vusec / ridl Goto Github PK
View Code? Open in Web Editor NEWRIDL test suite and exploits
Home Page: https://mdsattacks.com
RIDL test suite and exploits
Home Page: https://mdsattacks.com
Hi,
in linux/spectre.c the strcmp fails when comparing some strings because the whitespace at the beginning of some strings is not stripped.
I checked on Ubuntu 18.04.
Just strip possible whitespaces at the beginning or at the end of iter.key should fix the problem.
Just a heads up: the links to the modified spidermonkey binary in the RIDL.js README and download.sh seem to be broken.
The tool leak
crashes with a segmentation fault.
$ taskset -c 0 ./leak
Segmentation fault (core dumped)
$ dmesg
[…]
[91284.376146] leak[23989]: segfault at ffffffffffffffff ip 00000000004010b5 sp 00007ffd8ad55f40 error 7 in leak[401000+1000]
[91284.376167] Code: 00 00 be 00 00 10 00 48 83 ec 68 31 ff e8 b3 ff ff ff b9 00 00 10 00 48 89 05 57 df 00 00 48 89 c7 88 d8 45 31 c9 41 83 c8 ff <f3> aa ba 03 00 00 00 b9 22 80 04 00 be 00 00 10 00 31 ff e8 83 ff
[…]
hey, the shadow exploits does not work for me..
"leak" running for more then 2 days but it does not leak anything..
i trying to use the exploit on i7 6800k , mds mitigations off , updated microcode and last version of ubuntu.
lscpu:
Architecture: x86_64 CPU op-mode(s): 32-bit, 64-bit Byte Order: Little Endian CPU(s): 12 On-line CPU(s) list: 0-11 Thread(s) per core: 2 Core(s) per socket: 6 Socket(s): 1 NUMA node(s): 1 Vendor ID: GenuineIntel CPU family: 6 Model: 79 Model name: Intel(R) Core(TM) i7-6800K CPU @ 3.40GHz Stepping: 1 CPU MHz: 1200.384 CPU max MHz: 3800.0000 CPU min MHz: 1200.0000 BogoMIPS: 6800.68 Virtualization: VT-x L1d cache: 32K L1i cache: 32K L2 cache: 256K L3 cache: 15360K NUMA node0 CPU(s): 0-11 Flags: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx pdpe1gb rdtscp lm constant_tsc arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc cpuid aperfmperf pni pclmulqdq dtes64 monitor ds_cpl vmx est tm2 ssse3 sdbg fma cx16 xtpr pdcm pcid dca sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand lahf_lm abm 3dnowprefetch cpuid_fault epb cat_l3 cdp_l3 invpcid_single intel_ppin ssbd ibrs ibpb stibp tpr_shadow vnmi flexpriority ept vpid ept_ad fsgsbase tsc_adjust bmi1 hle avx2 smep bmi2 erms invpcid rtm cqm rdt_a rdseed adx smap intel_pt xsaveopt cqm_llc cqm_occup_llc cqm_mbm_total cqm_mbm_local dtherm ida arat pln pts md_clear flush_l1d
I tested mdstool-win64.exe on a machine with Intel i5-4210 CPU and 4 GiB RAM running MS Windows 10 Pro. 64-bit v. 1703 and noticed the tool is causing constant high CPU usage of about 20%:
It seems the tool is constantly doing something. This is strange as it should just collect some info from the system, display that info in the GUI and than be idle until closed.
FreeBSD 12.
Hi
Using the Windows binary on Windows 7 with an Intel Core i5-4570 (4 cores, no SMT) in the L1TF section SMT is being reported as vulnerable. Yet in the section about MDS SMT is reported as Unaffected. - The first look result looks erroneous to me - correct?
It looks like it boils down to:
Line 42 in 508d549
Also commit 2e13baf added the use of the function check_smt() for l1tf.c on Linux and macOS but not Windows.
Is check_smt() not available for Windows (yet) or was it forgotten to be added in the process?
Regards
Mathieu
My server is quite not recent.. can be only installed up to 2.8.12.2 without I jumping into so much hoops.
Setting up cmake (2.8.12.2-0ubuntu3) ...
username@www:~/software/ridl/build$ cmake ..
CMake Error at CMakeLists.txt:1 (cmake_minimum_required):
CMake 3.1 or higher is required. You are running version 2.8.12.2
-- Configuring incomplete, errors occurred!
username@www:~/software/ridl/build$
Can you provide a version where it's compatible with aforementioned version?
It should say:
pkg install ridl
I couldn't get it to compile out of the box on MacOS Mojave and try on a VirtualBox Ubuntu 18 with CMake.
Please make a MacOSX binary available on mdsattacks.com
I will chase these
CMake Error: The following variables are used in this project, but they are set to NOTFOUND.
Please set them or make sure they are set and tested correctly in the CMake files:
X11_Xft_INCLUDE_PATH (ADVANCED)
used as include directory in directory /home/ecommerce/Downloads/ridl-master
used as include directory in directory /home/ecommerce/Downloads/ridl-master
used as include directory in directory /home/ecommerce/Downloads/ridl-master
X11_Xft_LIB (ADVANCED)
linked by target "mdstool" in directory /home/ecommerce/Downloads/ridl-master
X11_Xrender_INCLUDE_PATH (ADVANCED)
used as include directory in directory /home/ecommerce/Downloads/ridl-master
used as include directory in directory /home/ecommerce/Downloads/ridl-master
used as include directory in directory /home/ecommerce/Downloads/ridl-master
X11_Xrender_LIB (ADVANCED)
linked by target "mdstool" in directory /home/ecommerce/Downloads/ridl-master
I run:
cmake ridl
and get an error:
Determining if the pthread_create exist failed with the following output:
Change Dir: /root/CMakeFiles/CMakeTmp
Run Build Command:"/usr/bin/make" "cmTC_1b36d/fast"
/usr/bin/make -f CMakeFiles/cmTC_1b36d.dir/build.make CMakeFiles/cmTC_1b36d.dir/build
make[1]: Entering directory '/root/CMakeFiles/CMakeTmp'
Building C object CMakeFiles/cmTC_1b36d.dir/CheckSymbolExists.c.o
/usr/bin/cc -o CMakeFiles/cmTC_1b36d.dir/CheckSymbolExists.c.o -c /root/CMakeFiles/CMakeTmp/CheckSymbolExists.c
Linking C executable cmTC_1b36d
/usr/bin/cmake -E cmake_link_script CMakeFiles/cmTC_1b36d.dir/link.txt --verbose=1
/usr/bin/cc -rdynamic CMakeFiles/cmTC_1b36d.dir/CheckSymbolExists.c.o -o cmTC_1b36d
CMakeFiles/cmTC_1b36d.dir/CheckSymbolExists.c.o: In function `main':
CheckSymbolExists.c:(.text+0x1b): undefined reference to `pthread_create'
collect2: error: ld returned 1 exit status
CMakeFiles/cmTC_1b36d.dir/build.make:97: recipe for target 'cmTC_1b36d' failed
make[1]: *** [cmTC_1b36d] Error 1
make[1]: Leaving directory '/root/CMakeFiles/CMakeTmp'
Makefile:126: recipe for target 'cmTC_1b36d/fast' failed
make: *** [cmTC_1b36d/fast] Error 2
File /root/CMakeFiles/CMakeTmp/CheckSymbolExists.c:
/* */
#include <pthread.h>
int main(int argc, char** argv)
{
(void)argv;
#ifndef pthread_create
return ((int*)(&pthread_create))[argc];
#else
(void)argc;
return 0;
#endif
}
Determining if the function pthread_create exists in the pthreads failed with the following output:
Change Dir: /root/CMakeFiles/CMakeTmp
Run Build Command:"/usr/bin/make" "cmTC_3f22c/fast"
/usr/bin/make -f CMakeFiles/cmTC_3f22c.dir/build.make CMakeFiles/cmTC_3f22c.dir/build
make[1]: Entering directory '/root/CMakeFiles/CMakeTmp'
Building C object CMakeFiles/cmTC_3f22c.dir/CheckFunctionExists.c.o
/usr/bin/cc -DCHECK_FUNCTION_EXISTS=pthread_create -o CMakeFiles/cmTC_3f22c.dir/CheckFunctionExists.c.o -c /usr/share/cmake-3.10/Modules/CheckFunctionExists.c
Linking C executable cmTC_3f22c
/usr/bin/cmake -E cmake_link_script CMakeFiles/cmTC_3f22c.dir/link.txt --verbose=1
/usr/bin/cc -DCHECK_FUNCTION_EXISTS=pthread_create -rdynamic CMakeFiles/cmTC_3f22c.dir/CheckFunctionExists.c.o -o cmTC_3f22c -lpthreads
/usr/bin/ld: cannot find -lpthreads
collect2: error: ld returned 1 exit status
CMakeFiles/cmTC_3f22c.dir/build.make:97: recipe for target 'cmTC_3f22c' failed
make[1]: *** [cmTC_3f22c] Error 1
make[1]: Leaving directory '/root/CMakeFiles/CMakeTmp'
Makefile:126: recipe for target 'cmTC_3f22c/fast' failed
make: *** [cmTC_3f22c/fast] Error 2
My OS: Ubuntu 18.04
Since 9befa25, you can't build on Windows anymore as only the Linux source files have query_ssb_info
.
It would be nice if there was a way to build this that didn't depend on X11, and printed the checks to standard out.
I built a 32-bit binary of msdtool-cli using:
cmake .. -DCMAKE_CXX_FLAGS=-m32 -DCMAKE_C_FLAGS=-m32
Running the resulting binary on an Intel Atom system under 32-bit CentOS 6.10 (fully updated) as root gave the following:
# ./mdstool-cli
System:
* Operating System: Linux 2.6.32-754.24.3.el6.i686
* Processor: Intel(R) Atom(TM) CPU N2800 @ 1.86GHz
* Microarchitecture: Unknown
* Microcode: 269
* Memory: 3.81 GiB
[snip]
Speculative Store Bypass:
* Status: Not Affected
* Speculative Store Bypass Disable: Not Required
but running it as an unprivileged user gave:
Speculative Store Bypass:
* Status: Vulnerable
* Speculative Store Bypass Disable: Not Available
All the other tests came up as "Not affected" in both cases.
Which result should I believe? Or should the tool be run as both root and non-root users and the worst outcome be selected?
I'm receiving an error on OSX
cannot execute binary file
Looking around this repository, coming from someone who never looked at it before, I'm having trouble identifying the license that applies to the entire codebase.
Am I correct to guess that this file: https://github.com/vusec/ridl/blob/master/tool/LICENSE is applicable to all code in this repository (excluding the git submodules, of course), or does it only apply to the code in that tool
directory?
If the latter, is the code found in the other folders then unlicensed, meaning regular copyright applies to it?
If the first, should this file maybe be moved to the top directory so that both Github and visiting viewers can identify what license this repository is under?
Another thing, it seems to me the MPL requires the license notice to be attached in some way to every file it is applied to: https://www.mozilla.org/en-US/MPL/2.0/FAQ/#header-locations
So it would probably be advisable to add a license header to every source file that the MPL is applied to in this codebase:
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at https://mozilla.org/MPL/2.0/. */
Thoughts?
I tried mdstool-cli.exe from https://mdsattacks.com/files/mdstool-win-20190519.zip and noticed that its output includes color codes. Is it a way to tell the tool to output just plain text?
Here is a sample of what I see in cmd.exe on Window 10:
�[1mMicro-architectural Data Sampling:
�[0m * Line Fill Buffers (MFBDS): �[1m�[31mVulnerable
�[0m * Store Buffers (MSBDS): �[1m�[31mVulnerable
�[0m * Load Ports (MLPDS): �[1m�[31mVulnerable
�[0m * Uncached Memory (MDSUM): �[1m�[31mVulnerable
�[0m * SMT: �[1m�[31mVulnerable
�[0m * MD_CLEAR: �[1m�[32mAvailable
Hi,
Appreciate your sharing.
I'm wondering whether you can help to translate
ridl/tree/master/pocs/vrs.c, ridl2.h
to windows 10 version? I'd like to test it on Windows 10 SUT.
Thanks!
Please apply this patch:
--- CMakeLists.txt.orig 2019-05-23 06:02:35 UTC
+++ CMakeLists.txt
@@ -86,7 +86,7 @@ if (${CMAKE_SYSTEM_NAME} STREQUAL Windows)
source/msw/image.c
source/msw/window.c)
set(BUILD_GUI 1)
-elseif (${CMAKE_SYSTEM_NAME} STREQUAL Linux)
+elseif (${CMAKE_SYSTEM_NAME} STREQUAL Linux OR ${CMAKE_SYSTEM_NAME} MATCHES "FreeBSD|DragonFly")
list(APPEND SOURCES
source/linux/l1tf.c
source/linux/meltdown.c
It looks like cpuid.h isn't really to be found on that platform. Could we support it in the future anyway?
I think the sse_probe should be:
.global sse_probe
sse_probe:
movdqu (%rsi), %xmm0
movq %xmm0, %rax
andq $0xff, %rax
shl $STRIDE_SHIFT, %rax
movq (%rdi, %rax), %rax
ret
Not sure if I'm doing something wrong, but this is on Ubuntu 16.04 LTS inside a VM (Linode):
root@localhost:~/ridl/build# make
Scanning dependencies of target mdstool-cli
[ 4%] Building C object CMakeFiles/mdstool-cli.dir/source/bitmap.c.o
[ 8%] Building C object CMakeFiles/mdstool-cli.dir/source/human.c.o
[ 12%] Building C object CMakeFiles/mdstool-cli.dir/source/system.c.o
[ 16%] Building C object CMakeFiles/mdstool-cli.dir/source/topology.c.o
[ 20%] Building C object CMakeFiles/mdstool-cli.dir/source/x86/gcc/cpuid.c.o
/root/ridl/source/x86/gcc/cpuid.c: In function ‘cpuidex’:
/root/ridl/source/x86/gcc/cpuid.c:12:2: warning: implicit declaration of function ‘__get_cpuid_count’ [-Wimplicit-function-declaration]
__get_cpuid_count(leaf, subleaf, regs + 0, regs + 1, regs + 2, regs + 3);
^
[ 24%] Building C object CMakeFiles/mdstool-cli.dir/source/linux/l1tf.c.o
[ 28%] Building C object CMakeFiles/mdstool-cli.dir/source/linux/meltdown.c.o
[ 32%] Building C object CMakeFiles/mdstool-cli.dir/source/linux/memory.c.o
[ 36%] Building C object CMakeFiles/mdstool-cli.dir/source/linux/microcode.c.o
[ 40%] Building C object CMakeFiles/mdstool-cli.dir/source/linux/spectre.c.o
[ 44%] Building C object CMakeFiles/mdstool-cli.dir/source/linux/ssb.c.o
[ 48%] Building C object CMakeFiles/mdstool-cli.dir/source/linux/topology.c.o
[ 52%] Building C object CMakeFiles/mdstool-cli.dir/source/linux/vuln.c.o
[ 56%] Building C object CMakeFiles/mdstool-cli.dir/source/unix/os.c.o
[ 60%] Building C object CMakeFiles/mdstool-cli.dir/source/x86/cpuid.c.o
[ 64%] Building C object CMakeFiles/mdstool-cli.dir/source/x86/meltdown.c.o
[ 68%] Building C object CMakeFiles/mdstool-cli.dir/source/x86/ridl.c.o
[ 72%] Building C object CMakeFiles/mdstool-cli.dir/source/cli/l1tf.c.o
[ 76%] Building C object CMakeFiles/mdstool-cli.dir/source/cli/main.c.o
[ 80%] Building C object CMakeFiles/mdstool-cli.dir/source/cli/meltdown.c.o
[ 84%] Building C object CMakeFiles/mdstool-cli.dir/source/cli/ridl.c.o
[ 88%] Building C object CMakeFiles/mdstool-cli.dir/source/cli/spectre.c.o
[ 92%] Building C object CMakeFiles/mdstool-cli.dir/source/cli/ssb.c.o
[ 96%] Building C object CMakeFiles/mdstool-cli.dir/source/cli/system.c.o
[100%] Linking C executable mdstool-cli
CMakeFiles/mdstool-cli.dir/source/x86/gcc/cpuid.c.o: In function `cpuidex':
cpuid.c:(.text+0x11f): undefined reference to `__get_cpuid_count'
collect2: error: ld returned 1 exit status
CMakeFiles/mdstool-cli.dir/build.make:692: recipe for target 'mdstool-cli' failed
make[2]: *** [mdstool-cli] Error 1
CMakeFiles/Makefile2:67: recipe for target 'CMakeFiles/mdstool-cli.dir/all' failed
make[1]: *** [CMakeFiles/mdstool-cli.dir/all] Error 2
Makefile:83: recipe for target 'all' failed
make: *** [all] Error 2
Thanks!
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.