Skip to content

Instantly share code, notes, and snippets.

@feliam

feliam/flows.c

Created August 9, 2019 16:28
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save feliam/761705840c1434d394dc71092f5af878 to your computer and use it in GitHub Desktop.
Save feliam/761705840c1434d394dc71092f5af878 to your computer and use it in GitHub Desktop.
Download ZIP
Taint tracking side channels
Raw
flows.c
==> flow0.c <==
#include<string.h>
#include<stdio.h>
#include<assert.h>
#define HIGH 0
#define LOW 1
void sha1_hex(char* pwd, size_t co,char *hashed_pwd){
assert (co<9);
assert (pwd);
printf ("Pass <%s> received of len %d\n", pwd,strlen(pwd));
strcpy(hashed_pwd,"16bba41ffc0a0f3b9671422a4e66be125");
}
int main() {
char pwd[9];
char hashed_pwd[41];
char msg[400];
int i=0;
for( i=0; read(HIGH, &pwd[i], 1) == 1 && pwd[i] != 0 && i < 8; i++);
pwd[i]=0;
sha1_hex(pwd,i,hashed_pwd);
strcpy(msg, "INSERT INTO passwd (user, passwd) VALUES ('root', '");
strcat(msg, hashed_pwd);
strcat(msg, "');");
write(LOW, msg, strlen(msg));
}
==> flow1.c <==
int
main ()
{
char input;
char output;
read (HIGH, &input, 1); //"SECRET!"
output = input; //memcpy(&output,&input,1);
write (LOW, &output, 1);
}
==> flow2.c <==
int
main ()
{
unsigned char input;
unsigned char output;
read (HIGH, &input, 1); //input = getchar()
switch (input)
{
case 0:
output = 0;
break;
case 1:
output = 1;
break;
case 2:
output = 2;
break;
case 3:
output = 3;
break;
case 4:
output = 4;
break;
case 5:
output = 5;
break;
case 6:
output = 6;
break;
case 7:
output = 7;
break;
case 8:
output = 8;
break;
case 9:
output = 9;
break;
case 10:
output = 10;
break;
case 11:
output = 11;
break;
case 12:
output = 12;
break;
case 13:
output = 13;
break;
case 14:
output = 14;
break;
case 15:
output = 15;
break;
case 16:
output = 16;
break;
case 17:
output = 17;
break;
case 18:
output = 18;
break;
case 19:
output = 19;
break;
case 20:
output = 20;
break;
case 21:
output = 21;
break;
case 22:
output = 22;
break;
case 23:
output = 23;
break;
case 24:
output = 24;
break;
case 25:
output = 25;
break;
case 26:
output = 26;
break;
case 27:
output = 27;
break;
case 28:
output = 28;
break;
case 29:
output = 29;
break;
case 30:
output = 30;
break;
case 31:
output = 31;
break;
case 32:
output = 32;
break;
case 33:
output = 33;
break;
case 34:
output = 34;
break;
case 35:
output = 35;
break;
case 36:
output = 36;
break;
case 37:
output = 37;
break;
case 38:
output = 38;
break;
case 39:
output = 39;
break;
case 40:
output = 40;
break;
case 41:
output = 41;
break;
case 42:
output = 42;
break;
case 43:
output = 43;
break;
case 44:
output = 44;
break;
case 45:
output = 45;
break;
case 46:
output = 46;
break;
case 47:
output = 47;
break;
case 48:
output = 48;
break;
case 49:
output = 49;
break;
case 50:
output = 50;
break;
case 51:
output = 51;
break;
case 52:
output = 52;
break;
case 53:
output = 53;
break;
case 54:
output = 54;
break;
case 55:
output = 55;
break;
case 56:
output = 56;
break;
case 57:
output = 57;
break;
case 58:
output = 58;
break;
case 59:
output = 59;
break;
case 60:
output = 60;
break;
case 61:
output = 61;
break;
case 62:
output = 62;
break;
case 63:
output = 63;
break;
case 64:
output = 64;
break;
case 65:
output = 65;
break;
case 66:
output = 66;
break;
case 67:
output = 67;
break;
case 68:
output = 68;
break;
case 69:
output = 69;
break;
case 70:
output = 70;
break;
case 71:
output = 71;
break;
case 72:
output = 72;
break;
case 73:
output = 73;
break;
case 74:
output = 74;
break;
case 75:
output = 75;
break;
case 76:
output = 76;
break;
case 77:
output = 77;
break;
case 78:
output = 78;
break;
case 79:
output = 79;
break;
case 80:
output = 80;
break;
case 81:
output = 81;
break;
case 82:
output = 82;
break;
case 83:
output = 83;
break;
case 84:
output = 84;
break;
case 85:
output = 85;
break;
case 86:
output = 86;
break;
case 87:
output = 87;
break;
case 88:
output = 88;
break;
case 89:
output = 89;
break;
case 90:
output = 90;
break;
case 91:
output = 91;
break;
case 92:
output = 92;
break;
case 93:
output = 93;
break;
case 94:
output = 94;
break;
case 95:
output = 95;
break;
case 96:
output = 96;
break;
case 97:
output = 97;
break;
case 98:
output = 98;
break;
case 99:
output = 99;
break;
case 100:
output = 100;
break;
case 101:
output = 101;
break;
case 102:
output = 102;
break;
case 103:
output = 103;
break;
case 104:
output = 104;
break;
case 105:
output = 105;
break;
case 106:
output = 106;
break;
case 107:
output = 107;
break;
case 108:
output = 108;
break;
case 109:
output = 109;
break;
case 110:
output = 110;
break;
case 111:
output = 111;
break;
case 112:
output = 112;
break;
case 113:
output = 113;
break;
case 114:
output = 114;
break;
case 115:
output = 115;
break;
case 116:
output = 116;
