GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → Eugnis → Spectre Attack

Eugnis / Spectre Attack

Example of using revealed "Spectre" exploit (CVE-2017-5753 and CVE-2017-5715)

Programming Languages

c
50402 projects - #5 most used programming language

Labels

exampleexploitsecurity-vulnerabilityspectre

Projects that are alternatives of or similar to Spectre Attack

Cod Exploits
☠️ Call of Duty - Vulnerabilities and proof-of-concepts
Stars: ✭ 178 (-74.2%)
Mutual labels:  exploit, security-vulnerability
Chimay Red
Mikrotik RouterOS (6.x < 6.38.5) exploit kit. Reverse engineered from the "Vault 7" WikiLeaks publication.
Stars: ✭ 63 (-90.87%)
Mutual labels:  exploit, security-vulnerability
Spectre Meltdown Poc
A semi-demi-working proof of concept for a mix of spectre and meltdown vulnerabilities
Stars: ✭ 127 (-81.59%)
Mutual labels:  exploit, spectre
Spectrepoc
Proof of concept code for the Spectre CPU exploit.
Stars: ✭ 239 (-65.36%)
Mutual labels:  exploit, spectre
exploits
Some of my public exploits
Stars: ✭ 50 (-92.75%)
Mutual labels:  exploit, security-vulnerability
Pentesting
Misc. Public Reports of Penetration Testing and Security Audits.
Stars: ✭ 24 (-96.52%)
Mutual labels:  exploit, security-vulnerability
browserrecon-php
Advanced Web Browser Fingerprinting
Stars: ✭ 29 (-95.8%)
Mutual labels:  exploit, security-vulnerability
Herpaderping
Process Herpaderping proof of concept, tool, and technical deep dive. Process Herpaderping bypasses security products by obscuring the intentions of a process.
Stars: ✭ 614 (-11.01%)
Mutual labels:  exploit, security-vulnerability
Emacs Elisp Programming
Tutorial about programming Elisp and Emacs text editor customization.
Stars: ✭ 548 (-20.58%)
Mutual labels:  example
Vulkan minimal compute
Minimal Example of Using Vulkan for Compute Operations. Only ~400LOC.
Stars: ✭ 603 (-12.61%)
Mutual labels:  example
Rxjava2 Android Samples
RxJava 2 Android Examples - Migration From RxJava 1 to RxJava 2 - How to use RxJava 2 in Android
Stars: ✭ 4,950 (+617.39%)
Mutual labels:  example
Pup
The Ultimate Boilerplate for Products.
Stars: ✭ 563 (-18.41%)
Mutual labels:  example
Amazon Sagemaker Examples
Example 📓 Jupyter notebooks that demonstrate how to build, train, and deploy machine learning models using 🧠 Amazon SageMaker.
Stars: ✭ 6,346 (+819.71%)
Mutual labels:  example
Am I Affected By Meltdown
Meltdown Exploit / Proof-of-concept / checks whether system is affected by Variant 3: rogue data cache load (CVE-2017-5754), a.k.a MELTDOWN.
Stars: ✭ 549 (-20.43%)
Mutual labels:  exploit
React Native Meteor Boilerplate
Stars: ✭ 637 (-7.68%)
Mutual labels:  example
Stm32 Bootloader
Customizable Bootloader for STM32 microcontrollers. This example demonstrates how to perform in-application-programming of a firmware located on an external SD card with FAT32 file system.
Stars: ✭ 541 (-21.59%)
Mutual labels:  example
Specucheck
SpecuCheck is a Windows utility for checking the state of the software mitigations and hardware against CVE-2017-5754 (Meltdown), CVE-2017-5715 (Spectre v2), CVE-2018-3260 (Foreshadow), and CVE-2018-3639 (Spectre v4)
Stars: ✭ 542 (-21.45%)
Mutual labels:  spectre
Command Injection Payload List
🎯 Command Injection Payload List
Stars: ✭ 658 (-4.64%)
Mutual labels:  security-vulnerability
Meta Typing
📚 Functions and algorithms implemented purely with TypeScript's type system
Stars: ✭ 628 (-8.99%)
Mutual labels:  example
Windows Kernel Exploits
windows-kernel-exploits Windows平台提权漏洞集合
Stars: ✭ 5,963 (+764.2%)
Mutual labels:  exploit
View All Similar Projects ➔

Spectre Attack Example

Example of using revealed "Spectre" exploit from 2 Jan 2018 (CVE-2017-5753 and CVE-2017-5715)

Spectre breaks the isolation between different applications. It allows an attacker to trick error-free programs, which follow best practices, into leaking their secrets. In fact, the safety checks of said best practices actually increase the attack surface and may make applications more susceptible to Spectre.

Language

C, uses libs:

  • stdio.h
  • stdint.h
  • intrin.h - for rdtscp and clflush

What's example do?

We're putting text "The Magic Words are Squeamish Ossifrage." in memory and then we're trying to read it using exploit. If system is vulnerable, you'll see same text in output, read from memory.

In this code, if the compiled instructions in victim_function() were executed in strict program order, the function would only read from array1[0..15] since array1 size = 16. However, when executed speculatively, out-of-bounds reads are possible. The readMemoryByte() function makes several training calls to victim_function() to make the branch predictor expect valid values for x, then calls with an out-of-bounds x. The conditional branch mispredicts, and the ensuing speculative execution reads a secret byte using the out-of-bounds x. The speculative code then reads from array2[array1[x] * 512], leaking the value of array1[x] into the cache state. To complete the attack, a simple flush+probe is used to identify which cache line in array2 was loaded, revealing the memory contents. The attack is repeated several times, so even if the target byte was initially uncached, the first iteration will bring it into the cache.

The unoptimized code reads approximately 10KB/second on an i7 Surface Pro 3.

Building

Using GCC

gcc -std=c99 Source.c -o spectre.out or make

Using Visual Studio

Create new empty project and add Source.c then click on Build.

Executing

Test

.\spectre.out with no params.

Read from address

.\spectre.out {address} {length} with params:

  • address - pointer address of victim char *
  • length - length of char *

Sources

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].