This repository includes the tools we developed during our research:
quick_shell: Implements the entire RCE chain, overwriting an installer executable downloaded by a victim Windows device with Quick Share.
quick_sniff: A sniffer that captures Quick Share’s protocol packets, prints them textually. In addition, for each device in the session, it creates a binary file in our custom format that holds all the sent packets in the order they were sent.
send_packets: Sends Quick Share’s protocol packets. As input, it receives a binary file in our custom format with packets to send (the same format that the quick_sniff tool outputs).
send_file_with_bypass: Exploits the vulnerabilities we reported for Quick Share for Android & Windows that allow sending a file without authorization or acceptance by the receiver, no matter what’s the current discovery mode (“Your Devices”, “Contacts”, or “Everyone”)
force_wifi_connection: Forces a device with Quick Share to connect to a given WiFi network. If performed against a Windows device with the vulnerable Quick Share version, then it also crashes its Quick Share app, creating a Wi-Fi connection to the given Wi-Fi network that lasts forever.
quick_fuzz: A fuzzer for Quick Share for Windows. Each fuzzing iteration sends a sequence of offline frames, simulating an entire transfer session.
Varshini is a Cyber Security expert in Threat Analysis, Vulnerability Assessment, and Research. Passionate about staying ahead of emerging Threats and Technologies.