General > The Colosseum
Professional bugs
jj2007:
Just for fun: I thought of creating a thread documenting bugs made by big software companies. Let's start with WhatsApp :P
WhatsApp desktop, updated a few days ago, Win7-64:
--- Code: ---00000001401D10CA | 48 8B CE | mov rcx,rsi | rsi:&"n#file://#393491738963-1528635064@g.us"
00000001401D10CD | E8 0E 2E E6 FF | call 140033EE0 |
00000001401D10D2 | 48 8B CF | mov rcx,rdi |
00000001401D10D5 | E8 06 2E E6 FF | call 140033EE0 |
00000001401D10DA | 48 8B 7C 24 30 | mov rdi,qword ptr ss:[rsp+30] |
00000001401D10DF | E9 E1 FD FF FF | jmp 1401D0EC5 |
...
00000001401D10F0 | 48 8B 41 48 | mov rax,qword ptr ds:[rcx+48] |
00000001401D10F4 | 48 8D 51 48 | lea rdx,qword ptr ds:[rcx+48] |
00000001401D10F8 | 48 8B 08 | mov rcx,qword ptr ds:[rax] | <<<<<<<<<<< rax is zero!
00000001401D10FB | 48 85 C9 | test rcx,rcx |
00000001401D10FE | 0F 85 2C 6C FF FF | jne 1401C7D30 |
00000001401D1104 | C3 | ret |
--- End code ---
To catch such bugs, you need to set a Just-In-Time (JIT) debugger, in this case: x64Dbg (for 32-bit code, it's Olly for me).
Warning: When closing x64Dbg, it saves the database, and that can push the working set to over 1GB. You better kill x64.
jj2007:
Sorry, WhatsApp, it's again your turn :eusa_boohoo:
Raistlin:
https://www.telegraph.co.uk/technology/2019/05/14/whatsapp-flaw-allowed-israeli-hackers-snoop-phones/ :shock:
IT Commandment 17 : "Thay shalt get rid of mainstream social media"
hutch--:
:biggrin:
> "Thay shalt get rid of mainstream social media" :azn:
aw27:
--- Quote ---Let's start with WhatsApp :P
--- End quote ---
Now all makes sense. :idea:
Navigation
[0] Message Index
[#] Next page
Go to full version