23 lines
2.5 KiB
Plaintext
23 lines
2.5 KiB
Plaintext
|
|
rule Exploit_iPhoneOS_Pindowey_A{
|
|
meta:
|
|
description = "Exploit:iPhoneOS/Pindowey.A,SIGNATURE_TYPE_MACHOHSTR_EXT,02 00 02 00 0d 00 00 "
|
|
|
|
strings :
|
|
$a_00_0 = {2f 43 68 69 6d 65 72 61 2f 65 78 70 6c 6f 69 74 2f 76 6f 75 63 68 65 72 5f 73 77 61 70 2f 6b 65 72 6e 65 6c 5f 73 6c 69 64 65 2e 63 } //2 /Chimera/exploit/voucher_swap/kernel_slide.c
|
|
$a_00_1 = {2f 43 68 69 6d 65 72 61 2f 65 78 70 6c 6f 69 74 2f 76 6f 75 63 68 65 72 5f 73 77 61 70 2f 70 6c 61 74 66 6f 72 6d 2e 63 } //2 /Chimera/exploit/voucher_swap/platform.c
|
|
$a_00_2 = {2f 43 68 69 6d 65 72 61 2f 65 78 70 6c 6f 69 74 2f 73 6f 63 6b 70 75 70 70 65 74 2f 69 6f 73 75 72 66 61 63 65 2e 63 } //2 /Chimera/exploit/sockpuppet/iosurface.c
|
|
$a_00_3 = {2f 43 68 69 6d 65 72 61 2f 65 78 70 6c 6f 69 74 2f 76 6f 75 63 68 65 72 5f 73 77 61 70 2f 70 6c 61 74 66 6f 72 6d 5f 6d 61 74 63 68 2e 63 } //2 /Chimera/exploit/voucher_swap/platform_match.c
|
|
$a_00_4 = {2f 43 68 69 6d 65 72 61 2f 65 78 70 6c 6f 69 74 2f 76 6f 75 63 68 65 72 5f 73 77 61 70 2f 6c 6f 67 2e 63 } //2 /Chimera/exploit/voucher_swap/log.c
|
|
$a_00_5 = {2f 43 68 69 6d 65 72 61 2f 70 6f 73 74 2d 65 78 70 6c 6f 69 74 2f 75 74 69 6c 69 74 69 65 73 2f 70 61 63 2f 6b 65 78 5f 70 61 63 5f 75 73 65 72 5f 63 6c 69 65 6e 74 2e 63 } //2 /Chimera/post-exploit/utilities/pac/kex_pac_user_client.c
|
|
$a_00_6 = {2f 43 68 69 6d 65 72 61 2f 65 78 70 6c 6f 69 74 2f 76 6f 75 63 68 65 72 5f 73 77 61 70 2f 76 6f 75 63 68 65 72 5f 73 77 61 70 2e 63 } //2 /Chimera/exploit/voucher_swap/voucher_swap.c
|
|
$a_00_7 = {2f 43 68 69 6d 65 72 61 2f 65 78 70 6c 6f 69 74 2f 76 6f 75 63 68 65 72 5f 73 77 61 70 2f 6b 65 72 6e 65 6c 5f 61 6c 6c 6f 63 2e 63 } //2 /Chimera/exploit/voucher_swap/kernel_alloc.c
|
|
$a_00_8 = {2f 43 68 69 6d 65 72 61 2f 70 6f 73 74 2d 65 78 70 6c 6f 69 74 2f 75 6e 6c 6f 63 6b 6e 76 72 61 6d 2e 63 } //2 /Chimera/post-exploit/unlocknvram.c
|
|
$a_03_9 = {83 02 13 8b e2 03 1c 32 e1 83 03 91 90 01 03 94 90 01 03 94 73 12 00 91 7f 22 40 f1 90 00 } //1
|
|
$a_03_10 = {83 02 13 8b e2 03 1c 32 e1 83 03 91 90 01 03 94 73 12 00 91 7f 12 40 f1 90 00 } //1
|
|
$a_03_11 = {60 02 40 b9 c1 6a 79 b8 90 01 03 94 39 13 00 91 3f 13 40 f1 90 01 03 54 90 00 } //1
|
|
$a_03_12 = {60 02 40 b9 21 6b 76 b8 90 01 03 94 d6 12 00 91 df 02 20 f1 90 01 03 54 90 00 } //1
|
|
condition:
|
|
((#a_00_0 & 1)*2+(#a_00_1 & 1)*2+(#a_00_2 & 1)*2+(#a_00_3 & 1)*2+(#a_00_4 & 1)*2+(#a_00_5 & 1)*2+(#a_00_6 & 1)*2+(#a_00_7 & 1)*2+(#a_00_8 & 1)*2+(#a_03_9 & 1)*1+(#a_03_10 & 1)*1+(#a_03_11 & 1)*1+(#a_03_12 & 1)*1) >=2
|
|
|
|
} |