Linux kASLR (Intel TSX/RTM) bypass static library

Uses Intel TSX/RTM (Restricted Transactional Memory) cache side-channel to get the kernel offset.

Usage

Link libkaslr.a to your exploit and call get_kaslr_offset() to get the offset. The return value is either the kernel offset or (uint64_t)-1 on error.

$ gcc example.c libkaslr.a -static -lm -lpthread

Might try running get_kaslr_offset() in a loop to make sure the return value is stable.

https://asciinema.org/a/UQhuoTWP3ZtfPbPMR69OLSK1f

Name		Name	Last commit message	Last commit date
Latest commit History 3 Commits
Makefile		Makefile
README.md		README.md
example.c		example.c
kaslr.c		kaslr.c
util.c		util.c
util.h		util.h

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Makefile

Makefile

README.md

README.md

example.c

example.c

kaslr.c

kaslr.c

util.c

util.c

util.h

util.h

Repository files navigation

Linux kASLR (Intel TSX/RTM) bypass static library

Usage

About

Releases

Packages

Languages

vnik5287/kaslr_tsx_bypass

Folders and files

Latest commit

History

Repository files navigation

Linux kASLR (Intel TSX/RTM) bypass static library

Usage

About

Resources

Stars

Watchers

Forks

Languages