支持本站 — 捐款将帮助我们持续运营

目标: 1000 元,已筹: 1000

100.0%
立即捐款

POC详情: 704113a8bf127d6f21d94ab4122a9d3ccf93de0e

来源
https://github.com/ekknod/AmdRyzenMasterCheat
关联漏洞
标题:AMD Ryzen 安全特征问题漏洞 (CVE-2020-12928)
Description:AMD Ryzen是美国AMD公司的一款中央处理器(CPU)。 AMD Ryzen Master V15版本存在安全漏洞,该漏洞源于在中动态加载的AMD驱动程序可能允许任何经过身份验证的用户升级到NT权限系统的特权。
Description
Early 2019 - late 2020. R.I.P. CVE-2020-12928 https://h0mbre.github.io/RyzenMaster_CVE/#
介绍
# EC_PRO-LAN



Anti-Cheats: (FACEIT, (ESEA w/ custom version)  
Early 2019 - late 2020. R.I.P. https://h0mbre.github.io/RyzenMaster_CVE/#  

# Requirements:
Windows 10 Enterprise 1607 LTSB with all updates  
AMD Ryzen CPU  
Motherboard B350-B450 (B550 client is bugged)  
Logitech GHUB installed ( for mouse input )


# Older gen ryzen processors has maybe different Version of AmdRyzenMaster driver (1.3.0.0)
you have to then replace https://github.com/ekknod/EC_PRO-LAN/blob/main/client_windows/server.cpp#L65  
with this:  
unsigned char b_amd[] = {
        0x5C, 0x00, 0x44, 0x00, 0x65, 0x00, 0x76, 0x00, 0x69, 0x00, 0x63, 0x00, 0x65, 0x00, 0x5C, 0x00, 0x41, 0x00, 0x4D, 0x00,
        0x44, 0x00, 0x52, 0x00, 0x79, 0x00, 0x7A, 0x00, 0x65, 0x00, 0x6E, 0x00, 0x4D, 0x00, 0x61, 0x00, 0x73, 0x00, 0x74, 0x00,
        0x65, 0x00, 0x72, 0x00, 0x44, 0x00, 0x72, 0x00, 0x69, 0x00, 0x76, 0x00, 0x65, 0x00, 0x72, 0x00, 0x56, 0x00, 0x31, 0x00,
        0x33, 0x00, 0x00, 0x00
    } ;
 


# Installation


precompiled client: https://www.unknowncheats.me/forum/downloads.php?do=file&id=31551  
copy opengl32.dll to C:\Program Files\AMD\RyzenMaster\bin  
open amdryzenmaster utility, allow firewall  
open csgo.exe  
open client_private.exe in separate PC in your LAN network. 



# Vulnerabilities
Logitech input manipulation with their macro driver (works still ESEA/FACEIT, will work as long as logitech macros)
Copying game memory with AmdRyzenMaster vulnerability  

# Why releasing?
Because someone else found same vulnerability and made it public: https://h0mbre.github.io/RyzenMaster_CVE/#  

# Youtube Video (EC_PRO LAN android client (wifi))
[![IMAGE ALT TEXT](http://i3.ytimg.com/vi/l91pJW86KEQ/maxresdefault.jpg)](https://www.youtube.com/watch?v=l91pJW86KEQ "EC_PRO lan (android client)")


# Youtube Video (EC_PRO lan raspberry pi client)
[![IMAGE ALT TEXT](http://i3.ytimg.com/vi/qrUvuK8Hxq8/maxresdefault.jpg)](https://www.youtube.com/watch?v=qrUvuK8Hxq8&feature=youtu.be "EC_PRO lan (rasberry client)")
文件快照

