vusec / ridl Goto Github PK

RIDL test suite and exploits

CMake 1.13% C 84.25% C++ 0.12% Makefile 2.30% Shell 0.52% Python 9.23% JavaScript 1.30% WebAssembly 0.67% Assembly 0.48%

ridl's Issues

Not sure software work ?

Have install new intel micro-code.
But is 3 vulnerability for what ?

Best Regards

Wrong parsing of spectre_v2 in Linux

Hi,
in linux/spectre.c the strcmp fails when comparing some strings because the whitespace at the beginning of some strings is not stripped.
I checked on Ubuntu 18.04.
Just strip possible whitespaces at the beginning or at the end of iter.key should fix the problem.

Modified spidermonkey binary links broken

Just a heads up: the links to the modified spidermonkey binary in the RIDL.js README and download.sh seem to be broken.

exploits/shadow: `leak` segfaults

The tool leak crashes with a segmentation fault.

$ taskset -c 0 ./leak
Segmentation fault (core dumped)
$ dmesg
[…]
[91284.376146] leak[23989]: segfault at ffffffffffffffff ip 00000000004010b5 sp 00007ffd8ad55f40 error 7 in leak[401000+1000]
[91284.376167] Code: 00 00 be 00 00 10 00 48 83 ec 68 31 ff e8 b3 ff ff ff b9 00 00 10 00 48 89 05 57 df 00 00 48 89 c7 88 d8 45 31 c9 41 83 c8 ff <f3> aa ba 03 00 00 00 b9 22 80 04 00 be 00 00 10 00 31 ff e8 83 ff
[…]

shadow exploit does not work

hey, the shadow exploits does not work for me..
"leak" running for more then 2 days but it does not leak anything..
i trying to use the exploit on i7 6800k , mds mitigations off , updated microcode and last version of ubuntu.

lscpu:

Architecture: x86_64 CPU op-mode(s): 32-bit, 64-bit Byte Order: Little Endian CPU(s): 12 On-line CPU(s) list: 0-11 Thread(s) per core: 2 Core(s) per socket: 6 Socket(s): 1 NUMA node(s): 1 Vendor ID: GenuineIntel CPU family: 6 Model: 79 Model name: Intel(R) Core(TM) i7-6800K CPU @ 3.40GHz Stepping: 1 CPU MHz: 1200.384 CPU max MHz: 3800.0000 CPU min MHz: 1200.0000 BogoMIPS: 6800.68 Virtualization: VT-x L1d cache: 32K L1i cache: 32K L2 cache: 256K L3 cache: 15360K NUMA node0 CPU(s): 0-11 Flags: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx pdpe1gb rdtscp lm constant_tsc arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc cpuid aperfmperf pni pclmulqdq dtes64 monitor ds_cpl vmx est tm2 ssse3 sdbg fma cx16 xtpr pdcm pcid dca sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand lahf_lm abm 3dnowprefetch cpuid_fault epb cat_l3 cdp_l3 invpcid_single intel_ppin ssbd ibrs ibpb stibp tpr_shadow vnmi flexpriority ept vpid ept_ad fsgsbase tsc_adjust bmi1 hle avx2 smep bmi2 erms invpcid rtm cqm rdt_a rdseed adx smap intel_pt xsaveopt cqm_llc cqm_occup_llc cqm_mbm_total cqm_mbm_local dtherm ida arat pln pts md_clear flush_l1d

The tool has high CPU usage on Windows

I tested mdstool-win64.exe on a machine with Intel i5-4210 CPU and 4 GiB RAM running MS Windows 10 Pro. 64-bit v. 1703 and noticed the tool is causing constant high CPU usage of about 20%:

It seems the tool is constantly doing something. This is strange as it should just collect some info from the system, display that info in the GUI and than be idle until closed.

Software not work

Software doesn't work, window just close without any error, cli version doesn't work too, look screen:

libsysinfo.so isn't linked to

FreeBSD 12.

Windows/L1TF: SMT reported vulnerable when no SMT is present

Using the Windows binary on Windows 7 with an Intel Core i5-4570 (4 cores, no SMT) in the L1TF section SMT is being reported as vulnerable. Yet in the section about MDS SMT is reported as Unaffected. - The first look result looks erroneous to me - correct?

It looks like it boils down to:

ridl/source/msw/l1tf.c

Line 42 in 508d549

info->smt_vuln = 1; /* TODO: how do we know? */

Also commit 2e13baf added the use of the function check_smt() for l1tf.c on Linux and macOS but not Windows.

