Sign In
Register
Help
OK, hold on a minute here...
You cannot rename an .EXE file to .MP3 and expect it to execute on a windows box. It doesn't work that way. And you can hide as much data in an mp3 file as you want, but it also will not work. It must be an executable file format! .mp3, .jpg, .mpg are NOT executable (as someone else pointed out).
ALl that you can do is corrupt the file by imbedding extra data (fine, it can be data that constructs an .EXE file) but you still cannot execute it easily. An MP3 player will look for mp3 data and play it. Any other data will cause it to either NOT play or generate an ERROR message. It will not execute it! The same holds true for .jpg or any other format. You can hide the data in there, but how do you propose that you execute it? The viewer will either error-off or not be able to interpret the correct image data. It will not arbitrarily execute code.
So, yes, you can imbed EXE data (or any other data) in a file, but you cannot execute it unless the user initiates the execution of the file.
Welcome to Binary Revolution Forums
 |
Welcome to the Binary Revolution Forums! You are a guest and are welcome to browse our 7 public forums at the top of the list without registering. All other forums are restricted to registered users only and will give you an "unauthorized" message if you try to browse them. However, if you Register or Sign In (ABSOLUTELY FREE and PRIVATE) you will be able to access many more sections of the site that are reserved for registered members and have lots of other benefits such as bypassing those annoying ads.
|
| Guest Message © 2010 DevFuse | |
Placing executable code in different formats
Is it possible?
Rate Topic:
MultiQuote
#22
- d1psh1tt10t
-
-
Group:
Banned - Posts: 30
- Joined: 26-May 05
Reputation: 0
Neutral
Posted 18 June 2005 - 07:47 PM
exactly as i said... but i guess you guys are more willing to believe stank than just some nameless shmuck, even though stank confirmed what i said...
StankDawg, on Jun 18 2005, 12:37 PM, said:
OK, hold on a minute here...
You cannot rename an .EXE file to .MP3 and expect it to execute on a windows box. It doesn't work that way. And you can hide as much data in an mp3 file as you want, but it also will not work. It must be an executable file format! .mp3, .jpg, .mpg are NOT executable (as someone else pointed out).
ALl that you can do is corrupt the file by imbedding extra data (fine, it can be data that constructs an .EXE file) but you still cannot execute it easily. An MP3 player will look for mp3 data and play it. Any other data will cause it to either NOT play or generate an ERROR message. It will not execute it! The same holds true for .jpg or any other format. You can hide the data in there, but how do you propose that you execute it? The viewer will either error-off or not be able to interpret the correct image data. It will not arbitrarily execute code.
So, yes, you can imbed EXE data (or any other data) in a file, but you cannot execute it unless the user initiates the execution of the file.
You cannot rename an .EXE file to .MP3 and expect it to execute on a windows box. It doesn't work that way. And you can hide as much data in an mp3 file as you want, but it also will not work. It must be an executable file format! .mp3, .jpg, .mpg are NOT executable (as someone else pointed out).
ALl that you can do is corrupt the file by imbedding extra data (fine, it can be data that constructs an .EXE file) but you still cannot execute it easily. An MP3 player will look for mp3 data and play it. Any other data will cause it to either NOT play or generate an ERROR message. It will not execute it! The same holds true for .jpg or any other format. You can hide the data in there, but how do you propose that you execute it? The viewer will either error-off or not be able to interpret the correct image data. It will not arbitrarily execute code.
So, yes, you can imbed EXE data (or any other data) in a file, but you cannot execute it unless the user initiates the execution of the file.
#23
- a55 k1553r
-
- Group: Members
- Posts: 693
- Joined: 12-January 04
- Location:734/313
Reputation: 0
Neutral
Posted 18 June 2005 - 09:23 PM
k1dd10t, on Jun 18 2005, 08:47 PM, said:
exactly as i said... but i guess you guys are more willing to believe stank than just some nameless shmuck, even though stank confirmed what i said...
Guess i didnt quite understand what you ment, and stank just cleared it up with a little more detail. My appologize.
