Re: how to transfer files on napster

[sysadmin () SASSPRODUCTIONS COM (Seth Georgion)]

It really is a worthless discussion. A lot of virus code will insert itself
into the middle of perfectly valid files and then include a jmp to their
particular code at the beginning. So no matter what you're looking for as a
general screen you wouldn't be able to stop that but, far simpler, would be
a virus like program that, when executed, opened an already valid MP# and
dropped the entire binary of Adobe Photoshop in the middle at some
predefined point. The program could also open any mp3 and look through the
middle of it for those particular headers which would indicate that there's
a stored binary and then it could just delete the rest of the broken mp3 and
bam, you would have Photoshop.

example.

You and your circle of friends from highschool have this program called "mp3
injector" and all it does is open a valid mp3 and insert whatever binary
file you choose into the middle of it. In addition it places a header at
that "PREDEFINED" point indicating the ending point of the binary.

You use the program to open up Ricky Martins latest, stupidest, hit and
install Adobe Photoshop in the middle of the mp3. You then put that in your
library with the rest of your mp3's but rename it to photoshop5.mp3

Your buddy in wisconsin downloads the photoshop mp3 and opens it with
WinAmp. Uh-oh it doesn't work because all though the first 1 minute of the
song works it dies there. So he opens photoshop.mpe with his program "mp3
injector" which goes back in the mp3 to it's predifined point where it, of
course, finds its header!

At this point it reads how deep photoshop is and goes that far back in the
mp3 and shucks the mp3 part, it already knew where the begining is so it
shucks that part to and saves what other than Photoshop.zip.

Ta-Da! It's really very simple and I would doubt it if someone told me that
it would take more than 50 lines of assembly code .

Sounds like a vuln-dev pet project for proof of concept!

E-Mail me if you want to do it or E-Mail the group.

Seth Georgion
SysAdmin
SASS Productions

-----Original Message-----
From: VULN-DEV List [mailto:VULN-DEV () SECURITYFOCUS COM]On Behalf Of Blue
Boar
Sent: Saturday, February 05, 2000 1:21 PM
To: VULN-DEV () SECURITYFOCUS COM
Subject: Re: how to transfer files on napster

Jordan Ritter wrote:
> On Sat, 5 Feb 2000, Jason Copenhaver wrote:
>
> # this txt explains a pretty simple way into fooling napster into
> # thinking that your transfering an mp3 file.  It looks like it only
> # checks for a valid 4 byte mp3 header and the mp3 file extenstion....
>
> As I stated already in a list email well before yours, this is possible.
> Anyone that wants to pursue steganographic methods for fooling file
> transfer software is very likely to meet with success.
>
> My conclusion was, who the hell would want to?  A hex editor?  Gee, that's
> useful.
>
> --jordan

Depends on whether you were trying to keep people solely from giving access
to other files on accident, or if you were trying to keep people from
trading other types of warez intentionally.

                                                BB