SUB-S0NIX

Placing executable code in different formats

38 posts in this topic

Not sure if this should have been in the coding section, but I didnt want to sound like a total n00b because I dont even know if this is possible. But what I want to know is, can one take a .mp3 file and place some kind of .exe in it and have it execute the .exe but still keep the official .mp3? No im not asking this so I can go around binding trojans and viruses to .mp3s, but most binders just take two files and make they into one .exe so they are no use. What im looking for is some thing that can keep a certain file format but also execute some kind of code when executed.

If this is possible, I am going to try this and see if I could use this on a PS2 to load PS2 applications and other stuff. I began thinking what could one do and make by them self without having to buy some proprietary boot disc just to swipe and load back up games. The reason I referred .mp3 is because one can burn a .mp3 file and a PS2 will read and load a .mp3, if one could then run the .mp3 but have a desired application embedded in the .mp3, then maybe the PS2 will load the code and run the application without the need for buying a proprietary boot disc! :help:

0

Share this post


Link to post
Share on other sites

Pretty interesting concept, I am sure it COULD be possible, but I am not sure what you would need. What you need to think about is what you want to do, not exactly, abd then get the proper tools to do the job. Whether you use some programming language or scripting language is up to you. But if there is one thing I do know, is that the possibilties are limitless.

I am sure it will be possible, but I am no expert either. One thing is for sure, you need to find out all you can about the PS2 and how it process files; and then you will be able to figure out exactly what you need in order to accomplish what you want to do. Good luck! If you need some help, I will provide any that I can.

--covance

0

Share this post


Link to post
Share on other sites

If there's a memory management bug in the MP3 player you could probably mung the stack to execute some code of your choice and jump back into the stream decoding loop.

0

Share this post


Link to post
Share on other sites
If there's a memory management bug in the MP3 player you could probably mung the stack to execute some code of your choice and jump back into the stream decoding loop.

Right, but then one would have to get the code for the media player. I know of no way to reverse engineer the PS2 to dump such code at the moment.

0

Share this post


Link to post
Share on other sites

the technique is called Steganography and has been used for some years now. back in '00 i was placing things like Sub7 into mp3s and pictures and people were silly enough to run them.

PS - yes i just invalidated my "leetness" by openly admitting to having used Sub7 but that backdoor was the shit back in the day!

0

Share this post


Link to post
Share on other sites
the technique is called Steganography and has been used for some years now.  back in '00 i was placing things like Sub7 into mp3s and pictures and people were silly enough to run them.

PS - yes i just invalidated my "leetness" by openly admitting to having used Sub7 but that backdoor was the shit back in the day!

Hmm i remember reading about that but never found any type of application to help me place files into another file format. I have played with packers, that will pack two different files and make them a .exe .

If it's on an NTFS file system you could use Aternate Data Streams. Here is some details from when I played with them awhile back:

http://www.irongeek.com/i.php?page=security/altds

Thanks for the post I will look into this!

Edited by SUB-S0NIX
0

Share this post


Link to post
Share on other sites
the technique is called Steganography and has been used for some years now.  back in '00 i was placing things like Sub7 into mp3s and pictures and people were silly enough to run them.

PS - yes i just invalidated my "leetness" by openly admitting to having used Sub7 but that backdoor was the shit back in the day!

Usually steganography refers to, in cryptography, the act of hiding a secret message so that it is not apparent that there is anything hidden. For example you could hide an encrypted string of text in an image.

How exactly did you put sub7 "inside" an image and cause it to be run? Are you sure you didn't bind it and change the .exe's icon to that of a jpeg or mp3?

0

Share this post


Link to post
Share on other sites

Yes there is.

I got a kickass program called RAT packer, a RAT stands for remote access trojan(netbus, sub7, back orifice) but you can use it to place any exe into ANY file format.

K.H.O.

Edited by K.H.O.
0

Share this post


Link to post
Share on other sites

If I recall what you were speaking about will most likely only work on windows 98 boxes. I did some looking already and I'm going to ask some people. In the mean I know that persay a video file in the avi format can open a webpage, im sure at one point or another we have all seen this occour. There are however tricks you can use to hide files like netcat or another backdoor inside (or more or less onto) an existing file. Reasearch windows XP ADS or pm me for more info.

