Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Find Trojan Source unicode characters (CVE-2021-42694 and CVE-2021-42574.)
#/bin/sh
# Usage instructions: sh find.sh php|tr '\n' '; '
# Then copy and paste the output and execute it
ext=$1
C="\u200E \u200F \u202A \u202B \u202C \u202D \u202E \u2066 \u2067 \u2068 \u2069 \u202C"
for a in $C; do echo find . -type f -name \"*.$ext\" -exec grep -H \$\'$a\' {} \\\; ; done
@jonaslejon

This comment has been minimized.

Copy link
Owner Author

@jonaslejon jonaslejon commented Nov 3, 2021

Example:

sh ../find.sh go|tr '\n'  '; '
find . -type f -name "*.go" -exec grep -H $'\u200E' {} \;;find . -type f -name "*.go" -exec grep -H $'\u200F' {} \;;find . -type f -name "*.go" -exec grep -H $'\u202A' {} \;;find . -type f -name "*.go" -exec grep -H $'\u202B' {} \;;find . -type f -name "*.go" -exec grep -H $'\u202C' {} \;;find . -type f -name "*.go" -exec grep -H $'\u202D' {} \;;find . -type f -name "*.go" -exec grep -H $'\u202E' {} \;;find . -type f -name "*.go" -exec grep -H $'\u2066' {} \;;find . -type f -name "*.go" -exec grep -H $'\u2067' {} \;;find . -type f -name "*.go" -exec grep -H $'\u2068' {} \;;find . -type f -name "*.go" -exec grep -H $'\u2069' {} \;;find . -type f -name "*.go" -exec grep -H $'\u202C' {} \;;

And then we tested against the Trojan Source github repo:

./Go/commenting-out.go:    /* } if (isAdmin)  begin admins only */
./Go/commenting-out.go:    /* end admins only  { */
./Go/stretched-string.go:	if accessLevel != "user // Check if admin " {
./Go/commenting-out.go:    /* } if (isAdmin)  begin admins only */
./Go/commenting-out.go:    /* end admins only  { */
./Go/stretched-string.go:	if accessLevel != "user // Check if admin " {
./Go/commenting-out.go:    /* } if (isAdmin)  begin admins only */
./Go/stretched-string.go:	if accessLevel != "user // Check if admin " {
@intseisoc

This comment has been minimized.

Copy link

@intseisoc intseisoc commented Nov 4, 2021

grep -r -e $'\u202a' -e $'\u202b' -e $'\u202d' -e $'\u202e' -e $'\u2066' -e $'\u2067' -e $'\u2068' -e $'\u202c' -e $'\u2069'
( More faster )

This is the results in the Trojan Source github repo:

Binary file .git/objects/pack/pack-4684a21acf5665a9912c39981834af0c8589b2f3.pack matches
C/commenting-out.c: /‮ } ⁦if (isAdmin)⁩ ⁦ begin admins only /
C/commenting-out.c: /
end admins only ‮ { ⁦
/
C/early-return.c: /* Say hello; newline⁧ /*/ return 0 ;
C/stretched-string.c: if (strcmp(access_level, "user‮ ⁦// Check if admin⁩ ⁦")) {
C#/commenting-out.csx:/‮ } ⁦if (isAdmin)⁩ ⁦ begin admins only /
C#/commenting-out.csx:/
end admins only ‮ { ⁦
/
C#/stretched-string.csx:if (access_level != "user‮ ⁦// Check if admin⁩ ⁦") {
C++/commenting-out.cpp: /‮ } ⁦if (isAdmin)⁩ ⁦ begin admins only /
C++/commenting-out.cpp: /
end admins only ‮ { ⁦
/
C++/stretched-string.cpp: if (access_level.compare("user‮ ⁦// Check if admin⁩ ⁦")) {
Go/commenting-out.go: /‮ } ⁦if (isAdmin)⁩ ⁦ begin admins only /
Go/commenting-out.go: /
end admins only ‮ { ⁦
/
Go/stretched-string.go: if accessLevel != "user‮ ⁦// Check if admin⁩ ⁦" {
Java/CommentingOut.java: /‮ } ⁦if (isAdmin)⁩ ⁦ begin admins only /
Java/CommentingOut.java: /
end admins only ‮ { ⁦
/
Java/StretchedString.java: if (accessLevel != "user‮ ⁦// Check if admin⁩ ⁦") {
JavaScript/commenting-out.js:/‮ } ⁦if (isAdmin)⁩ ⁦ begin admins only /
JavaScript/commenting-out.js:/
end admins only ‮ { ⁦
/
JavaScript/stretched-string.js:if (accessLevel != "user‮ ⁦// Check if admin⁩ ⁦") {
Python/commenting-out.py:if access_level != 'none‮⁦': # Check if admin ⁩⁦' and access_level != 'user
Python/early-return.py: ''' Subtract funds from bank account then ⁧''' ;return
Rust/commenting-out.rs: /‮ } ⁦if is_admin⁩ ⁦ begin admins only /
Rust/commenting-out.rs: /
end admins only ‮ { ⁦
/
Rust/stretched-string.rs: if access_level != "user‮ ⁦// Check if admin⁩ ⁦" {
Binary file website/public/trojan-source.pdf matches
Binary file website/src/assets/img/faces/erik-lucatero-2.jpg matches

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment