Skip to content
/ FFmpeg-Ghost-HLS Public

This tool generates a malicious AVI file embedding a forged HLS playlist and AES-encrypted payloads crafted to manipulate the behavior of vulnerable FFmpeg instances.

License

CC0-1.0 license
2 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

SleepTheGod/FFmpeg-Ghost-HLS

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
LICENSE
LICENSE
 
 
README.md
README.md
 
 
main.py
main.py
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

Exploit Demo

FFmpeg-Ghost-HLS

An advanced FFmpeg exploit generator that abuses HLS playlist parsing and AES-XBIN chaining inside malformed AVI containers to create weaponized media payloads

--

Overview

FFmpeg-Ghost-HLS is a proof-of-concept generator designed to exploit how FFmpeg handles AVI container files with embedded HLS playlists and AES-128 encrypted segments. This tool dynamically embeds HLS-style media directives and XOR-encrypted AES blocks inside an AVI payload to force arbitrary file reads, memory leaks, or potential codec-based attack vectors when processed by FFmpeg or any player or library that leverages it

--

What it does

Crafts a malformed but valid AVI container with embedded HLS playlist data

Embeds AES-128 ECB blocks disguised via XBIN and decryptable via XOR echoing

Uses a static AES key named GAMMA and ECB mode to manipulate IVs

Inserts structured EXT-X-BYTERANGE playlist directives to read arbitrary offsets from attacker-defined file paths like file slash slash slash etc slash passwd

Injects randomness and packet repetition to bypass basic caching and detection

--

Installation

Make sure you are using Python 3.6 or higher and have permission to install system-wide packages

git clone https double slash github dot com slash SleepTheGod slash FFmpeg-Ghost-HLS dot git cd FFmpeg-Ghost-HLS

pip install -r requirements.txt --break-system-packages

--

Usage

python3 main.py file slash slash slash etc slash passwd output.avi

Where file slash slash slash etc slash passwd is the full path of the file you want to read output.avi is the output filename for the generated malicious AVI container

To test with FFmpeg

ffmpeg -i output.avi -f null -

This may

Dump parts of the target file

Crash or leak memory

Trigger codec errors or memory access violations

--

requirements.txt contents

pycryptodome equal equal 3.20.0

--

Technical notes

main.py generates EXTINF EXT-X-KEY and EXT-X-BYTERANGE directives inside AVI chunks

AES ECB blocks are XOR’d using a custom GAMMA pattern to influence IV output

The AVI stream is padded with fake video and text packets named 00dc and 00tx to maintain decoder compatibility and confuse forensic tools

XBIN_HEADER simulates a terminal or graphic format header useful for blending into media pipelines

--

Use cases

Offensive media fuzzing

Red team payload delivery

Testing media parsers like FFmpeg VLC ffprobe against hybrid containers

Academic demonstrations of container or polyglot abuse

--

Legal warning

This code is provided for educational and authorized testing purposes only Do not use against machines or data you do not own or have explicit permission to test Use of this code for unauthorized exploitation or surveillance is illegal and unethical

--

Author

Taylor Christian Newsome GitHub at github dot com slash SleepTheGod

About

This tool generates a malicious AVI file embedding a forged HLS playlist and AES-encrypted payloads crafted to manipulate the behavior of vulnerable FFmpeg instances.

Resources

Readme

License

CC0-1.0 license
Activity

Stars

2 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages