Author Topic: ML on the M50 using network vulnerability  (Read 2960 times)

parranoic

  • Just arrived
  • *
  • Posts: 1
ML on the M50 using network vulnerability
« on: January 20, 2020, 06:31:01 PM »
Hello everybody, recently Canon updated the M50 to 1.0.3 to patch several vulnerabilities found in the firmware, some that allow running code. Could this be used to make a port of ML or at least some of it's functionality?

"EOS M50 firmware version 1.0.2 and earlier allows an attacker on the same network segment to trigger the affected product being unresponsive or to execute arbitrary code" - source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5994

Firmware Version 1.0.3 incorporates the following fix:
1. Corrects a PTP communications vulnerability.
2. Corrects a vulnerability related to firmware update.

Walter Schulz

  • Contributor
  • Hero Member
  • *****
  • Posts: 7516
Re: ML on the M50 using network vulnerability
« Reply #1 on: January 21, 2020, 12:59:51 PM »
Doing some sort of search before asking would be fine ...
https://www.magiclantern.fm/forum/index.php?topic=24385.0
In https://research.checkpoint.com/2019/say-cheese-ransomware-ing-a-dslr-camera/ is described what he did:
He used Magic Lantern techniques to run arbitrary code unattended.
So you are asking: Can Magic Lantern use a method derived from Magic Lantern to run Magic Lantern?

This thingy adds work to development not reducing it.

Actually there is a "fishy" build for M50. So code execution isn't the problem. Dev time is. ATM nobody is working on it.