mniip/spectre-meltdown-poc

This repository has been archived on 05/Aug/2021
Stars
129
Rank 279,262 (Top 6 %)
Language
C
Created almost 7 years ago
Updated almost 7 years ago

mniip/spectre-meltdown-poc

mniip

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

A semi-demi-working proof of concept for a mix of spectre and meltdown vulnerabilities

Spectre and Meltdown Proof-of-Concept

Read kernel addresses by stalling the pipeline and speculatively hitting a cacheline:

$ make
...
$ grep ' sys_call_table' /proc/kallsyms
ffffffff8f800180 R sys_call_table
$ ./poc ffffffff8f800180
0xffffffff8f800180 | 10 40 23 8f ff ff ff ff d0 40 23 8f ff ff ff ff
0xffffffff8f800190 | c0 14 23 8f ff ff ff ff 60 f6 22 8f ff ff ff ff
0xffffffff8f8001a0 | 40 91 23 8f ff ff ff ff 70 91 23 8f ff ff ff ff
0xffffffff8f8001b0 | 50 91 23 8f ff ff ff ff 10 af 24 8f ff ff ff ff
...

Read kernel addresses by poisoning the branch predictor and speculatively hitting a cacheline:

$ ./poc_poison ffffffff8f800180
cutoff: 192
0xffffffff8f800180 | 10 40 23 8f ff ff ff ff d0 40 23 8f ff ff ff ff
...

Visualize memory read timings:

$ ./poc_vis ffffffff8f800180

BOOTSTRA

This is an experiment in bootstrapping some sort of programming language/environment from a clean MS-DOS install.

wtfcoc

A reasonable Code of Conduct for reasonable people.

LUA

A programming language based upon the lua programming language

yoctoparsec

A truly tiny monadic parsing library

Doger

Used to be the official dogecoin IRC tipbot. Discontinued as of May 2020.

discord-eval

A discord frontend for an interactive interpreter bot

sandbox

A secure process-level sandbox based on a ptrace jail

th-tc

Poor man's typechecker in Template Haskell

tcpaste

finite-typelits

A type inhabited by finitely many values, indexed by type-level naturals.

yt

youtube downloader in lua

hexchat-lua

Lua scripting plugin for Hexchat

vtshot

Linux console recording tool.

dlng

Dynamic Linker NG

functional-kmp

KMP implemented on haskell's built-in cons-cell-based lists.

um32

Universal Machine emulator in C

xsTPTIRC

IRC client for The Powder Toy (http://powdertoy.co.uk)

os

znc-modules

icfpc2021

fresnel

Numerical Fresnel diffraction

dequantify

A program that removes quantifiers in statements involving rational functions using Tarski-Seidenberg algorithm

singleton-typelits

Singletons and induction schemes for GHC TypeLits.

xsRecord

x11 screen recorder, outputs PPM for convertability reasons

Hask

CT stuff in haskell

ZF

Experimenting with classical FOL+ZF in Coq.

aoc-2020

hexchat-haskell

A Haskell scripting plugin for HexChat

rualloc

Retarded Useless Allocator

bananapeel

coercion-extras

Extra utilities for manipulating nominal and representational coercions

h6502

A haskell 6502 emulator presented as a monad transformer

partial-records

Template haskell utilities for constructing records with default values

monad-introspect

fbmode

A tiny tool for editing the framebuffer settings

aoc2021

fdmp

Floppy drive midi player

ansi-g-machine

icfpc2020-galaxy

xsBot

IRC bot completely in Lua

mniip.github.io

apk

Cruft-less android app template, compilable via make, importable into an Android Studio project.

highlel

HIGH Level Emulation of Linux

nibble-trie