0

Share this post


Link to post
Share on other sites
Yes there is.

I got a kickass program called RAT packer, a RAT stands for remote access trojan(netbus, sub7, back orifice) but you can use it to place any exe into ANY file format.

K.H.O.

link?

0

Share this post


Link to post
Share on other sites
If I recall what you were speaking about will most likely only work on windows 98 boxes

no it works with any OS that can open a .exe

link?

sorry man i have no clue where i got it but i could sent it to you if you want

K.H.O.

0

Share this post


Link to post
Share on other sites

Hmm interesting.. Im not looking to pack trojans into mp3s and all that jazz. My main reason is I want to see if one could use such a method to run desired PS2s applications such as HDLoader and others. Another reason is this another to load code on the PS2 with out having to use the memory card exploit. K.H.O. if you can, can you please upload the program some where so we can download it? And dont be a dick head and bind some trojan or viri with it.. :(

0

Share this post


Link to post
Share on other sites
Hmm interesting.. Im not looking to pack trojans into mp3s and all that jazz. My main reason is I want to see if one could use such a method to run desired PS2s applications such as HDLoader and others. Another reason is this another to load code on the PS2 with out having to use the memory card exploit. K.H.O. if you can, can you please upload the program some where so we can download it? And dont be a dick head and bind some trojan or viri with it..  :(

Ya sure, just tell me where..

0

Share this post


Link to post
Share on other sites
the technique is called Steganography and has been used for some years now.  back in '00 i was placing things like Sub7 into mp3s and pictures and people were silly enough to run them.

PS - yes i just invalidated my "leetness" by openly admitting to having used Sub7 but that backdoor was the shit back in the day!

Usually steganography refers to, in cryptography, the act of hiding a secret message so that it is not apparent that there is anything hidden. For example you could hide an encrypted string of text in an image.

How exactly did you put sub7 "inside" an image and cause it to be run? Are you sure you didn't bind it and change the .exe's icon to that of a jpeg or mp3?

using a rudimentary packer i found at the time.

0

Share this post


Link to post
Share on other sites

Upload it to uhhh.... www.mailfreeonline.com, go to there upload section and then paste the link in this thread.. Thanks..

0

Share this post


Link to post
Share on other sites

did you guys not read what i said? if you place code into an mp3 file, it will not get executed. the code that get's loaded will be in a read-only (non-exec, non-write) memory space.

your guy's talk about placing exe's into jpg's and having it run is bullcrap. don't bask in your own kiddieness.

0

Share this post


Link to post
Share on other sites
did you guys not read what i said? if you place code into an mp3 file, it will not get executed. the code that get's loaded will be in a read-only (non-exec, non-write) memory space.

your guy's talk about placing exe's into jpg's and having it run is bullcrap. don't bask in your own kiddieness.

Did you not read the post? He is asking if its possible to put say a executable file and make say something like ps2 see it as a mp3 so it will open it. It'll read the .mp3 file that is actually a .exe and load it! Unless im mistaken and i misunderstud the post. There for haveing the ps2 read a executable file by makeing it think its a .mp3 at first. So see there is no code going into a mp3 file. Seems a little complicated but just might work. If you got it working it would be a awsome project you could write up a nice doc on.

Edited by XxthugstylezxX
0

Share this post


Link to post
Share on other sites
did you guys not read what i said? if you place code into an mp3 file, it will not get executed. the code that get's loaded will be in a read-only (non-exec, non-write) memory space.

your guy's talk about placing exe's into jpg's and having it run is bullcrap. don't bask in your own kiddieness.

Did you not read the post? He is asking if its possible to put say a executable file and make say something like ps2 see it as a mp3 so it will open it. It'll read the .mp3 file that is actually a .exe and load it! Unless im mistaken and i misunderstud the post. There for haveing the ps2 read a executable file by makeing it think its a .mp3 at first. So see there is no code going into a mp3 file. Seems a little complicated but just might work. If you got it working it would be a awsome project you could write up a nice doc on.