Is check_smt() not available for Windows (yet) or was it forgotten to be added in the process?

Regards
Mathieu

Any love for lower version of CMake?

My server is quite not recent.. can be only installed up to 2.8.12.2 without I jumping into so much hoops.


Setting up cmake (2.8.12.2-0ubuntu3) ...
username@www:~/software/ridl/build$ cmake ..
CMake Error at CMakeLists.txt:1 (cmake_minimum_required):
  CMake 3.1 or higher is required.  You are running version 2.8.12.2


-- Configuring incomplete, errors occurred!
username@www:~/software/ridl/build$

Can you provide a version where it's compatible with aforementioned version?

FreeBSD instructions

It should say:
pkg install ridl

make errors

I couldn't get it to compile out of the box on MacOS Mojave and try on a VirtualBox Ubuntu 18 with CMake.
Please make a MacOSX binary available on mdsattacks.com
I will chase these
CMake Error: The following variables are used in this project, but they are set to NOTFOUND.
Please set them or make sure they are set and tested correctly in the CMake files:
X11_Xft_INCLUDE_PATH (ADVANCED)
used as include directory in directory /home/ecommerce/Downloads/ridl-master
used as include directory in directory /home/ecommerce/Downloads/ridl-master
used as include directory in directory /home/ecommerce/Downloads/ridl-master
X11_Xft_LIB (ADVANCED)
linked by target "mdstool" in directory /home/ecommerce/Downloads/ridl-master
X11_Xrender_INCLUDE_PATH (ADVANCED)
used as include directory in directory /home/ecommerce/Downloads/ridl-master
used as include directory in directory /home/ecommerce/Downloads/ridl-master
used as include directory in directory /home/ecommerce/Downloads/ridl-master
X11_Xrender_LIB (ADVANCED)
linked by target "mdstool" in directory /home/ecommerce/Downloads/ridl-master

Not making

I run:

cmake ridl

and get an error:

Determining if the pthread_create exist failed with the following output:
Change Dir: /root/CMakeFiles/CMakeTmp

Run Build Command:"/usr/bin/make" "cmTC_1b36d/fast"
/usr/bin/make -f CMakeFiles/cmTC_1b36d.dir/build.make CMakeFiles/cmTC_1b36d.dir/build
make[1]: Entering directory '/root/CMakeFiles/CMakeTmp'
Building C object CMakeFiles/cmTC_1b36d.dir/CheckSymbolExists.c.o
/usr/bin/cc    -o CMakeFiles/cmTC_1b36d.dir/CheckSymbolExists.c.o   -c /root/CMakeFiles/CMakeTmp/CheckSymbolExists.c
Linking C executable cmTC_1b36d
/usr/bin/cmake -E cmake_link_script CMakeFiles/cmTC_1b36d.dir/link.txt --verbose=1
/usr/bin/cc      -rdynamic CMakeFiles/cmTC_1b36d.dir/CheckSymbolExists.c.o  -o cmTC_1b36d
CMakeFiles/cmTC_1b36d.dir/CheckSymbolExists.c.o: In function `main':
CheckSymbolExists.c:(.text+0x1b): undefined reference to `pthread_create'
collect2: error: ld returned 1 exit status
CMakeFiles/cmTC_1b36d.dir/build.make:97: recipe for target 'cmTC_1b36d' failed
make[1]: *** [cmTC_1b36d] Error 1
make[1]: Leaving directory '/root/CMakeFiles/CMakeTmp'
Makefile:126: recipe for target 'cmTC_1b36d/fast' failed
make: *** [cmTC_1b36d/fast] Error 2

File /root/CMakeFiles/CMakeTmp/CheckSymbolExists.c:
/* */
#include <pthread.h>

int main(int argc, char** argv)
{
  (void)argv;
#ifndef pthread_create
  return ((int*)(&pthread_create))[argc];
#else
  (void)argc;
  return 0;
#endif
}

Determining if the function pthread_create exists in the pthreads failed with the following output:
Change Dir: /root/CMakeFiles/CMakeTmp

