Hacker News .hnnew | past | comments | ask | show | jobs | submitlogin

I decoded base64 & got this: https://gist.github.com/1067129

bunch of random gibberish?



When decoding to ASCII instead of UTF-8 (like you've done) I got this. It makes a little bit more sense at least, but not much.

http://pastebin.com/YuPrMhiE


I guess the actual shell code starts from line 40 ">>stream..."

It must be using some other encoding, only if we knew which!


It's a PDF FlateDecode block, i.e. it's DEFLATEd. The actual payload within may be different, but this much has been used before.

http://digdog.tumblr.com/post/894317027/jailbreak-with-pdf-f...


It's presumably just a lump of binary ARM opcodes.


We need a debugger or a disassmbler like IDA Pro to make reverse engineering of that code


It's compressed with FlateDecode; if you decompress it you can see the embedded .pfb, which has the actual exploit.


thank you comex, I did not actually found how to decompress it, I keep trying with pdf-parser with no luck


I've succesfully extraced the font with pdf-parser with this command: "python pdf-parser.py --object 4 --filter --raw pdfexploit.pdf > font.pfb" everything is documented here http://www.bufferoverflow.it/2011/07/06/jailbreakme-ecco-com...




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: