defuse/flush-reload-attacks

Stars
180
Rank 213,097 (Top 5 %)
Language
Ruby
Created over 9 years ago
Updated 5 months ago

defuse/flush-reload-attacks

defuse

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Side-Channel Attacks on Everyday Applications

This repository contains the source code and experiment data accompanying Taylor Hornby's talk at Black Hat 2016 titled "Side-Channel Attacks on Everyday Applications."

blackhat: Black Hat talk stuff, like my CFP submission and talk slides.
cpsc502: Assignments for my undergraduate research project at the University of Calgary.
experiments: Experiment implementations and all saved experiment run data.
flush-reload: Attack tools, including:
- flush-reload/original-from-authors: The original authors' implementaiton of Flush+Reload.
- flush-reload/myversion: My rewrite of the Flush+Reload attack tool.
  - flush-reload/myversion/ruby: The high-level attack tools.
  - flush-reload/myversion/automation: Automated probe-finding tools.
- flush-reload/cachebench: A tool for timing the difference between cached and non-cached memory accesses.
- flush-reload/rdtsc-consistency: A tool to check if the RDTSC timestamp behaves monotonically.
paper: The LaTeX source code to the accompanying paper.
source: Source files, e.g. the PDF files for the libpoppler input distinguishing attack.

Getting Started

For step-by-step instructions to perform an attack on your own system, see the Getting Started Guide.

Contributing

This most recent version of this code lives on GitHub. Pull requests are welcome, although I have very limited time to review and merge them. Please fork this project if I'm inhibiting your progress!

Acknowledgements

The code directly inside the flush-reload folder was provided by Yuval Yarom, one of the authors of FLUSH+RELOAD: a High Resolution, Low Noise, L3 Cache Side-Channel Attack. The code inside flush-reload/myversion is a complete re-write, based on the original code.

I would like to thank Prof. John Aycock at the University of Calgary for serving as my advisor when I was working on this project for my undergrad thesis. Our discussions helped carry the project to the results included here. He also contributed edits and improvements to an earlier version of the paper.

Contact

Taylor's contact information is available on his website.

php-encryption

Simple Encryption in PHP.

swatd

Run a script when one or more sensors fail.

password-hashing

Password hashing code.

crackstation-hashdb

CrackStation.net's Lookup Table Implementation.

sockstress

Sockstress (TCP DoS) implementation.

crackstation

Source code for my crackstation.net website.

passgen

A password generator.

defuse.ca

The source code to my defuse.ca website.

phpcount

A unique hit counter that respects users' privacy.

email-spoofing

Ruby script for spoofing SMTP emails.

php-passgen

Generating passwords in PHP.

gas-obfuscation

Extremely simple but inefficient x86-64 assembly obfuscation.

dnsfs

Host files with DNS

yescrypt

Non-C Implementations of the yescrypt KDF.

helloworld-cms

A simple content display system in PHP.

DAWr

The start of a library for building a DAW and/or sound experiments in Rust

airgap

Design for an economical and simple air-gapped system.

WinPassGen

A Windows Password Generator.

pastebin

The defuse.ca pastebin.

phphashcrack

A PHP hash cracker.

encutil

Example of how to build a command-line file encryption utility with defuse/php-encryption.

synergy-crack

Synergy 1.4.12 cracking tool.

cuda-md5

Old NVIDIA CUDA implementation of salted MD5 brute-force

ictm

A user-first approach to threat modeling.

x86rc4

A tiny x86 implementation of RC4

php-newsgroups

Newsgroup-style PHP forum.

elfplayer

Visualize an ELF's execution

backup-verify

Tool for verifying backups and comparing directories.

passgenr

A library for generating cryptographically-secure passwords in Rust.

canvas

Practice HTML5 Canvas.

textractor

Extract strings from files to make wordlists.

vim

My GVim Configuration

image-passwords

HTML5 Canvas: Generating keys from memorable image sequences.

truecrypt-archive

Archive of all TrueCrypt 7.1a files

defuse_failover

(Old) How I used to do implement failover for defuse.ca.

gnutls-psk

Example TLS PSK client/server.

gadgetrie

A simple gadget finder for Return Oriented Programming

js-encryption

SJCL (JavaScript) encryption example.

vst_plugin

Example VST2 plugin in Rust.

eotp

https://defuse.ca/eotp.htm

nova-extractor

WIP implementation of the extractor in Nova's security proof

passwordtrainer

A script for memorizing/practicing passwords.

php-login

A (half-finished) PHP login system.

stemviz

https-mockups

Negative feedback for insecure web connections.

afl-demo

vimhl

Syntax highlighting in PHP with Vim.

sudoku-solver

A simple sudoku solver in Ruby

pfs-experiments

Testing perfect forward secrecy in the short term.

tix

A command-line ticket system in Ruby.

bqp

Source code for my bqp.io website.

juggler-pow

A memory-but-not-time asymmetric proof-of-work function.

hypothetico-web

Hypothetico e-zine website

popularaccess

popularaccess.org

upload

File transfer upload script.

wavetool

A tool for processing/analyzing Serum wavetables.

nsa-letter

A letter to Canadian MPs about the NSA

qcircuitgen

Easily draw quantum circuits for LaTeX's picture environment

codefiles

A Ruby on Rails blog.