Run Build Command:"/usr/bin/make" "cmTC_3f22c/fast"
/usr/bin/make -f CMakeFiles/cmTC_3f22c.dir/build.make CMakeFiles/cmTC_3f22c.dir/build
make[1]: Entering directory '/root/CMakeFiles/CMakeTmp'
Building C object CMakeFiles/cmTC_3f22c.dir/CheckFunctionExists.c.o
/usr/bin/cc   -DCHECK_FUNCTION_EXISTS=pthread_create   -o CMakeFiles/cmTC_3f22c.dir/CheckFunctionExists.c.o   -c /usr/share/cmake-3.10/Modules/CheckFunctionExists.c
Linking C executable cmTC_3f22c
/usr/bin/cmake -E cmake_link_script CMakeFiles/cmTC_3f22c.dir/link.txt --verbose=1
/usr/bin/cc  -DCHECK_FUNCTION_EXISTS=pthread_create    -rdynamic CMakeFiles/cmTC_3f22c.dir/CheckFunctionExists.c.o  -o cmTC_3f22c -lpthreads
/usr/bin/ld: cannot find -lpthreads
collect2: error: ld returned 1 exit status
CMakeFiles/cmTC_3f22c.dir/build.make:97: recipe for target 'cmTC_3f22c' failed
make[1]: *** [cmTC_3f22c] Error 1
make[1]: Leaving directory '/root/CMakeFiles/CMakeTmp'
Makefile:126: recipe for target 'cmTC_3f22c/fast' failed
make: *** [cmTC_3f22c/fast] Error 2

My OS: Ubuntu 18.04

9befa25 breaks building on Windows

Since 9befa25, you can't build on Windows anymore as only the Linux source files have query_ssb_info.

cli version?

It would be nice if there was a way to build this that didn't depend on X11, and printed the checks to standard out.

Intel Atom (32-bit OS): running as root or unprivileged user gives inconsistent results

I built a 32-bit binary of msdtool-cli using:

cmake .. -DCMAKE_CXX_FLAGS=-m32 -DCMAKE_C_FLAGS=-m32

Running the resulting binary on an Intel Atom system under 32-bit CentOS 6.10 (fully updated) as root gave the following:

# ./mdstool-cli
System:
 * Operating System: Linux 2.6.32-754.24.3.el6.i686
 * Processor:         Intel(R) Atom(TM) CPU N2800   @ 1.86GHz
 * Microarchitecture: Unknown
 * Microcode: 269
 * Memory: 3.81 GiB

[snip]

Speculative Store Bypass:
 * Status: Not Affected
 * Speculative Store Bypass Disable: Not Required

but running it as an unprivileged user gave:

Speculative Store Bypass:
 * Status: Vulnerable
 * Speculative Store Bypass Disable: Not Available

All the other tests came up as "Not affected" in both cases.

Which result should I believe? Or should the tool be run as both root and non-root users and the worst outcome be selected?

How to run this tool on OSX

I'm receiving an error on OSX

cannot execute binary file

License compliance

Looking around this repository, coming from someone who never looked at it before, I'm having trouble identifying the license that applies to the entire codebase.

Am I correct to guess that this file: https://github.com/vusec/ridl/blob/master/tool/LICENSE is applicable to all code in this repository (excluding the git submodules, of course), or does it only apply to the code in that tool directory?

If the latter, is the code found in the other folders then unlicensed, meaning regular copyright applies to it?

If the first, should this file maybe be moved to the top directory so that both Github and visiting viewers can identify what license this repository is under?

Another thing, it seems to me the MPL requires the license notice to be attached in some way to every file it is applied to: https://www.mozilla.org/en-US/MPL/2.0/FAQ/#header-locations

So it would probably be advisable to add a license header to every source file that the MPL is applied to in this codebase:

/* This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at https://mozilla.org/MPL/2.0/. */

Thoughts?

how to make mdstool-cli.exe not output color codes

I tried mdstool-cli.exe from https://mdsattacks.com/files/mdstool-win-20190519.zip and noticed that its output includes color codes. Is it a way to tell the tool to output just plain text?

Here is a sample of what I see in cmd.exe on Window 10:
�[1mMicro-architectural Data Sampling:
�[0m * Line Fill Buffers (MFBDS): �[1m�[31mVulnerable
�[0m * Store Buffers (MSBDS): �[1m�[31mVulnerable
�[0m * Load Ports (MLPDS): �[1m�[31mVulnerable
�[0m * Uncached Memory (MDSUM): �[1m�[31mVulnerable
�[0m * SMT: �[1m�[31mVulnerable
�[0m * MD_CLEAR: �[1m�[32mAvailable

Windows 10 version for vrs.c, ridl2.h

Hi,
Appreciate your sharing.
I'm wondering whether you can help to translate
ridl/tree/master/pocs/vrs.c, ridl2.h
to windows 10 version? I'd like to test it on Windows 10 SUT.
Thanks!

