Stagefright Bug

The Android Stagefright bug is not squashed. Although Google released patches for Hangouts and messenger, there are many ways a malicious mp4 file can open on your device. Zimperium has released the source code of the bug, which allows a person to generate a malicious mp4 file and use the exploit.

WE ADVICE USERS TO AVOID OPENING MP4 FILES FROM UNKNOWN SOURCES. 

Here is what they said:

During the months of June and July, Joshua J. Drake developed a working exploit to prove the Stagefright vulnerability can allow Remote Code Execution (RCE) without user interaction. We are pleased to finally make this code available to the general public so that security teams, administrators, and penetration testers alike may test whether or not systems remain vulnerable.

What follows is a python script that generates an MP4 exploiting the ‘stsc’ vulnerability otherwise known as CVE-2015-1538 (#1). This is one of the most critical vulnerabilities we reported in the Stagefright library. The expected result of the exploit is a reverse shell as the media user. As detailed in Joshua Drake’s Black Hat and DEFCON presentations, this user has access to quite a few groups such as inet, audio, camera, and mediadrm. These groups allow an attacker to take pictures or listen to the microphone remotely without exploiting additional vulnerabilities.

This exploit has several caveats. First, it is not a generic exploit. We only tested it to work on a single device model. We tested this exploit on a Nexus running Android 4.0.4. Also, due to variances in heap layout, this is not a 100% reliable exploit by itself. We were able achieve 100% reliability when delivered through an attack vector that allowed multiple attempts. Finally, this vulnerability was one of several that was neutered by GCC 5.0’s ‘new[]’ integer overflow mitigation present on Android 5.0 and later.

This means that the code is only tested for Android 4.0.4 Ice Cream Sandwich, and users on Android 5.1 Lollipop or higher are not vulnerable to the released code for now.

While we do have the code for testing purposes, we do not intend on sharing it as Zimperium has already done so.

“Exploits don’t hack people, people hack people,” Drake, Zimperium.

Advertisements

How to win 2048

 

2048 is the latest addictive game to hit the market. The thing about this game is that it doesn’t frustrate you like flappy bird did. In fact you play it again and again in the hope that you reach the 2048 tile.

After playing this game for hours at a stretch, and days and days we finally got the 2048 tile(that is after we figured out a pattern). Since then,we’ve won the game nearly every time we’ve played.

Here’s how you too can win:

1)pick 3 directions. We picked up,left,right. Further instructions are as per our directions selected.

2)initially try to build up the topmost row and in one corner.

3)try building up that tile using a ladder technique.

4)do not move down until you are certain that will make the 2048 …or if you’re out of moves.

5)repeat this till you get the hang of it.

Try the game on windows phone,android,iOS or even in the browser on your computer.

Windows Phone

Android

iOS

Browser

INITIAL MOVES

Screen CaptureScreen Capture (1) Screen Capture (2)

 

 

EXAMPLE OF LADDER TECHNIQUE TO BUILD UP A 256 TILE. REPEAT TO GET 512,1024,2048.

Screen Capture (3)Screen Capture (5) Screen Capture (6)Screen Capture (4)