wallaby is a tool built to expose a core vulnerability in decentralized compute networks: They have no control over the hardware. wallaby misrepresents the name of any GPU on any hardware.
Quick writeup on my thought-process/disassembly here: https://incongruous-gatsby-354.notion.site/Ghidra-on-nvidia-smi-193235325b6b81cfb656f8c7c29bbd48
See also for PCIID spoofing: https://github.com/aychocho/dassie
Compile wallaby by running the following command:
gcc -shared -fPIC -o wallaby.so wallaby.c -ldl
Preload wallaby as follows:
LD_PRELOAD=./wallaby.so nvidia-smi
To get wallaby to hide itself and run anytime nvidia-smi is called, add the following line to the end of the .bashrc
export LD_PRELOAD={PATH_TO_WALLABY}/wallaby.so:$LD_PRELOAD
To dynamically add and remove wallaby, add the following aliases to the .bashrc
#add wallaby alias
alias wallaby='echo "export LD_PRELOAD={PATH_TO_WALLABY}/wallaby.so:\$LD_PRELOAD" >> ~/.bashrc && newbash'
#remove wallaby alias
alias killWallaby='sed -i "\#^export LD_PRELOAD={PATH_TO_WALLABY}/wallaby.so.*\$#d" ~/.bashrc && unset LD_PRELOAD && echo "we wallaby huntin" && newbash'
Build the docker image (replace the name with the container to spoof):
docker build -t nvidia/cuda:12.4.1-base-ubuntu22.04 .
Run the docker image
sudo docker run --runtime=nvidia -it nvidia/cuda:12.4.1-base-ubuntu22.04 bash