Jump to content

Spectre_Meltdown Erik August + Stephan Vanderkhof Poc


Sampei.Nihira

Recommended Posts

Link to comment
Share on other sites


16 hours ago, Sampei.Nihira said:

Spectre.exe is a 64-bit executable.  Now, spectre-meltdown-vulnerability-windows-test.exe does run on XP SP3 all right (provided the processor has SSE2, of course!). What part of...

Quote

System requirements: SSE2 capable processor (the program crashes without)

...did you fail to understand?

Link to comment
Share on other sites

On 1/26/2018 at 2:34 AM, Dibya said:

I will try as soon as possible 

Good.

 

On 1/26/2018 at 9:04 AM, dencorso said:

Spectre.exe is a 64-bit executable.  Now, spectre-meltdown-vulnerability-windows-test.exe does run on XP SP3 all right (provided the processor has SSE2, of course!). What part of...

...did you fail to understand?

In my pc it crashes.

XP (Intel Celeron M380)

zNAaexcC_t.jpg

Link to comment
Share on other sites

XP (Intel Celeron M380)? That's a 90nm Dothan from 2005! It's *not* vulnerable to either Meltdown or Spectre (both variants) and it does have SSE2, so it crashes on some other point or actually due to the exploit failure. Relax, you have no reason at all for worrying. \m/

Link to comment
Share on other sites

Who says it is not vulnerable?

At the moment it is not on the Intel List.

This vulnerability affects the processors from the Pentium Pro 1995  (the first CPU to use speculative execution).

The test below shows that my CPU is vulnerable:

https://repl.it/repls/DeliriousGreenOxpecker

Edited by Sampei.Nihira
Link to comment
Share on other sites

Good, so now we're certain the problem is that one of the instructions used by that program is not supported by your CPU. I compiled the SpectrePoC fork that was linked by @cdob. I disabled all extras, I hope the binary is good. Needs at least Pentium 3 equivalent or better CPU; it utilizes some function relying on SSE instructions and it wouldn't compile without specifying -march=pentium3 parameter on the command line.

https://drive.google.com/open?id=1WG-62M9ZZwDXNf0xlhx6NhR-_gtDv7AC

Edited by UCyborg
Link to comment
Share on other sites

32 minutes ago, UCyborg said:

Good, so now we're certain the problem is that one of the instructions used by that program is not supported by your CPU. I compiled the SpectrePoC fork that was linked by @cdob. I disabled all extras, I hope the binary is good. Needs at least Pentium 3 equivalent or better CPU; it utilizes some function relying on SSE instructions and it wouldn't compile without specifying -march=pentium3 parameter on the command line.

https://drive.google.com/open?id=1WG-62M9ZZwDXNf0xlhx6NhR-_gtDv7AC

TH.

In fast CPUs the window closes automatically after a few seconds.

Can you insert a manual closure?

Example
"press a key to end the program".

Link to comment
Share on other sites

OK, will update the ZIP file with another .exe with manual closure. The thing about console programs, they run, do their thing and and then the process terminates. You can see their output if you run them from Command Prompt.

The bigger problem that shouldn't occur is that part of the message it outputs is garbled for some reason, need to look into this as well.

Link to comment
Share on other sites

1 hour ago, UCyborg said:

I hope the binary is good.

Seems that it can't read "the secret string" on my Pentium 4:

L:\>spectre.exe
Using a cache hit threshold of 80.
Build: RDTSCP_NOT_SUPPORTED MFENCE_NOT_SUPPORTED CLFLUSH_NOT_SUPPORTED
Reading 40 bytes:
Reading at malicious_x = 00001024... Success: 0xFF=’?’ score=0
Reading at malicious_x = 00001025... Success: 0xFF=’?’ score=0
Reading at malicious_x = 00001026... Success: 0xFF=’?’ score=0
Reading at malicious_x = 00001027... Success: 0xFF=’?’ score=0
Reading at malicious_x = 00001028... Success: 0xFF=’?’ score=0
Reading at malicious_x = 00001029... Success: 0xFF=’?’ score=0
Reading at malicious_x = 0000102a... Success: 0xFF=’?’ score=0
Reading at malicious_x = 0000102b... Success: 0xFF=’?’ score=0
Reading at malicious_x = 0000102c... Success: 0xFF=’?’ score=0
Reading at malicious_x = 0000102d... Success: 0xFF=’?’ score=0
Reading at malicious_x = 0000102e... Success: 0xFF=’?’ score=0
Reading at malicious_x = 0000102f... Success: 0xFF=’?’ score=0
Reading at malicious_x = 00001030... Success: 0xFF=’?’ score=0
Reading at malicious_x = 00001031... Success: 0xFF=’?’ score=0
Reading at malicious_x = 00001032... Success: 0xFF=’?’ score=0
Reading at malicious_x = 00001033... Success: 0xFF=’?’ score=0
Reading at malicious_x = 00001034... Success: 0xFF=’?’ score=0
Reading at malicious_x = 00001035... Success: 0xFF=’?’ score=0
Reading at malicious_x = 00001036... Success: 0xFF=’?’ score=0
Reading at malicious_x = 00001037... Success: 0xFF=’?’ score=0
Reading at malicious_x = 00001038... Success: 0xFF=’?’ score=0
Reading at malicious_x = 00001039... Success: 0xFF=’?’ score=0
Reading at malicious_x = 0000103a... Success: 0xFF=’?’ score=0
Reading at malicious_x = 0000103b... Success: 0xFF=’?’ score=0
Reading at malicious_x = 0000103c... Success: 0xFF=’?’ score=0
Reading at malicious_x = 0000103d... Success: 0xFF=’?’ score=0
Reading at malicious_x = 0000103e... Success: 0xFF=’?’ score=0
Reading at malicious_x = 0000103f... Success: 0xFF=’?’ score=0
Reading at malicious_x = 00001040... Success: 0xFF=’?’ score=0
Reading at malicious_x = 00001041... Success: 0xFF=’?’ score=0
Reading at malicious_x = 00001042... Success: 0xFF=’?’ score=0
Reading at malicious_x = 00001043... Success: 0xFF=’?’ score=0
Reading at malicious_x = 00001044... Success: 0xFF=’?’ score=0
Reading at malicious_x = 00001045... Success: 0xFF=’?’ score=0
Reading at malicious_x = 00001046... Success: 0xFF=’?’ score=0
Reading at malicious_x = 00001047... Success: 0xFF=’?’ score=0
Reading at malicious_x = 00001048... Success: 0xFF=’?’ score=0
Reading at malicious_x = 00001049... Success: 0xFF=’?’ score=0
Reading at malicious_x = 0000104a... Success: 0xFF=’?’ score=0
Reading at malicious_x = 0000104b... Success: 0xFF=’?’ score=0

 

Link to comment
Share on other sites

5 minutes ago, Yellow Horror said:

Seems that it can't read "the secret string" on my Pentium 4:

I got the same output with the version of that program that uses SSE2 on my AMD Phenom II X4 920.

Well, so far, I think I've figured out the garbled text problem on my end, the font I've chosen for command windows doesn't support that ’ character.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...