Skip to main content

And he said... BOOM!



Here we are again!
When Steve says something it usually happens...
So what do we have here?
A video.
Yes a stupid nasty video which can crash
ANY iPod/iPhone.
A different version of this video
can even crash many pc applications.
Apple was contacted and a mail
was sent to bugtraq mailing list.
Only a Forbes journalist showed up.
You will read about it on Forbes on monday.
Later that day the video will be posted
here for further "booms"
Clicking on the picture above after monday will crash your iPod/iPhone but it won't harm it.

Comments

  1. :) So now we also play with video/sound.
    actually it's fun to hear that a video can crash a device that is meant to play music/videos. playing the bootloader made some ipods crash. my question is: is this exploit usable?

    ps: you found this exploit accidentally, didn't you :P

    ReplyDelete
  2. It was first found accidentally... then it grew up... a different video of the same kind can even crash VLC (videolan) and all programs using the same libraries (believe me they are a lot)

    ReplyDelete
  3. media players have 2 versions:
    the ones writing directly to the outputdevice
    the ones that send the info to another module
    (this is a design choice)
    is the crash about a file that the outputdevice can't play? (probably not)

    is there any way you want to explain me how this works?( without making it public)

    btw vlc can crash so often :-)

    ReplyDelete
  4. forgot to say

    i'm a linux user so yeah i know how many apps can share the same libraries.
    actually i looked up the dependencies of vlc and saw a huge list. i don't think i'll list them here :)

    ReplyDelete
  5. Hmm.. put the video back up, please?

    ReplyDelete
  6. The video will be up soon.
    Just not now.
    Stay tuned.

    ReplyDelete
  7. It depends on Apple.
    I'm in the talks with them.
    I'll keep you posted.

    ReplyDelete
  8. Thanks! I hope to try this out! It seems like a (possibly) cool exploit!

    ReplyDelete
  9. Zibri... the Bad-people can use this Bug to do Bad - things?? xD
    If you you understend me!
    Ty

    ReplyDelete

Post a Comment

Popular posts from this blog

Powerline Ethernet fun and secrets.

Many 200 Mb/s powerline adapters nowadays are based on the INTELLON 6300 chipset.
Despite what can be thought looking at them, they are all using the same hardware and firmwares.
I heard many people with Netgear XAV101 or Linksys PLK 200 or PLE 200 having problems after firmware updates and many other people with other brands having much more problems because of lack of support or configuration/upgrade utilities.

So let me explain a few things I learnt studying them.

Many of 200 Mb/s powerline ethernet adapters follow the "HomePlug AV" standard. (85 Mb adapters use HomePlug 1.0 standard which is completely different).
This standard uses ethernet broadcast packets using the HomePlug AV protocol.

The interesting thing is that their firmware is made of two different parts:
a .PIB file (Parameter Information Block) and a .NVM file (the code itself).
In the P.I.B. there are many interesting things:
The branding (mac address, device name, etc) and the tone map.

I tested many firmw…

TP-LINK Configuration file encrypt and decrypt.

Here we go! TP-Link is another company that thinks that security by obscurity could ever work.
If you "backup" the configuration from most TP-Link routers, you will get a .BIN file which is "encrypted".
Use this utility below, to decrypt it (so you can edit it) and encrypt it again.
Have fun.
Drop files here or

Obfuscation will never work.

ml>
Hello again, sweet readers !
OpenRG is an embedded OS for routers. It's based on Linux and it's inside many ISP routers out there.
Inside OpenRG configuration file, passwords appear in a way that can seem to be crypted, but it's just obfuscated.
For example: (username(admin)) (password(&b7;X&5c;&b9;&a2;))
Above you can see a simple deobfuscator. Enjoy!
You can try it with: &ad;Y&5b;&b3;&a3;&17;T&8b;&c4;&b9;#&96;&04;c&ea;&1d;$%&5d;&16;&08;B3&c0;
:)
Zibri.