Reproducing malicious memory reading on Intel i5 and Intel Xeon using a Spectre attack
C
Switch branches/tags
Nothing to show
Latest commit 1837df1 Jan 6, 2018 @Pl4gue Pl4gue Update README.md

README.md

Spectre Attack Demo (i5-3320M and Intel Xeon v3)

This shows my own try of Proof of Concept Exploit demonstrating the Spectre attack. Unfortunately, I have been able to reproduce it smoothly both on my local and on my AWS Server.

Exploiting Speculative Execution

According to the Spectre paper,

Spectre attacks trick the processor into speculatively executing instructions sequences that should not have executed during correct program execution

The two secrets are declared here:

char * secret = "This is some sample sensitive data";
char * secret2= "This is some other sample sensitive data";

I first tried it on my local laptop running an Intel i5-3320M on Ubuntu 16.10 Yaketty

local_cpu.png

and it worked, as seen here:

Spectre_i5_ubuntuYakkety.jpeg

Then, I tried it on my AWS EC2 Instance running an Intel Xeon E5-2676 v3

server_cpu.png

and it worked as well:

Spectre_Xeonv3_ubuntuXenial.jpeg

Seems like we are all f*ucked.

Credits

Spectre was independently discovered and reported by Jann Horn and Paul Kocher in collaboration with, Daniel Genkin (University of Pennsylvania and University of Maryland), Mike Hamburg (Rambus), Moritz Lipp (Graz University of Technology), and Yuval Yarom (University of Adelaide and Data61).

Their great researching work is documented in the Spectre Paper.