Welcome, Guest
Exploiting SNES code to compromise GStreamer...
(1 viewing) (1) Guest

TOPIC: Exploiting SNES code to compromise GStreamer...

Exploiting SNES code to compromise GStreamer... 7 years, 3 months ago #4302

Re: Exploiting SNES code to compromise GStreamer... 7 years, 3 months ago #4303

A case of ask and you shall receive, I guess.

From what I gather here, the author is exploiting bugs in the SPC700 emulation to figure out where in memory he can place system calls in order to get them run. It's not full-on arbitrary code exploitation nor breaking any system security, but it's still scary this is possible.

Thanks for finding and posting this, menace690!

Re: Exploiting SNES code to compromise GStreamer... 7 years, 3 months ago #4304

It is and isn't. Its designed as proof of concept. As such it just breaks out of the browser and launches gcalc. It COULD get more malicious by instead of simply calling gcalc, it could launch any other exploit that runs on the local system.

Re: Exploiting SNES code to compromise GStreamer... 7 years, 2 months ago #4305

The other scary bit here is that this is a bug in the generic SPC700 emulation, and isn't specific to any product, such as gstreamer. However, the security analyst who wrote this just used it as a proof of concept to show that even with the OS nailed down and all the security checks in place, attacks are still easy. There's a LOT of third party library code out there that hasn't been security hardened. Easy to fuzz for, not so easy to fix.

A good thing for us to remember when using other people's emulation libraries to get a job done.

Re: Exploiting SNES code to compromise GStreamer... 7 years, 2 months ago #4316

This... is some kinds of glorious. I can easily see how the opcodes in question may not have received any further polish after they tested-working for all release games. More worried about security holes in the OS that would allow one process to blindly launch other malicious processes...

Re: Exploiting SNES code to compromise GStreamer... 6 years, 8 months ago #4340

Re: Exploiting SNES code to compromise GStreamer... 6 years, 8 months ago #4341

More bad gstreamer plugins, yay!

I can't figure out where gstreamer got their NSF playback code from. Did they write up their own?

Regarding the previous SPC700 vulnerability, they got their SPC playback code from Game Music Emu, but gstreamer isn't using this project's NSF code.

Re: Exploiting SNES code to compromise GStreamer... 6 years, 7 months ago #4342

Re: Exploiting SNES code to compromise GStreamer... 6 years, 7 months ago #4343

menace690 wrote:

Thanks! I just tried the Nosefart Winamp plugin with the malicious NSF file and it crashes.
Meanwhile the Mac programs Audio Overload and Game Music Box refuse to play the malicious file.

Re: Exploiting SNES code to compromise GStreamer... 6 years, 7 months ago #4344

Umm its getting a bit crazy now

www.wired.com/story/malware-dna-hack

Re: Exploiting SNES code to compromise GStreamer... 6 years, 5 months ago #4350

They also encoded a movie and a car. It's not executable in DNA format though, so not really an issue

Time to create page: 0.15 seconds