Revisiting JavaScriptCore Internals: boxed vs. unboxed

Channel:
United States LiveOverflow
Subscribers:
920,000
Published on ● Video Link: https://www.youtube.com/watch?v=dhaLk-XO890


Duration: 8:59
23,988 views
740

Part 6: There are still many things I haven't explained yet. So in this video we go over the boxed vs. unboxed values, how to convert Integer addresses to Doubles and why our bug is a memory corruption.

blog: https://liveoverflow.com/revisiting-javascriptcore-internals-boxed-vs-unboxed-browser-0x06/
test.js: https://gist.github.com/LiveOverflow/71bcf3f364c9719998bf159923310019
The Exploit:https://github.com/LinusHenze/WebKit-RegEx-Exploit

Playlist: https://www.youtube.com/watch?v=5tEdSoZ3mmE&list=PLhixgUqwRTjwufDsT1ntgOY9yjZgg5H_t

-=[ 🕴️Advertisement ]=-

This video is supported by SSD Secure Disclosure: https://ssd-disclosure.com/
Offensive Security Conference TyphoonCon: https://typhooncon.com/
Challenge: https://typhooncon.com/typhooncon-challenge-2019/

-=[ 🔴 Stuff I use ]=-

→ Microphone:* https://geni.us/ntg3b
→ Graphics tablet:* https://geni.us/wacom-intuos
→ Camera#1 for streaming:* https://geni.us/sony-camera
→ Lens for streaming:* https://geni.us/sony-lense
→ Connect Camera#1 to PC:* https://geni.us/cam-link
→ Keyboard:* https://geni.us/mech-keyboard
→ Old Microphone:* https://geni.us/mic-at2020usb

US Store Front:* https://www.amazon.com/shop/liveoverflow

-=[ ❤️ Support ]=-

→ per Video: https://www.patreon.com/join/liveoverflow
→ per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join

-=[ 🐕 Social ]=-

→ Twitter: https://twitter.com/LiveOverflow/
→ Website: https://liveoverflow.com/
→ Subreddit: https://www.reddit.com/r/LiveOverflow/
→ Facebook: https://www.facebook.com/LiveOverflow/

-=[ 📄 P.S. ]=-

All links with "*" are affiliate links.
LiveOverflow / Security Flag GmbH is part of the Amazon Affiliate Partner Programm.



Other Videos By LiveOverflow


2019-10-30Reading Player Position with DLL Injection - Pwn Adventure 3
2019-10-01Google Paid Me to Talk About a Security Issue!
2019-09-13Finding Player and Camera Position for Fly Hack - Pwn Adventure 3
2019-08-20How Speedrunners Use Game Hacking Tools
2019-08-04Windows Game Hacking with Ghidra and Cheat Engine
2019-07-28Minetest Circuit Challenge - Google CTF 2019 Qualifier
2019-07-21Arbitrary Read and Write in WebKit Exploit
2019-07-14Preparing for Stage 2 of a WebKit exploit
2019-07-07Speedrun Hacking Buffer Overflow - speedrun-001 DC27
2019-07-04YouTube BANNING Hacking Videos - Hot Take
2019-06-30Revisiting JavaScriptCore Internals: boxed vs. unboxed
2019-06-26Paste-Tastic! - Post Google CTF 2019 Stream
2019-06-23The fakeobj() Primitive: Turning an Address Leak into a Memory Corruption
2019-06-16Building an 8-Bit Computer From Scratch
2019-06-16WebKit RegExp Exploit addrof() walk-through
2019-06-09Just-in-time Compiler in JavaScriptCore (WebKit)
2019-06-02The Butterfly of JSObject
2019-05-26Hacking Browsers - Setup and Debug JavaScriptCore / WebKit
2019-05-19New Series: Getting Into Browser Exploitation - browser 0x00
2019-05-12The Origin of Script Kiddie - Hacker Etymology
2019-05-05Unpacking Redaman Malware & Basics of Self-Injection Packers - ft. OALabs


Tags:
Live Overflow
liveoverflow
hacking tutorial
how to hack
exploit tutorial
webkit
javascript
javascriptcore
webkitcore
double
unboxed
boxed
jsvalue
jscell
fakeobj
addrof
regex
arraybuffer
int32
integer to double
double to integer
memory corruption
jit compiler
jit bug
browser bug
security research
browser hacking
asan
addresssanitizer