TechQA.

Meltdown POC in C++

2.3k views Asked by At

I heard about the Meltdown vulnerability and read the paper, which was kind of difficult since I am not a native speaker, but I decided to make a small proof of concept C++ program which is shown below, I would like to know the reasons for the code not working. I have tested it on an AMD FX 8350 Eight Core and an Intel I3 processor

/*In this code I wanted to make a PoC for the Meltdown flaw (https://meltdownattack.com/)*/
#include "stdafx.h"
#include <stdlib.h>
#include <iostream>
#include <chrono>

int secretvar = 15;     //This is our "unreadable" var which we "cannot" read but we will have the value exposed via cache attack
int x = rand() % 100;   //Used later, important that it's random

int main()
{   
    int arr[1000];                  //We setup our array
    for (int i = 0; i < 100; ++i) { //Fill it with random values
        arr[i] = rand() % 10 + 1;
    };

    if (x == 4) {                       //Here I want to trigger the Out-of-Order execution so that the CPU executes the code below the if case
        int c = arr[secretvar];         //before it really checks if x is actually 4. And with this, the CPU would put the cached variable "c" into
                                        //its cache.
    };
    
/*At this point we don't know the value of secretvar but we know that the CPU has cached some index with the
exact value of secretvar. Therefore we can now iterate over the array and how long it takes the CPU to access the
different array indexes. The CPU will be faster at accessing one specific element because it is taken from cache 
and not from the memory. This index is the value of secretvar.*/

    double lowest_val = 500;
    int    lowest_index = 0;

    for (int i = 0; i < 100; i++) {
        auto start = std::chrono::high_resolution_clock::now(); //start timer
        arr[i];                                                 //access array
        auto finish = std::chrono::high_resolution_clock::now();//end timer
        std::chrono::duration<double> elapsed = finish - start;//calculate needed time
        double e = elapsed.count();
        if (e < lowest_val) {
            lowest_val = e;
            lowest_index = i;
        }
        std::cout << i << " : " << e << " s\n"; //show it to the screen
    }
    std::cout <<  lowest_index << "Was accessed fastest "<< " with a time of  "<< lowest_val << "ms" << std::endl;
    system("pause");
    return 0;
}
c++ exploit poc
Original Q&A
0

There are 0 answers

Related Questions in C++

Related Questions in EXPLOIT

Related Questions in POC

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions