gkaindl / meltdown-poc

A quick PoC to try out the "meltdown" timing attack.
154 stars 40 forks source link

POC for meltdown/spectre

I just wanted to see if this really works, and it actually does. Scary!

It reads out the TEST_PHRASE using the timing attack (in its own process).

Note: This will only work on Intel "Haswell" and later, since it uses the TSX extensions to mitigate the processor trap.

Alternatively, by changing the macro TEST_IN_OWN_PROCESS to 0, you can specify an address and length on the command line, and output raw data to pipe into strings. In this case, it uses Intel's TSX to prevent crashing when attempting to access the mem location, just like the meltdown paper says.

Tested on OS X 10.12.6

Update: OS X has a fix available now, so the PoC only works in its own process memory anymore.