You have got the idea right. But it also depends on how the PS2 handles the code. If it recognizes a mp3 format and see code it might display a error or trying decoding the desired exe as if it were a mp3 and do nothing. What I wanted to do was create something that did not need any third party utilities such as Swap Disc or Game Shark to use the memory card exploit. Any ways I geuss we will see.. Also if the PS3 is capable of displaying images, then maybe one could run code using the jpeg exploit? Its a long shot but isnt that what hacking is all about experimenting and being creative?

Edited by SUB-S0NIX
0

Share this post


Link to post
Share on other sites

OK, hold on a minute here...

You cannot rename an .EXE file to .MP3 and expect it to execute on a windows box. It doesn't work that way. And you can hide as much data in an mp3 file as you want, but it also will not work. It must be an executable file format! .mp3, .jpg, .mpg are NOT executable (as someone else pointed out).

ALl that you can do is corrupt the file by imbedding extra data (fine, it can be data that constructs an .EXE file) but you still cannot execute it easily. An MP3 player will look for mp3 data and play it. Any other data will cause it to either NOT play or generate an ERROR message. It will not execute it! The same holds true for .jpg or any other format. You can hide the data in there, but how do you propose that you execute it? The viewer will either error-off or not be able to interpret the correct image data. It will not arbitrarily execute code.

So, yes, you can imbed EXE data (or any other data) in a file, but you cannot execute it unless the user initiates the execution of the file.

0

Share this post


Link to post
Share on other sites

exactly as i said... but i guess you guys are more willing to believe stank than just some nameless shmuck, even though stank confirmed what i said...

OK, hold on a minute here...

You cannot rename an .EXE file to .MP3 and expect it to execute on a windows box.  It doesn't work that way.  And you can hide as much data in an mp3 file as you want, but it also will not work.  It must be an executable file format!  .mp3, .jpg, .mpg are NOT executable (as someone else pointed out).

ALl that you can do is corrupt the file by imbedding extra data (fine, it can be data that constructs an .EXE file) but you still cannot execute it easily.  An MP3 player  will look for mp3 data and play it.  Any other data will cause it to either NOT play or generate an ERROR message.  It will not execute it!  The same holds true for .jpg or any other format.  You can hide the data in there, but how do you propose that you execute it?  The viewer will either error-off or not be able to interpret the correct image data.  It will not arbitrarily execute code.

So, yes, you can imbed EXE data (or any other data) in a file, but you cannot execute it unless the user initiates the execution of the file.

0

Share this post


Link to post
Share on other sites
exactly as i said... but i guess you guys are more willing to believe stank than just some nameless shmuck, even though stank confirmed what i said...

Guess i didnt quite understand what you ment, and stank just cleared it up with a little more detail. My appologize.

0

Share this post


Link to post
Share on other sites

I would like to point out that *nix systems (Linux, the BSDs, Solaris, etc) do not place any importance on filename extensions, so whether something ends in .EXE or .JPEG is irrelevant. On *nix, an executable is just something that has been given execute privileges. I think you could execute a JPEG image as a program, although it would probably not do anything, or do something weird.

Back to the original topic, I think the Xbox is the only console currently on the market with a full blown operating system (a 'modified' version of Windows 2000). The only real software on the PS2 is the firmware, the PS2 BIOS, and maybe software for the CD/DVD player, which is probably similar to the instant music software in some modern PC BIOSs. The software is probably located in ROM, so permanent changes would be difficult. Also, there would also be the problem of loading the software onto the PS2 in the first place since an (*AHEM* unmodded :) ) PS2 does not recognize CD-R(W) or DVD+/-R(W) formats. The only real operating system for the PS2 is the Linux distro that comes with the PS2 Linux Kit (and NetBSD, but it requires the Linux Kit). Of course, since the firmware software is proprietary and has not been inspected too closely, it probably has some bugs that can be exploited to execute arbitrary commands, and finding those bugs is a common goal of hackers. Any suggestions on how to go about this?

Edited by Elzair
0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now