Mastodawn

wrv Jan 12, 2024

Looks like my USENIX talk is now available! https://www.youtube.com/watch?v=sm_yKwCAzlw

In the talk, I present the basics of video compression via prediction, and showcase how H26Forge can be used to generate H.264 videos with unusual prediction instructions. I then walk through CVE-2022-42846, a DoS in AppleD5500.kext caused by a type error.

Slides: https://github.com/wrv/wrv.github.io/tree/master/presentations/usenix23/

Paper: https://wrv.github.io/h26forge.pdf

H26Forge: https://github.com/h26forge/h26forge

USENIX Security '23 - The Most Dangerous Codec in the World: Finding and Exploiting...

YouTube

wrv Jul 22, 2023

REcon talk is out! https://www.youtube.com/watch?v=ia1zDlwWRWU

In the talk, I introduce the complexities of working with H.264, show how H26Forge helps us tackle the complexity, and demonstrate how to use H26Forge to generate a PoC video for CVE-2022-22675, a previous in-the-wild AppleAVD 0-day.

Slides: https://github.com/wrv/wrv.github.io/tree/master/presentations/recon23

H26Forge: https://github.com/h26forge/h26forge

Paper: https://wrv.github.io/h26forge.pdf

Recon 2023 - Willy R. Vasquez - The Most Dangerous Codec In The World: Vulnerabilities in H.264

Finding and Exploiting Vulnerabilities in H.264Modern video encoding standards such as H.264 are a marvel of hidden complexity. But with hidden complexity co...

YouTube

Show thread

wrv Jul 17, 2023

We hope that researchers and developers will build upon H26Forge to greatly improve the video decoder system.

Contributions are most welcome! If you find any issues in decoders using H26Forge, let us know and we’ll add it to our Trophies section :)

If you’d like to know more about this work, check out our paper, to appear at USENIX Security: https://wrv.github.io/h26forge.pdf .

I’ll also be presenting this at Black Hat if you’d like to chat there! https://www.blackhat.com/us-23/briefings/schedule/index.html#the-most-dangerous-codec-in-the-world-finding-and-exploiting-vulnerabilities-in-h-decoders-33272

(3/3)

Show thread

wrv Jul 17, 2023

Not only can H26Forge generate videos, it can also modify existing ones to produce targeted spec non-compliant videos.

Why? Because sometimes you just need a PoC, and manually modifying H.264 encoded videos is miserable. With H26Forge, you can just write Python scripts that transform video syntax elements. We give more of the motivation in https://github.com/h26forge/h26forge/blob/main/docs/MOTIVATION.md

We include some starter scripts in the codebase, including those for generating the PoC videos described in our paper.

(2/3)

h26forge/docs/MOTIVATION.md at main · h26forge/h26forge

Domain-specific infrastructure for analyzing, generating, and manipulating syntactically correct but semantically spec-non-compliant video files. - h26forge/h26forge

GitHub

wrv Jul 17, 2023

We’re excited to announce that H26Forge is now available at https://github.com/h26forge/h26forge ! We used H26Forge to find video decoding bugs in the iOS Kernel, Firefox, FFmpeg, and hardware decoders, all by generating syntactically-correct, but spec non-compliant H.264 videos. This is joint work with @stevecheckoway and @hovav , and will appear at USENIX Security and Black Hat! (REcon vid coming soon!)

To begin generating videos, you can just build the code, or download a release, and run `./scripts/gen_100_videos.sh`

🧵 (1/3)

GitHub - h26forge/h26forge: Domain-specific infrastructure for analyzing, generating, and manipulating syntactically correct but semantically spec-non-compliant video files.

Domain-specific infrastructure for analyzing, generating, and manipulating syntactically correct but semantically spec-non-compliant video files. - h26forge/h26forge

GitHub

wrv Jul 7, 2023

RIP Mozilla fuzzdata

https://github.com/MozillaSecurity/fuzzdata/issues/11#issuecomment-1610853815

Licensing question · Issue #11 · MozillaSecurity/fuzzdata

Hello, thank you for making this data publicly available! I was wondering under what terms can we use this? Would you consider adding a license to the repository?

GitHub

wrv Jul 7, 2023

"Video: Add HEVC SVC encode support for macOS 14+ and limit HEVC encode to HW only

HEVC SVC support has been added to macOS 14 beta2 and iOS 17 beta2, so we can adding this to Chromium as well."

https://chromium-review.googlesource.com/c/chromium/src/+/4664014

wrv Jun 20, 2023

I had a great time presenting at REcon! Slides are available here: https://github.com/wrv/wrv.github.io/tree/master/presentations/recon23

wrv.github.io/presentations/recon23 at master · wrv/wrv.github.io

site. Contribute to wrv/wrv.github.io development by creating an account on GitHub.

GitHub

wrv May 31, 2023

Check out the story behind H26Forge on The CyberWire!

https://thecyberwire.com/podcasts/research-saturday/282/notes

Dangerous vulnerabilities in H.264 decoders.

Willy R. Vasquez from The University of Texas at Austin discussing research on "The Most Dangerous Codec in the World - Finding and Exploiting Vulnerabilities in H.264 Decoders." Researchers are looking at the marvel that is modern video encoding standards such as H.264 for vulnerabilities and ultimately hidden security risks. The research states "We introduce and evaluate H26FORGE, domain-specific infrastructure for analyzing, generating, and manipulating syntactically correct but semantically spec-non-compliant video files." Using H26FORCE, they were able to uncover insecurities in depth across the video decoder ecosystem, including kernel memory corruption bugs in iOS and video accelerator and application processor kernel memory bugs in Android devices.

The CyberWire

Show thread

wrv Mar 25, 2023

Atop all these issues, we also find a nifty use-after-free in FFmpeg in VLC for Windows, alongside issues all across the hardware decoder ecosystem! This was so much fun to work on with @stevecheckoway and @hovav .

You can read more details in our paper available here: https://wrv.github.io/h26forge.pdf .

Keep a lookout for the release of H26Forge so more security researchers can also find these types of bugs!