← Back to context

Comment by NedIsakoff

7 years ago

Anyone have the clode?

11 comments

NedIsakoff

Reply
68c12c16  7 years ago

a mirror of the page could be found here...

  view-source:https://web.archive.org/web/20180117063656/https://iabem97.github.io/chaiOS/

google chrome browser seems to have disabled the display of the content but other browsers may still be fine with it...

  • 68c12c16  7 years ago

    if viewed in a hex editor, this same block of patterns repeated over and over again...seemingly to be an effort to overrun the buffer....

      0x00007B90: A5CCBACD 8774CCB4 CD81CC8D CC92CD8C     .....t..........
  0x00007BA0: CD84CC86 CC8FCD8B CD97CD86 CC9BCC8F     ................
  0x00007BB0: CC8ECC95 CC87CC82 CC94CC9B CC92CC92     ................
  0x00007BC0: CC86CD91 CD9BCC86 CC8ECCBD CC84CC8B     ................
  0x00007BD0: CC91CC88 CD9DCC81 CD81CC81 CC84CCBE     ................
  0x00007BE0: CC85CCBE CC86CC84 CD82CC86 CD9DCC89     ................
  0x00007BF0: CC85CC87 CD8CCD9D CC81CC88 CCBFCC9A     ................
  0x00007C00: CC82CC86 CD8CCC90 CD9DCC82 CC9ACC80     ................
  0x00007C10: CC93CC9B CD84CC89 CD82CD8A CCBECD8B     ................
  0x00007C20: CDA0CC83 CC8ACC8E CD98CC89 CD97CC80     ................
  0x00007C30: CD80CC8A CC8FCDA0 CC80CC80 CD84CD80     ................
  0x00007C40: CD8CCD92 CD92CD91 CC90CD98 CC83CC88     ................
  0x00007C50: CD84CD9B CCBDCD9B CC84CC8D CDA0CC8C     ................
  0x00007C60: CC81CD97 CD8BCD86 CD9BCD91 CC8ECCAA     ................
  0x00007C70: CCA7CD87 CD95CCB1 CCA8CCBC CD9CCCA6     ................
  0x00007C80: CCA6CC9D CCAFCCAA CC97CCA0 CC9ECD85     ................
  0x00007C90: CCAACCA4 CCB2CCAB CD8ECCAB CD89CD8D     ................
  0x00007CA0: CCA2CCA8 CCAACC97 CCACCCA3 CCBACD93     ................
  0x00007CB0: CC9ECCA9 CD87CCA8 CD96CCAF CCBACCA7     ................
  0x00007CC0: CCB1CCBB CCA3CCAE CCABCCA7 CD96CCBA     ................
  0x00007CD0: CCAFCCA9 CCA0CCB2 CC96CD95 CCAACCAD     ................
  0x00007CE0: CD9ACCA8 CCB9CCB9 CCB0CCA0 CD88CCBA     ................
  0x00007CF0: CCA9CD9C CCA3CCA1 CCA0CD8D CC98CCA1     ................
  0x00007D00: CCAFCCA1 CC9DCD87 CCA6CC9D CCBACCBA     ................
  0x00007D10: CCAACD9A CCBACD8D CD88CD93 CCB1CCBC     ................
  0x00007D20: CCA1CCB1 CCB3CCA4 CD9ACCB0 CCA9CCB2     ................
  0x00007D30: CC9DCCAC CCADCCB9 CC9ECD89 CD89CD9C     ................
  0x00007D40: CCA5CCA8 CC9DCD89 CCBACCA2 CC9CCC9F     ................
  0x00007D50: CCA5CCBA CD8774CC B4CD81CC 8DCC92CD     ......t.........

    The author comment at the top of the page says,

      <!-- hello, this was written by Abraham Masri @cheesecakeufo -->
  <!-- I discovered this bug in like 10 minutes -->

    If the entire code in the page was whipped up in 10 minutes, then a large part might well be some repetitive copy-paste of a core part...Not exactly sure what this core part does...but given the obvious lack of printable ascii characters (code is way above '0x7F' ), it looks that it could be some unicode type of thing, which then is a bit reminiscing of an old iOS bug back in 2015, as described at this link,

    https://www.reddit.com/r/iphone/comments/37eaxs/um_can_someo...

    also notice the high frequency of 0xCC and 0xCD throughout the code, which are respectively Breakpoint and INT on x86 architecture -- with its 0xCD's always followed by a single byte whose value is less than 0xA0 -- possibly x86 was used as author's development platform...

    • rspeer  7 years ago

      The pattern of bytes above 0x7F isn't anything to do with x86 architecture. It's UTF-8, the most common way to encode Unicode in bytes.

      You'll have more success understanding what it's doing if you decode it from UTF-8 first.

      4 replies →