#24
- SUPR3M3 31337 Mack Daddy P1MP
-
- Group: Members
- Posts: 310
- Joined: 22-April 04
Reputation: 0
Neutral
Posted 18 June 2005 - 09:33 PM
I would like to point out that *nix systems (Linux, the BSDs, Solaris, etc) do not place any importance on filename extensions, so whether something ends in .EXE or .JPEG is irrelevant. On *nix, an executable is just something that has been given execute privileges. I think you could execute a JPEG image as a program, although it would probably not do anything, or do something weird.
Back to the original topic, I think the Xbox is the only console currently on the market with a full blown operating system (a 'modified' version of Windows 2000). The only real software on the PS2 is the firmware, the PS2 BIOS, and maybe software for the CD/DVD player, which is probably similar to the instant music software in some modern PC BIOSs. The software is probably located in ROM, so permanent changes would be difficult. Also, there would also be the problem of loading the software onto the PS2 in the first place since an (*AHEM* unmodded :) ) PS2 does not recognize CD-R(W) or DVD+/-R(W) formats. The only real operating system for the PS2 is the Linux distro that comes with the PS2 Linux Kit (and NetBSD, but it requires the Linux Kit). Of course, since the firmware software is proprietary and has not been inspected too closely, it probably has some bugs that can be exploited to execute arbitrary commands, and finding those bugs is a common goal of hackers. Any suggestions on how to go about this?
Back to the original topic, I think the Xbox is the only console currently on the market with a full blown operating system (a 'modified' version of Windows 2000). The only real software on the PS2 is the firmware, the PS2 BIOS, and maybe software for the CD/DVD player, which is probably similar to the instant music software in some modern PC BIOSs. The software is probably located in ROM, so permanent changes would be difficult. Also, there would also be the problem of loading the software onto the PS2 in the first place since an (*AHEM* unmodded :) ) PS2 does not recognize CD-R(W) or DVD+/-R(W) formats. The only real operating system for the PS2 is the Linux distro that comes with the PS2 Linux Kit (and NetBSD, but it requires the Linux Kit). Of course, since the firmware software is proprietary and has not been inspected too closely, it probably has some bugs that can be exploited to execute arbitrary commands, and finding those bugs is a common goal of hackers. Any suggestions on how to go about this?
This post has been edited by Elzair: 18 June 2005 - 09:38 PM
#26
- SUP3R 31337
-
- Group: Members
- Posts: 150
- Joined: 07-December 02
Reputation: 0
Neutral
Posted 18 June 2005 - 10:01 PM
Quote
It will not execute it! The same holds true for .jpg or any other format. You can hide the data in there, but how do you propose that you execute it? The viewer will either error-off or not be able to interpret the correct image data. It will not arbitrarily execute code.
Wasn't there some jpeg buffer overflow vulnerability a while back in IE that allowed for arbitrary code execution? :D
#27
- !Pee-Wee Pimpin!
-
- Group: Members
- Posts: 1,381
- Joined: 11-August 04
Reputation: 2
Neutral
Posted 18 June 2005 - 11:32 PM
ChZ, on Jun 18 2005, 10:01 PM, said:
Quote
It will not execute it! The same holds true for .jpg or any other format. You can hide the data in there, but how do you propose that you execute it? The viewer will either error-off or not be able to interpret the correct image data. It will not arbitrarily execute code.
Wasn't there some jpeg buffer overflow vulnerability a while back in IE that allowed for arbitrary code execution? :D
This is what gave me the idea in the first place. But the PS2 does not display or recognize jpegs on a burned cd-r/dvd-r.
#28
- Dangerous free thinker
-
- Group: Members
- Posts: 815
- Joined: 06-May 05
- Location:NYC
Reputation: 2
Neutral
Posted 19 June 2005 - 03:26 PM
k1dd10t, on Jun 8 2005, 11:53 PM, said:
it's not possible to execute code in a read-only environment
The code would get loaded from the read-only disc medium into writable shared memory.
#29
- Dangerous free thinker
-
- Group: Members
- Posts: 815
- Joined: 06-May 05
- Location:NYC
Reputation: 2
Neutral
Posted 19 June 2005 - 03:35 PM
ChZ, on Jun 18 2005, 10:01 PM, said:
Quote
It will not execute it! The same holds true for .jpg or any other format. You can hide the data in there, but how do you propose that you execute it? The viewer will either error-off or not be able to interpret the correct image data. It will not arbitrarily execute code.
