The leaked files from the disclosure https://seclists.org/fulldisclosure/2024/Jun/7 have since been removed from https://developercommunity.visualstudio.com/t/Incorrect-code-generation-on-warbirded-b/10680249. Someone on Reddit (https://www.reddit.com/user/TapAppropriate1458/) posted a direct link to a download from azurewebsites.net that's been taken down now too. The #InternetArchive has the files still at:
https://web.archive.org/web/20240624211440/https://sendvsfeedback2-download.azurewebsites.net/api/fileBlob/file?name=B0cde770200a945109437927ba3fe4d67638537352993712632_ICE_REPRO.zip&tid=0cde770200a945109437927ba3fe4d67638537352993712632
Unfortunately I cannot verify whether those files/the link was the original file or a re-upload. But at least all files within `ICE REPRO.zip/Linker/linkrepro.zip' match the size (in bytes) of the originals as given in the listing on seclists.
The file download from there has the sha256 hash:
d4c1a74f81e5259596466027ebac9f7eb026931c7cef02e5c37d884bbbb7f96f ICE_REPRO.zip
---
In addition, the disclosure notes that the MS symbol server does (STILL ONLINE!) leak the PDB of warbird.dll if requested. A backup has been re-upped here: https://files.catbox.moe/8iz2qk.pdb
Again, the sha256 hash. This has been matched against the original served by the MS symbol server:
2e8b5e0c17b4a4693ed494444f347f22a2eed15bcade18a5ac25d370011f8aa5 warbird.dll.pdb
---
I provide those hashes just for people to be on the safe side while analyzing the files. Keep in mind that accessing those files may be illegal.
#MSRP #leak #SecLists #Microsoft #WarBird #PlayReady #DRM #PDB #Widevine #PlayFair #Piracy