Running Adobe Flash for BMC “safely” (Method 1)
tip -> Scroll to “The section you’re actually looking for (skip to here)” if you want to skip the rant
Initial rant as to why
If you’re anything like me, then you probably think that it’s idiocy to waste money on expensive infrastructure equipment simply because your support agreement ran out and the server is end of life and end of support. Let’s be honest, if you’re going to waste $20,000 US per server to run your IT, you may as well just move to the cloud.
Honestly, the machine listed above is the first item I found searching eBay for Cisco C240 M3 and I think it’s a bit on the pricey side at 2000GBP. I’m pretty sure you could get similar machines for 1200USD plus shipping if you look. Buy 3, add some cheap used enterprise SSD drives and some SD cards and you’re set for 10 years at least. Buy a 4th for spare parts and you don’t need a service agreement at all. And to be honest, I run almost everything on Raspberry Pi CM4 nodes with K3OS these days, I only keep these old machines around for legacy applications.
The real problem with these machines however is that they were based on the Emulex Pilot 3 BMC chip which was kinda cool at the time, but when Broadcom (or whoever) bought out the product line, they evolved it into later generations, but unfortunately, they never bothered implementing an HTML5 GUI for the system. The end result being that Cisco and many other vendors decided not to press for updated software and as of now, it’s impossible to use the management system unless you use command line and some nifty tricks… or you have Adobe Flash running… which you shouldn’t.
Security concerns
I imagine at this point that Adobe is hoping that Flash will be long forgotten. I also believe that hackers stopped giving a crap about Flash since no modern browsers support it anymore. Downloading and installing it has become extremely painful. But some of us who need it for things other than just the web still REALLY need it.
That said, I think it’s really important to consider that if you run Adobe Flash at all, you should do it in the most secure environment possible.
“Secure Methods of Running Flash”
Windows Sandbox
The first method I’ll present… which also happens to be the easiest method I found so long as you’re running Windows 10 is to use Windows Sandbox. Windows Sandbox is an excellent security tool as it rapidly spins up a fresh, blank Windows 10 virtual machine within Hyper-V with support for disabling… pretty much everything. I’d love to say I really locked it down, but I worked within “sound paranoia guidelines”, meaning I didn’t go overboard.
What’s really nice about Windows Sandbox is that as soon as you close the window, your new VM is deleted from existence. Think of it as “incognito mode” like you find in your browser, but for entire Windows installations.
Vagrant
If you’re not on Windows 10, or you have a reason you wouldn’t like to install the Windows sandbox feature, then Vagrant is a pretty good option… if a bit slower. You can of course use any operating system you want for the guest, but I find Windows 10 to be the best solution… because it’s become very difficult to make Flash work anymore on Linux. I honestly could not get a somewhat recent Flash player working on any Linux browser I tried, but I will admit I gave up easily.
For safety sake, you simply don’t want use the same VM twice. Make sure you delete your VM as soon as you exit.
Docker
This would be an amazing option if I could get it to work, and I haven’t given up. I’ve tried everything I could think of with multiple versions of Ubuntu, but in the end… nothing. When I tried Chromium and Chrome, I couldn’t make it work since Docker disables certain kernel features that Chromium really likes. So in the end, I just couldn’t make it happen. I think I’ll try again with Alpine in my next attempt.
The section you’re actually looking for (skip to here)
Brief description of the goal
Spin up a Windows 10 Sandbox VM by double clicking an icon that includes Firefox, Flash and Java WebStart.
Brief description of the steps
- Enable Windows Sandbox
- Download the files we need
- Edit the script
Enabling Windows Sandbox
GUI way
Spoiler alert — there is a reboot here
Click start and search for the “Turn Windows features on or off” tool from “Control panel”
The feature is called “Windows Sandbox”, then be prepared to reboot your system as it typically requires that Hyper-V is properly installed. (For those who don’t know it, Hyper-V doesn’t run on Windows, Windows runs on Hyper-V when you enable this feature.)
Powershell way
For much more detail and tips on how to install Windows Sandbox even when you don’t have Windows 10 Professional, check out Enable Windows 10 Sandbox with PowerShell and Dism (winaero.com)
Enable-WindowsOptionalFeature -FeatureName "Containers-DisposableClientVM" -All -OnlineThe above command is the Powershell “one-liner” that does the same as we did with the GUI
Getting the files we need
Well, I won’t make any promises the links will always work, but I recommend the following
Firefox with NPAPI Plugin support
The filename you’re looking for if you want to search the web for it is “Firefox Setup 83.0.exe”
The official link at this time is
Directory Listing: /pub/firefox/releases/83.0/win32/en-US/ (mozilla.org)
Adobe Flash Player Plugin
The filename you’re looking for if you need to search for it is “flashplayer32_0r0_371_win.msi” which, so far as I know is the last version of Flash Player published without a timebomb in it.
flashplayer32_0r0_371_win directory listing (archive.org)
Java Web Start
Almost all the BMCs I’ve encountered from this era (Dell, Cisco, etc…) tend to use a Java Web Start app, which of course is a dead technology. As such, I recommend visiting the OpenWebStart Project to download the latest version. their tool automatically installs the appropriate Java version when needed … which is WAY better than the old official WebStart did.
The file I used which is known to work is
OpenWebStart_windows-x64_1_4_0.exe
I recommend making copies of these to your personal OneDrive, Google Drive, or DropBox… whatever. You never know when you won’t be able to find them anymore.
Where to put them?
Copy them all into a single directory. You can choose wherever you want, but Windows Sandbox configuration scripting has a terrible flaw which is that it depends on absolute directory paths. So be warned, it could be difficult to move around. If you’re using OneDrive, you might do what I do which is to leave it in a synced directory which has the same path no matter where I use it from.
The magical script
This is my directory where I keep everything and all I have to do is double-click and icon and 30 seconds later I have a full environment.
install_software.cmd
WARNING: Leave the paths as is… just copy this verbatim
The file above is just a simple script which installed Firefox, OpenWebStart, and Flash Player… all silent installs. When the script is finished running, it start FireFox. On this PC (AMD Ryzen 9 3900x, 32GB, Samsung 970 EVO), it takes about 30 seconds to spin up the VM and install all the software and run the browser. By comparison, my Docker experiments so far have taken 10seconds on the same machine… but it doesn’t work properly yet :(
Next, we need the batch file kinda thingy to actually create the VM and run the install_software.cmd
runme.wsb
You’ll see in the code above that :
- The host folder is where your files are. You must edit this
- The paths are escaped… this means you need double backslash, not single.
Pretty much done now
You should see something like the above in Windows Explorer (I’ve tossed Ubuntu in there since that’s what I use on my servers).
Double click the runme.wsb
Launch the KVM!
IT WORKS!!!!