break;
case 117:
output = 117;
break;
case 118:
output = 118;
break;
case 119:
output = 119;
break;
case 120:
output = 120;
break;
case 121:
output = 121;
break;
case 122:
output = 122;
break;
case 123:
output = 123;
break;
case 124:
output = 124;
break;
case 125:
output = 125;
break;
case 126:
output = 126;
break;
case 127:
output = 127;
break;
case 128:
output = 128;
break;
case 129:
output = 129;
break;
case 130:
output = 130;
break;
case 131:
output = 131;
break;
case 132:
output = 132;
break;
case 133:
output = 133;
break;
case 134:
output = 134;
break;
case 135:
output = 135;
break;
case 136:
output = 136;
break;
case 137:
output = 137;
break;
case 138:
output = 138;
break;
case 139:
output = 139;
break;
case 140:
output = 140;
break;
case 141:
output = 141;
break;
case 142:
output = 142;
break;
case 143:
output = 143;
break;
case 144:
output = 144;
break;
case 145:
output = 145;
break;
case 146:
output = 146;
break;
case 147:
output = 147;
break;
case 148:
output = 148;
break;
case 149:
output = 149;
break;
case 150:
output = 150;
break;
case 151:
output = 151;
break;
case 152:
output = 152;
break;
case 153:
output = 153;
break;
case 154:
output = 154;
break;
case 155:
output = 155;
break;
case 156:
output = 156;
break;
case 157:
output = 157;
break;
case 158:
output = 158;
break;
case 159:
output = 159;
break;
case 160:
output = 160;
break;
case 161:
output = 161;
break;
case 162:
output = 162;
break;
case 163:
output = 163;
break;
case 164:
output = 164;
break;
case 165:
output = 165;
break;
case 166:
output = 166;
break;
case 167:
output = 167;
break;
case 168:
output = 168;
break;
case 169:
output = 169;
break;
case 170:
output = 170;
break;
case 171:
output = 171;
break;
case 172:
output = 172;
break;
case 173:
output = 173;
break;
case 174:
output = 174;
break;
case 175:
output = 175;
break;
case 176:
output = 176;
break;
case 177:
output = 177;
break;
case 178:
output = 178;
break;
case 179:
output = 179;
break;
case 180:
output = 180;
break;
case 181:
output = 181;
break;
case 182:
output = 182;
break;
case 183:
output = 183;
break;
case 184:
output = 184;
break;
case 185:
output = 185;
break;
case 186:
output = 186;
break;
case 187:
output = 187;
break;
case 188:
output = 188;
break;
case 189:
output = 189;
break;
case 190:
output = 190;
break;
case 191:
output = 191;
break;
case 192:
output = 192;
break;
case 193:
output = 193;
break;
case 194:
output = 194;
break;
case 195:
output = 195;
break;
case 196:
output = 196;
break;
case 197:
output = 197;
break;
case 198:
output = 198;
break;
case 199:
output = 199;
break;
case 200:
output = 200;
break;
case 201:
output = 201;
break;
case 202:
output = 202;
break;
case 203:
output = 203;
break;
case 204:
output = 204;
break;
case 205:
output = 205;
break;
case 206:
output = 206;
break;
case 207:
output = 207;
break;
case 208:
output = 208;
break;
case 209:
output = 209;
break;
case 210:
output = 210;
break;
case 211:
output = 211;
break;
case 212:
output = 212;
break;
case 213:
output = 213;
break;
case 214:
output = 214;
break;
case 215:
output = 215;
break;
case 216:
output = 216;
break;
case 217:
output = 217;
break;
case 218:
output = 218;
break;
case 219:
output = 219;
break;
case 220:
output = 220;
break;
case 221:
output = 221;
break;
case 222:
output = 222;
break;
case 223:
output = 223;
break;
case 224:
output = 224;
break;
case 225:
output = 225;
break;
case 226:
output = 226;
break;
case 227:
output = 227;
break;
case 228:
output = 228;
break;
case 229:
output = 229;
break;
case 230:
output = 230;
break;
case 231:
output = 231;
break;
case 232:
output = 232;
break;
case 233:
output = 233;
break;
case 234:
output = 234;
break;
case 235:
output = 235;
break;
case 236:
output = 236;
break;
case 237:
output = 237;
break;
case 238:
output = 238;
break;
case 239:
output = 239;
break;
case 240:
output = 240;
break;
case 241:
output = 241;
break;
case 242:
output = 242;
break;
case 243:
output = 243;
break;
case 244:
output = 244;
break;
case 245:
output = 245;
break;
case 246:
output = 246;
break;
case 247:
output = 247;
break;
case 248:
output = 248;
break;
case 249:
output = 249;
break;
case 250:
output = 250;
break;
case 251:
output = 251;
break;
case 252:
output = 252;
break;
case 253:
output = 253;
break;
case 254:
output = 254;
break;
case 255:
output = 255;
break;
}
write (LOW, &output, 1);
}
==> flow3.c <==
int
main ()
{
unsigned char array[256] = { 0 }; //256 zeros
unsigned char input;
unsigned char output;
read (HIGH, &input, 1); //read a char from a HIGH file
array[input] = 1;
for (output = 0; !array[output]; output++); //Count zeros until first non-zero
write (LOW, &output, 1); //write output to a LOW file
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment