestly cannot remember anymore. It was probably the latest version I had available (in our own little software archive) at the time that did not have the killswitch implemented yet. Any version until 32.0.0.371 should probably work.
Both the ancient Firefox and Flash versions are clearly a security concern but the systems where I installed them are disconnected from the internet and a system-wide proxy configuration locked down with group policies should prevent them from accessing anything outside the defined proxy exceptions, which are all local addresses. The machines are also virtualized and get deleted and reprovisioned when you log off.
With that setup Flash was running again. At least if you ignore the warning Firefox throws at you at every attempt to load Flash content and enable it manually on every run. But that is the price you have to pay for using ancient tech that should have been replaced years ago. "Not my problem."(tm)
Or so I thought ...
While every Flash content I tested was working fine ... the one console the co-worker from the server team actually cared about was not playing ball with me.
I'm not involved with the server administration so I do not know which specific version they are running or whether there are updates they have not installed yet. All I see is a blank page when I try to access the URL provided by the co-worker: https://<servername>:<port>/em/login
The fact that the certificate is self-signed with a weak algorithm already tells me enough. But it should still work. At least it should display the login window ...
The source of the website reveals no issue. The .swf file is supposed to be loaded but it is not displaying anything. Just a blank page.
I have found a couple posts all over the internet describing this issue but none of the proposed "solutions" worked. Firefox would still only display a blank page for the Oracle EM console while all other Flash content I tested would display just fine.
After I had kind of given up on the issue and the co-worker had not asked me about it in months I wanted to close the internal ticket with "won't fix". Against better judgement I decided to take another crack at the issue with a clear head ...
First I downloaded the .swf file linked in the source of the page but running .swf files on their own is actually not that straight forward anymore. Even more so since we've already started disabling Internet Explorer on the first group of machines before Microsoft does it for us in May 2022.
So while searching for a way to run this .swf outside of a browser I came across this website which pointed me to the "Adobe Flash Player Support Center" which had the download for the "Flash Player projector content debugger".
Running the downloaded .swf file in the debug tool only gave me 2 errors:
Error: Error #2067: The ExternalInterface is not available in this container. ExternalInterface requires Internet Explorer ActiveX, Firefox, Mozilla 1.7.5 and greater, or other browsers that support NPRuntime.
Error: EmApplication.EMApplicationCreationComplete(): Application needs its model
Not very helpful. So I tried entering the url to the .swf file. That did not yield any result. None at all.
For some reason I then tried reloading the website in Firefox and ... the login interface loaded. There was content where before there was just a lot of blank space. Something must have changed. But what?
After resetting the virtual machine I was testing with to a snapshot prior to when I had used the Flash debug tool I could again load the website and only got the familiar blank page. I started the debug tool, reloaded the website and ... the login interface showed up. This time I had not even tried loading the .swf file in the debug tool before.
I closed the debug tool and the browser, opened the browser and loaded the website ... and there it was again, the login interface. So basically just running the debug tool once made the page suddenly load and display properly. Weird.
Next logical step was to run Process Monitor and logging what that Flash debug tool was actually doing that made the management console's login interface suddenly work. After excluding all the regular Windows noise and hiding 95% of what the debug tool was producing I was left with about 150 lines of activity. Still a lot of noise, but at least much more manageable than the full dump.
Going by process of "what would be easiest to test first" I checked the "C:\Windows\SysWOW64\Macromedia" folder first but did not spot any newly created files that should have any relevance in this.
Next on the list were the "Adobe" and "Macromedia" folders under "C:\Users\<username>\AppData\Roaming". The "Adobe" folder already existed but the "Macromedia" was newly created and did not exist prior to running the Flash debug tool.
Deleting subfolder after subfolder and testing whether the login interface would still load in-between I made my way up the folder structure until I finally reached the "Macromedia" folder itself. After deleting every folder the login interface would still load and the just deleted folders would be recreated. But when I deleted the "Macromedia" folder under "C:\Users\<username>\AppData\Roaming" the login interface would no longer load and the "Macromedia" folder would not get created again.
Could it really be that Flash is so broken that it cannot even create its own folders in the user profile? Turns out: Yes. Yes it is.
After manually creating the "Macromedia" the login interface was loading and all the subfolders got created again. So yes, it really was the fact that the "Macromedia" folder was missing and Flash being too broken to create it itself.
In the end I simply went with a simple group policy preference to create the missing "Macromedia" folder in the user's profile. I had already spent enough time on this issue and did not really feel like investigating any further.
I really hope I will never have to touch Flash ever again after this.
[2] https://twitter.com/BeingSysAdmin/status/1471518664218218502
No comments:
Post a Comment