Sim Editor Stack Based Buffer Overflow

Last week I bought a SIM card reader. Along with it came the software for it. It was SIM Card Editor 6.6. You can download it from here. The app is pretty cool. You can manipulate the SIM card’s data with it. However I noticed something strange in this application. When we are loading file for example suppose with 4 “A” characters we would get the output as “ªª”. Just two characters will be displayed. When I gave the input as “4141” the result would be “AA”. This time the correct output we need. What was the reason for this? From what I noticed was that when we enter “AAAA” the hex values would be “\x41\x41\x41\x41” the app will take two values each and evaluate to hex.

View post on imgur.com

When we give the input as “4141” this is what happens.

View post on imgur.com

So suppose we want to enter a hex string we have to just give the input. For example we want to give the application “AA” we have to give just “4141”. Taking that into consideration the rest was easy. The return address is overwritten with our buffer.
[code language=”python”]
buff = "41" * 500
with open("ex.sms", ‘w’) as f:
f.write(buff)
[/code]

(more…)

2014 in review

The WordPress.com stats helper monkeys prepared a 2014 annual report for this blog.

Here's an excerpt:

The concert hall at the Sydney Opera House holds 2,700 people. This blog was viewed about 38,000 times in 2014. If it were a concert at Sydney Opera House, it would take about 14 sold-out performances for that many people to see it.

Click here to see the complete report.