Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

Facebook Gameroom is a Desktop application for gaming. I had never heard of this before!

The first vulnerability was the configuration file was just one large serailized payload. Using this, editing a configuration file led to the compromise of the application. However, because this does not result in any privilege escalation, Facebook denied it as a finding.

The second finding was an issue with the custom URI scheme made by the application: fbgames://. By design, this could be used to load an arbitrary exe on the system, but was stopped by a dialog for the user to click.

The author did find a validation issue on the link going to a Facebook games URL. Using this poor validation, an attacker could send a user to several different and unintended Facebook domains. This normally would not be a big deal but the Chrome version was 3 years outdated. But loading an arbitrary site, the embedded Chrome browser could be compromised.

C# native apps are very easy to reverse too. Using tools like DotNetSpy and others make this part easy. The author mentions that the attack surface for Desktop applications is much different; to me, this is because browsers protect us from so much and we take this for granted.