ML on the M50 using network vulnerability

Started by parranoic, January 20, 2020, 06:31:01 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages1
User actions

parranoic

January 20, 2020, 06:31:01 PM
Hello everybody, recently Canon updated the M50 to 1.0.3 to patch several vulnerabilities found in the firmware, some that allow running code. Could this be used to make a port of ML or at least some of it's functionality?

"EOS M50 firmware version 1.0.2 and earlier allows an attacker on the same network segment to trigger the affected product being unresponsive or to execute arbitrary code" - source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5994

Firmware Version 1.0.3 incorporates the following fix:
1. Corrects a PTP communications vulnerability.
2. Corrects a vulnerability related to firmware update.

Walter Schulz

#1
January 21, 2020, 12:59:51 PM
Doing some sort of search before asking would be fine ...
https://www.magiclantern.fm/forum/index.php?topic=24385.0
In https://research.checkpoint.com/2019/say-cheese-ransomware-ing-a-dslr-camera/ is described what he did:
He used Magic Lantern techniques to run arbitrary code unattended.
So you are asking: Can Magic Lantern use a method derived from Magic Lantern to run Magic Lantern?

This thingy adds work to development not reducing it.

Actually there is a "fishy" build for M50. So code execution isn't the problem. Dev time is. ATM nobody is working on it.
Print
Go Up Pages1
User actions