mIRC Home    About    Download    Register    News    Help

Print Thread
#235773 11/01/12 03:24 PM
Joined: Nov 2011
Posts: 10
D
D4ni Offline OP
Pikka bird
OP Offline
Pikka bird
D
Joined: Nov 2011
Posts: 10
If you lock $decode in the Options Dialog, $utfdecode will also be locked.

Code:
* Identifier locked in options dialog: $utfdecode


I'd suggest this behavior should be removed since there's no real security risk in using $utfdecode.

Last edited by D4ni; 11/01/12 03:24 PM.
D4ni #235774 11/01/12 07:31 PM
Joined: Oct 2003
Posts: 3,918
A
Hoopy frood
Offline
Hoopy frood
A
Joined: Oct 2003
Posts: 3,918
Well, $decode in itself is also not a "security risk", but it can be used in combination with social engineering tactics that make it one.

But this is nevertheless a good point-- given that 7.x now has Unicode enabled all the time, there should be no scenario where $utf(de|en)code could create obfuscated text for the a client.


- argv[0] on EFnet #mIRC
- "Life is a pointer to an integer without a cast"
argv0 #235823 15/01/12 04:26 AM
Joined: Feb 2006
Posts: 546
J
Fjord artisan
Offline
Fjord artisan
J
Joined: Feb 2006
Posts: 546
$utfdecode() can be used in the same malicious way as $decode() because some of the charsets that mIRC supports don't include the latin alphabet


"The only excuse for making a useless script is that one admires it intensely" - Oscar Wilde
Joined: Oct 2003
Posts: 3,918
A
Hoopy frood
Offline
Hoopy frood
A
Joined: Oct 2003
Posts: 3,918
I'm under the impression that mIRC 7.x only supports a single charset (unicode). Is this not accurate?


- argv[0] on EFnet #mIRC
- "Life is a pointer to an integer without a cast"
argv0 #235830 15/01/12 07:07 PM
Joined: Feb 2006
Posts: 546
J
Fjord artisan
Offline
Fjord artisan
J
Joined: Feb 2006
Posts: 546
Originally Posted By: argv0
I'm under the impression that mIRC 7.x only supports a single charset (unicode). Is this not accurate?


it's the $utf*code identifiers that support other charsets :P

$utfdecode(txt , C) can be used to convert text to Unicode as though it were a series of bytes in charset C. one or more of these charsets contain unreadable characters where the latin alphabet should be. just as $decode(unreadable text, m) can be used to hide readable text/code, so too can $utfdecode(unreadable, C) for certain Cs.


"The only excuse for making a useless script is that one admires it intensely" - Oscar Wilde
Joined: Oct 2003
Posts: 3,918
A
Hoopy frood
Offline
Hoopy frood
A
Joined: Oct 2003
Posts: 3,918
Then mIRC could lock only when C is specified. However, I'm a little dubious as to the statement:

Originally Posted By: jaytea
one or more of these charsets contain unreadable characters where the latin alphabet should be


I'm under the impression that all "charset" values of C are just ANSI codepages, but all ANSI codepages share the same ASCII range. So it would seem that there would be no value of C that would create an unreadable builtin command name (since all builtin commands are ASCII).


- argv[0] on EFnet #mIRC
- "Life is a pointer to an integer without a cast"

Link Copied to Clipboard