Anyone know anything about the new stagefright hack for iPhone?

anyone know anything about the new stagefright hack for iPhone?

Other urls found in this thread:

raw.githubusercontent.com/jduck/cve-2015-1538-1/master/Stagefright_CVE-2015-1538-1_Exploit.py
exploit-db.com/docs/28475.pdf
dl.dropboxusercontent.com/s/t5dvcdgvh5u7ny0/forchan.html
twitter.com/NSFWRedditGif

I dinno nuffin until I read yesterday that apple released a patch for it.

Nope, but i would like to know. Bump for interest.

There isn't much info on it yet for some reason

anyone explain? I haven't heard about this

apparently there is a hack that is coded as an mms that you just send via text and it gives you access to their entire phone.

It is similar to the stagefright bug that effected android. integer underflow in the MPEG4Extractor allows a remote attacker to execute arbitrary code via crafted MPEG-4 data.

I heard that it's malware encoded as a video and when you send it, you get full control of the target's phone.

pretty much. see basically if you send a picture or video your phone will try to analyze the photo to create a thumbnail. there is a vulnerability in the analyzation that would let an attacker send arbitrary code

I wish I knew enough to actually do it lol

anyone know if there is a CVE id for it yet?

I want this hack now.

Even if someone handed you the code i doubt you would know what to do.

Even if I didn't, Google does.

>Implying you'd know either

I would know. the main reason i know that wouldn't know is because he is talking like it is just some .exe that you download and run.

Found the POC code for the android stagefright exploit. anyone want to try and port to iphone?

raw.githubusercontent.com/jduck/cve-2015-1538-1/master/Stagefright_CVE-2015-1538-1_Exploit.py

>I would know.
No you wouldn't, script kiddie. Go back to Sup Forums

lol, exploits r e z. how about you explain this part of code from def build_rop(off, sp_addr, newpc_val, cb_host, cb_port):
rop = ''
rop += struct.pack('

or let me guess. you dont even know ASM?

>Implying you could explain that.

What coding language is that

yo idc who explains t just do a fucking tutorial idk dont be a faggot. help a nigga out.

python u dumbfuck dont u fucking know how
to read?

This tbh.

raw.githubusercontent.com/jduck/cve-2015-1538-1/master/Stagefright_CVE-2015-1538-1_Exploit.py

>.py
>p
>y


lol dude it is simple return oriented programming. get gud

trips demand tutuorial lmao

>get gud
basement dweller detected. I bet you even own a guy fawkes mask.

Not yet :( mommy won't let me buy one with my good boy points.

explain pls

stfu faggot u trynna flex but u aint shit boy

kek

you aint shit either nigga

lol just ignore he couldn't explain and when i told him what it was he resorted to name calling as his last defense. we don't want to make him cry.

gotta be careful. lil cuck haha

ITT: a bunch of first-year code students get to pretend they live in watch dogs.

bump for interest

The top part is just ROP. it is hard to understand unless you read all of it or else it seems like a buttfuck of random.
the bottom part (starting at native_start) is just a buffer.

If you look at ASM code you will see sort of a resemblance ( 0x08048464 : push %ebp
0x08048465 : mov %esp,%ebp
0x08048467 : sub $0x88,%esp
0x0804846d : mov 0x8(%ebp),%eax
0x08048470 : mov %eax,0x4(%esp)
0x08048474 : lea -0x6c(%ebp),%eax
0x08048477 : mov %eax,(%esp)
0x0804847a : call 0x8048340
0x0804847f : leave
0x08048480 : ret )

It is basically just moving/defining data if you ever look into buffer overflows you will be seeing it a lot

exploit-db.com/docs/28475.pdf

just wanna now for very legal reasons

better than tinder, plenty of horny twats of your city wanna be stretched on dl.dropboxusercontent.com/s/t5dvcdgvh5u7ny0/forchan.html

>2016
>not coding and researching exploits for fun

cont? good job user.it was quite difficult really

dont open this. niggers dont fall for it

hah thats what im doing. learning python in my free time

bump

mega bump

>python
>kek

oh very nic much twat and pussies in this websit

samefag

what should i learn then ?

isnt that quite obvious? the guys retarded. cant even get to shitpost right

What is the message? Can it work if I own an android? Tell me more

Someone teach me how to send this to my grandmother
>will post here nudes if it works

Assembly makes baby Jesus cry.

I started with python. it is easiest object oriented language to learn first.

You guys can stop bumping. no one is going to be able to give the code anytime soon.

For anyone waiting on an explanation on how this exploit works, i will give my opinion(since the POC code hasn't been released yet i will have to do my best to guess how it happens)

So the attack will start with some code like raw.githubusercontent.com/jduck/cve-2015-1538-1/master/Stagefright_CVE-2015-1538-1_Exploit.py being used to create the payload. the payload will then be sent/accessed via web browser or instant message or any other way to get the payload to their device. the IOS image/video handler will try to read the image/video when it is accessed, this will trigger the bug that we want. When the bug is triggered a stack buffer overflow will happen wich will write to a memory address on the call stack outside of the original data structure (these are usually fixed lengths so this shouldn't work which is why it is a bug) so now that we have the buffer overflow, if our payload included the arbitrary code then we can now have access to the iphone. see the bottom part starting at native_start is calling for a reverse TCP shell(google it if you have to) and you will not have access to the target machine.

Bump

a real programming language

You will now have access to the target machine**

tldr version is when you view the infected picture it will start a TCP shell that will allow the attacker to send commands.

>It's already patched
>The exploit is massively limited by the sandbox
>nothing to see here

like what?? c?

Ya this. What should we learn?

ruby lmao. dont, actually.

don't listen to them, it depends on what you are wanting to do.

If you just want to make little scripts/programs that aren't too hard try PhP, perl, ruby, or bash

If you are going to be making huge programs learn java or python

perl and ruby sound good for starters. maybe swift2 too if youre an apple fag

c++ or java

Ive been modding code for years but never learned to write it. Did one of those computer camps in tge 90s n they taught us basic n some c++nand html.
Then java was like the hottest thing. Then python right? Then i guess android and apple ios. And everyone talks about html2 like its a new jesus.
What actually do you need to know.
Seems like trying to learn spanish the n china to me.
Isnt everything available in drag n drop compilers these days?
I went back to school and studies humanities.
Tech people i fibd hard to talk to- lotta social problems.

java or javascript? or both

JavaScript is more for web development. i would recommend java

aight thanks

>Isnt everything available in drag n drop compilers these days?

do you mean like Alice??

also if you learn one programming language, the others will be sort of easy to learn too. it is mainly just remembering functions and correct syntax. if you learn python first then java won't take you as long to learn since they are both object oriented and sort of the same. if you start off with bash then something like javascript or perl would be fast and easy to learn.

java not javascript

I mean kind of like how with ableton live you have a bank on the side of tge program that opens with loops,effects,etc then you drag that onto your track.
I thought there would be a developer program where its similar to that.
Its noon n im smoking 30% thc weed n imagining things.

Just look up alice programming. they teach that stuff to like middle school kids now. since major programming languages are super huge it would be impractical to have something like that since it would take forever just to find a function.

pop some pussy bro

so alice is a good starting point? i already started python

also there is another one called scratch programming but all of those drag and drop ones are small and not very practical for creating regular programs. they are only used for teaching kids programming logic. not for actually programming stuff

If you have started with python i wouldn't recommend alice or scratch. it is basically just to teach 1st timers methods and functions like
if (condition) {
block of code to be executed if the condition is true
}

If you are just starting and don't know if/else/then statements then it could be helpful. but anything beyond that it isn't useful

also if you are just starting out. start with something simple like bash. it is easy and will help you understand programming logic. but i recommend sticking with trying to learn python.