FreeBSD patch

Please apply this patch:

--- CMakeLists.txt.orig 2019-05-23 06:02:35 UTC
+++ CMakeLists.txt
@@ -86,7 +86,7 @@ if (${CMAKE_SYSTEM_NAME} STREQUAL Windows)
                source/msw/image.c
                source/msw/window.c)
        set(BUILD_GUI 1)
-elseif (${CMAKE_SYSTEM_NAME} STREQUAL Linux)
+elseif (${CMAKE_SYSTEM_NAME} STREQUAL Linux OR ${CMAKE_SYSTEM_NAME} MATCHES "FreeBSD|DragonFly")
        list(APPEND SOURCES
                source/linux/l1tf.c
                source/linux/meltdown.c

root@localhost:~/ridl/build# make
Scanning dependencies of target mdstool-cli
[  4%] Building C object CMakeFiles/mdstool-cli.dir/source/bitmap.c.o
[  8%] Building C object CMakeFiles/mdstool-cli.dir/source/human.c.o
[ 12%] Building C object CMakeFiles/mdstool-cli.dir/source/system.c.o
[ 16%] Building C object CMakeFiles/mdstool-cli.dir/source/topology.c.o
[ 20%] Building C object CMakeFiles/mdstool-cli.dir/source/x86/gcc/cpuid.c.o
/root/ridl/source/x86/gcc/cpuid.c: In function ‘cpuidex’:
/root/ridl/source/x86/gcc/cpuid.c:12:2: warning: implicit declaration of function ‘__get_cpuid_count’ [-Wimplicit-function-declaration]
  __get_cpuid_count(leaf, subleaf, regs + 0, regs + 1, regs + 2, regs + 3);
  ^
[ 24%] Building C object CMakeFiles/mdstool-cli.dir/source/linux/l1tf.c.o
[ 28%] Building C object CMakeFiles/mdstool-cli.dir/source/linux/meltdown.c.o
[ 32%] Building C object CMakeFiles/mdstool-cli.dir/source/linux/memory.c.o
[ 36%] Building C object CMakeFiles/mdstool-cli.dir/source/linux/microcode.c.o
[ 40%] Building C object CMakeFiles/mdstool-cli.dir/source/linux/spectre.c.o
[ 44%] Building C object CMakeFiles/mdstool-cli.dir/source/linux/ssb.c.o
[ 48%] Building C object CMakeFiles/mdstool-cli.dir/source/linux/topology.c.o
[ 52%] Building C object CMakeFiles/mdstool-cli.dir/source/linux/vuln.c.o
[ 56%] Building C object CMakeFiles/mdstool-cli.dir/source/unix/os.c.o
[ 60%] Building C object CMakeFiles/mdstool-cli.dir/source/x86/cpuid.c.o
[ 64%] Building C object CMakeFiles/mdstool-cli.dir/source/x86/meltdown.c.o
[ 68%] Building C object CMakeFiles/mdstool-cli.dir/source/x86/ridl.c.o
[ 72%] Building C object CMakeFiles/mdstool-cli.dir/source/cli/l1tf.c.o
[ 76%] Building C object CMakeFiles/mdstool-cli.dir/source/cli/main.c.o
[ 80%] Building C object CMakeFiles/mdstool-cli.dir/source/cli/meltdown.c.o
[ 84%] Building C object CMakeFiles/mdstool-cli.dir/source/cli/ridl.c.o
[ 88%] Building C object CMakeFiles/mdstool-cli.dir/source/cli/spectre.c.o
[ 92%] Building C object CMakeFiles/mdstool-cli.dir/source/cli/ssb.c.o
[ 96%] Building C object CMakeFiles/mdstool-cli.dir/source/cli/system.c.o
[100%] Linking C executable mdstool-cli
CMakeFiles/mdstool-cli.dir/source/x86/gcc/cpuid.c.o: In function `cpuidex':
cpuid.c:(.text+0x11f): undefined reference to `__get_cpuid_count'
collect2: error: ld returned 1 exit status
CMakeFiles/mdstool-cli.dir/build.make:692: recipe for target 'mdstool-cli' failed
make[2]: *** [mdstool-cli] Error 1
CMakeFiles/Makefile2:67: recipe for target 'CMakeFiles/mdstool-cli.dir/all' failed
make[1]: *** [CMakeFiles/mdstool-cli.dir/all] Error 2
Makefile:83: recipe for target 'all' failed
make: *** [all] Error 2

Thanks!

vusec / ridl Goto Github PK

ridl's Issues

Recommend Projects

Recommend Topics

Recommend Org