{"id":13574399,"url":"https://github.com/OpenL2D/moc3ingbird","last_synced_at":"2025-04-04T15:30:51.215Z","repository":{"id":115213754,"uuid":"608920501","full_name":"OpenL2D/moc3ingbird","owner":"OpenL2D","description":"MOC3ingbird Exploit for Live2D (CVE-2023-27566)","archived":false,"fork":false,"pushed_at":"2023-09-19T01:12:41.000Z","size":44,"stargazers_count":79,"open_issues_count":1,"forks_count":6,"subscribers_count":2,"default_branch":"master","last_synced_at":"2024-11-05T09:44:33.898Z","etag":null,"topics":["exploit","live2d","live2d-cubism","live2d-cubism-sdk","moc3","security-vulnerability"],"latest_commit_sha":null,"homepage":"https://undeleted.ronsor.com/moc3ingbird","language":"C++","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/OpenL2D.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE.md","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null}},"created_at":"2023-03-03T01:57:28.000Z","updated_at":"2024-10-17T13:58:58.000Z","dependencies_parsed_at":null,"dependency_job_id":"2d71b229-617f-4b72-af88-f000493edb00","html_url":"https://github.com/OpenL2D/moc3ingbird","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/OpenL2D%2Fmoc3ingbird","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/OpenL2D%2Fmoc3ingbird/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/OpenL2D%2Fmoc3ingbird/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/OpenL2D%2Fmoc3ingbird/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/OpenL2D","download_url":"https://codeload.github.com/OpenL2D/moc3ingbird/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247202575,"owners_count":20900806,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["exploit","live2d","live2d-cubism","live2d-cubism-sdk","moc3","security-vulnerability"],"created_at":"2024-08-01T15:00:51.254Z","updated_at":"2025-04-04T15:30:46.205Z","avatar_url":"https://github.com/OpenL2D.png","language":"C++","funding_links":[],"categories":["C++"],"sub_categories":[],"readme":"# MOC3ingbird DoS\n\n日本語版：[README_JA.md](README_JA.md)\n\nThis repository contains a simple Live2D model that crashes any application\nthat attempts to load it: a denial of service attack. If you have the\n[ImHex hex editor](https://imhex.werwolv.net) installed, you can inspect and\nedit the MOC3 file with the pattern file in `src/moc3.hexpat`. Please note\nyou will need to change the `0x7FFFFFFF` (`FF FF FF 7F`) runtime space\noffset value near the beginning of the file to something sane (`0`) to be\nable to see the pattern data. Alternatively you can enable\n`ShowRuntimeSpaceFields` from the Settings tab.\n\n**`src/moc3.hexpat` should be able to view all MOC3 files. If you find one\nthat it can't view, please file an issue and we'll look into it.**\n\nThe included files can also be used as a template for further research and\nexperimentation.\n\n## Rationale and Quick Overview\n\nThese files are released in the hope that they will prompt Live2D to improve\ntheir security practices.\n\nThere is only one widespread MOC3 reader implementation: Live2D Cubism Core.\nCubism Core is a C library that makes no attempts to perform bounds checking\non offsets contained within MOC3 files. As a result, it is trivial to read\nand write memory out of the bounds of the MOC3 data in memory, and it is\nalmost certainly possible to execute arbitrary code this way.\n\n**As of now, I have not found a way to achieve code execution using Cubism\nCore alone; however, code execution may still be possible by taking advantage\nof the host program's (e.g. Cubism Viewer, VTube Studio, etc.) memory layout.**\n\n## Demonstration\n\n**Direct ZIP download for the MOC3ingbird model (this repository): [click here](\nhttps://github.com/OpenL2D/moc3ingbird/archive/refs/heads/master.zip).**\n\nIf you have Live2D's\n[Cubism Editor (and Viewer)](https://www.live2d.com/en/download/cubism/) or\nany other software that can load Live2D models, simply open the `exploit.moc3`\nfile with it.\n\nFor the viewer bundled with the Live2D Cubism Editor, you can download this\nrepository, and drag `exploit.moc3` into the viewer. It will begin to load the\nmodel, and instantly crash.\n\nIf you attach a debugger to the crashing application, you should see the\nEXCEPTION_ACCESS_VIOLATION exception, SIGSEGV, or some other equivalent. The\ncurrent PoC writes a pointer to `moc3BaseAddress + sections.parts.runtimeSpace0`\nwith the value `moc3BaseAddress + sections.parts.ids`.\n\nThe `src/moc3.hexpat` pattern supports all MOC3 files. Some samples may be\nfound at \u003chttps://live2d.com/en/download/sample-data/\u003e. Please note those\nsamples are copyrighted by Live2D Inc. and may come with extra restrictions.\n**The OpenL2D Project Developers are not responsible for ensuring the\ncompliance of users of this software with any third-party agreements.**\n\n## License\n\nCopyright © 2023 The OpenL2D Project Developers. All rights reserved.\n\nThis model and all related files are free software licensed under the terms of\nthe Free Development Public License 1.0-US as published by the Freedom of\nDevelopment Project at \u003chttps://freedevproject.org/fdpl-1.0-us\u003e. Usage of the\nfiles in this repository constitutes acceptance of this license.\n\nNo file in this repository was derived from the output of any Live2D software.\nAll rights reserved only to the OpenL2D Project Developers, who, regarding the\ndistribution of these files, have no obligations to any party under any\nagreement.\n\n**To be more explicit: you are free to use the included model files and pattern\nfiles to create your own MOC3 readers and writers. No license will restrict\nyour right to do so.**\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FOpenL2D%2Fmoc3ingbird","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FOpenL2D%2Fmoc3ingbird","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FOpenL2D%2Fmoc3ingbird/lists"}