 [4.0K]  /data/pocs/704113a8bf127d6f21d94ab4122a9d3ccf93de0e
├── [4.0K]  client_android
│   ├── [4.0K]  app
│   │   ├── [1.4K]  build.gradle
│   │   ├── [ 751]  proguard-rules.pro
│   │   └── [4.0K]  src
│   │       ├── [4.0K]  androidTest
│   │       │   └── [4.0K]  java
│   │       │       └── [4.0K]  com
│   │       │           └── [4.0K]  example
│   │       │               └── [4.0K]  client
│   │       │                   └── [ 752]  ExampleInstrumentedTest.java
│   │       ├── [4.0K]  main
│   │       │   ├── [ 777]  AndroidManifest.xml
│   │       │   ├── [4.0K]  cpp
│   │       │   │   ├── [1.6K]  CMakeLists.txt
│   │       │   │   ├── [4.7K]  maths.cpp
│   │       │   │   ├── [ 957]  maths.h
│   │       │   │   ├── [ 75K]  native-lib.cpp
│   │       │   │   ├── [4.0K]  socket.cpp
│   │       │   │   └── [ 952]  socket.h
│   │       │   ├── [4.0K]  java
│   │       │   │   └── [4.0K]  com
│   │       │   │       └── [4.0K]  example
│   │       │   │           └── [4.0K]  client
│   │       │   │               └── [9.6K]  MainActivity.java
│   │       │   └── [4.0K]  res
│   │       │       ├── [4.0K]  drawable
│   │       │       │   └── [5.5K]  ic_launcher_background.xml
│   │       │       ├── [4.0K]  drawable-v24
│   │       │       │   └── [1.8K]  ic_launcher_foreground.xml
│   │       │       ├── [4.0K]  layout
│   │       │       │   └── [4.9K]  activity_main.xml
│   │       │       ├── [4.0K]  mipmap-anydpi-v26
│   │       │       │   ├── [ 272]  ic_launcher_round.xml
│   │       │       │   └── [ 272]  ic_launcher.xml
│   │       │       ├── [4.0K]  mipmap-hdpi
│   │       │       │   ├── [2.9K]  ic_launcher.png
│   │       │       │   └── [4.8K]  ic_launcher_round.png
│   │       │       ├── [4.0K]  mipmap-mdpi
│   │       │       │   ├── [2.0K]  ic_launcher.png
│   │       │       │   └── [2.7K]  ic_launcher_round.png
│   │       │       ├── [4.0K]  mipmap-xhdpi
│   │       │       │   ├── [4.4K]  ic_launcher.png
│   │       │       │   └── [6.7K]  ic_launcher_round.png
│   │       │       ├── [4.0K]  mipmap-xxhdpi
│   │       │       │   ├── [6.2K]  ic_launcher.png
│   │       │       │   └── [ 10K]  ic_launcher_round.png
│   │       │       ├── [4.0K]  mipmap-xxxhdpi
│   │       │       │   ├── [8.9K]  ic_launcher.png
│   │       │       │   └── [ 15K]  ic_launcher_round.png
│   │       │       └── [4.0K]  values
│   │       │           ├── [ 208]  colors.xml
│   │       │           ├── [  69]  strings.xml
│   │       │           └── [ 383]  styles.xml
│   │       └── [4.0K]  test
│   │           └── [4.0K]  java
│   │               └── [4.0K]  com
│   │                   └── [4.0K]  example
│   │                       └── [4.0K]  client
│   │                           └── [ 379]  ExampleUnitTest.java
│   ├── [ 558]  build.gradle
│   ├── [4.0K]  gradle
│   │   └── [4.0K]  wrapper
│   │       ├── [ 53K]  gradle-wrapper.jar
│   │       └── [ 232]  gradle-wrapper.properties
│   ├── [1.0K]  gradle.properties
│   ├── [5.2K]  gradlew
│   ├── [2.1K]  gradlew.bat
│   └── [  41]  settings.gradle
├── [4.0K]  client_windows
│   ├── [1.4K]  client_windows.sln
│   ├── [7.5K]  client_windows.vcxproj
│   ├── [1.6K]  client_windows.vcxproj.filters
│   ├── [ 220]  client_windows.vcxproj.user
│   ├── [ 171]  config.cfg
│   ├── [ 19K]  cs.cpp
│   ├── [1.2K]  cs.h
│   ├── [ 14K]  main.cpp
│   ├── [4.7K]  maths.cpp
│   ├── [ 957]  maths.h
│   ├── [ 25K]  server.cpp
│   ├── [5.8K]  server.h
│   ├── [5.2K]  socket.cpp
│   └── [ 849]  socket.h
├── [2.0K]  README.md
└── [4.0K]  server
    ├── [4.5K]  main.c
    ├── [1.4K]  server.sln
    ├── [7.7K]  server.vcxproj
    ├── [1.1K]  server.vcxproj.filters
    ├── [ 220]  server.vcxproj.user
    ├── [3.3K]  socket.c
    └── [ 837]  socket.h

34 directories, 59 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮件到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对 POC 代码进行快照,为了长期维护,请考虑为本地 POC 付费/捐赠,感谢您的支持。