daily pastebin goal
78%
SHARE
TWEET

secret_1gbheap_flush.c

a guest Jan 13th, 2018 78 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #include "libkdump.h"
  2. #include <sched.h>
  3. #include <stdio.h>
  4. #include <stdlib.h>
  5. #include <string.h>
  6. #include <time.h>
  7. #include <x86intrin.h>
  8. #include <sys/mman.h>
  9.  
  10. const char *strings[] = {
  11.     "If you can read this, this is really bad",
  12.     "Burn after reading this string, it is a secret string",
  13.     "Congratulations, you just spied on an application",
  14.     "Wow, you broke the security boundary between user space and kernel",
  15.     "Welcome to the wonderful world of microarchitectural attacks",
  16.     "Please wait while we steal your secrets...",
  17.     "Don't panic... But your CPU is broken and your data is not safe",
  18.     "How can you read this? You should not read this!"};
  19.  
  20. int main(int argc, char *argv[]) {
  21.   libkdump_config_t config;
  22.   config = libkdump_get_autoconfig();
  23.   libkdump_init(config);
  24.  
  25.   srand(time(NULL));
  26.   const char *orig_secret = strings[rand() % (sizeof(strings) / sizeof(strings[0]))];
  27.  
  28.   void *block = malloc(1024 * 1024 * 1024);
  29.   int *junk;
  30.   for (junk = (int*)block; junk < ((char*)block + (1024 * 1024 * 1024)); junk++) {
  31.     *junk = 0x402A402A;
  32.   }
  33.  
  34.   char *secret = (char*)block + (32 * 1024 * 1024);
  35.   strcpy(secret, orig_secret);
  36.  
  37.   int len = strlen(secret);
  38.  
  39.  
  40.   printf("\x1b[32;1m[+]\x1b[0m Secret: \x1b[33;1m%s\x1b[0m\n", secret);
  41.  
  42.   size_t paddr = libkdump_virt_to_phys((size_t)secret);
  43.   if (!paddr) {
  44.     printf("\x1b[31;1m[!]\x1b[0m Program requires root privileges (or read access to /proc/<pid>/pagemap)!\n");
  45.     libkdump_cleanup();
  46.     exit(1);
  47.   }
  48.  
  49.   printf("\x1b[32;1m[+]\x1b[0m Physical address of secret: \x1b[32;1m0x%zx\x1b[0m\n", paddr);
  50.   printf("\x1b[32;1m[+]\x1b[0m Exit with \x1b[37;1mCtrl+C\x1b[0m if you are done reading the secret\n");
  51.  
  52.   while(1) {
  53.     char *cur;
  54.     for (cur = secret; cur < secret + len; cur++) {
  55.       _mm_clflush(cur);
  56.     }
  57.   }
  58.  
  59.   return 0;
  60. }
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top