Wasn't there some jpeg buffer overflow vulnerability a while back in IE that allowed for arbitrary code execution? :D
For sure, and it wasn't just JPEG. PNG and possibly some other formats were affected as well. The GDI implementation as a whole was fubared. If I understand correctly, any other binary that used the API was vulnerable so it wasn't exclusive to IE..and as far as audio file formats go, it wasn't that long ago that mpg123 was getting client-sided..which is why I think this scenario isn't completely out of the question.
#30
- Progenitor of noob slaying
-
- Group: Agents of the Revolution
- Posts: 2,039
- Joined: 02-April 05
Reputation: 0
Neutral
Posted 19 June 2005 - 06:58 PM
ChZ, on Jun 18 2005, 11:01 PM, said:
Quote
It will not execute it! The same holds true for .jpg or any other format. You can hide the data in there, but how do you propose that you execute it? The viewer will either error-off or not be able to interpret the correct image data. It will not arbitrarily execute code.
Wasn't there some jpeg buffer overflow vulnerability a while back in IE that allowed for arbitrary code execution? :D
there were exploits for BOTH jpg and png, as well as overflows for the GDI+ tool (which renders images).
FYI - the XboxOS is actually a pimped up version of WinCE last i heard, not 2000. they were going to use WinXP but during original development decided not to because of its instability.
#32
- SUPR3M3 31337 Mack Daddy P1MP
-
- Group: Members
- Posts: 410
- Joined: 14-December 04
- Gender:Male
- Location:845
Reputation: 2
Neutral
Posted 19 June 2005 - 11:27 PM
This was for the .jpeg
I havn't compiled the code or tested it. I don't see how much good could come from it, and i think that there is a patch for it now.
I havn't compiled the code or tested it. I don't see how much good could come from it, and i think that there is a patch for it now.
Attached File(s)
-
JpegOfDeathAll.txt (23.68K)
Number of downloads: 14
This post has been edited by 10nix: 19 June 2005 - 11:29 PM
#35
- SUPR3M3 31337 Mack Daddy P1MP
-
- Group: Members
- Posts: 351
- Joined: 21-December 04
Reputation: 0
Neutral
Posted 20 June 2005 - 02:14 PM
Well, maybe you can write yourself a little program that recognizes executables and executes them. Kind of like this:
To mark the start of an executable the file must have some thing similar to: "[Start EXE]" and to end the executable. The file must have something like: "[End EXE]". So any data in between that is interpreted as .exe data and is executed as an executable.
Good luck making the program for a PS2 though.
To mark the start of an executable the file must have some thing similar to: "[Start EXE]" and to end the executable. The file must have something like: "[End EXE]". So any data in between that is interpreted as .exe data and is executed as an executable.
Good luck making the program for a PS2 though.
This post has been edited by latiffs: 20 June 2005 - 02:15 PM
#37
- SUPR3M3 31337 Mack Daddy P1MP
-
- Group: Members
- Posts: 351
- Joined: 21-December 04
Reputation: 0
Neutral
Posted 20 June 2005 - 02:21 PM
Ok. I just thought that you could put executable code in a file. And in that file inorder to mark that this will be the begginning of an executable file you put start exe and to end it you put end exe. All the ELF headers and stuff will be in the middle. But i guess i'll just have to learn about ELF executables then.
#38
- Dangerous free thinker
-
- Group: Members
- Posts: 815
- Joined: 06-May 05
- Location:NYC
Reputation: 2
Neutral
Posted 21 June 2005 - 12:11 AM
Here's a link to another interesting vulnerability similar to the situation that sub-sonix originally described:
CAN-2004-0109
In short, you could own a Linux box by popping in a CD. There was an input validation error in the
ISO9660 implementation (maybe there still is.) The weakness is kind of redundant since once you have physical access it's pretty much game over anyway..but this just makes it that much easier.
If you know somebody that works for Sony, maybe you can get your hands on a Playstation SDK.
CAN-2004-0109
In short, you could own a Linux box by popping in a CD. There was an input validation error in the
ISO9660 implementation (maybe there still is.) The weakness is kind of redundant since once you have physical access it's pretty much game over anyway..but this just makes it that much easier.
If you know somebody that works for Sony, maybe you can get your hands on a Playstation SDK.
