grg/checkm8_tool
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

some bugfixes and changes for a longer term experiment

Browse Source
This commit is contained in:
Gregor Haas
2020-02-24 16:17:01 -05:00
parent 6ec02145b3
commit df40cc6970
2 changed files with 50 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
c8_remote/lib/payload/src/aes_sw.c
View File

@@ -173,6 +173,7 @@ void entry_async(uint64_t *base)
expand_key(key, key_sched, 11, sbox, rc_lookup);
// initialize events and buffers
struct aes_sw_bernstein_data *data = (struct aes_sw_bernstein_data *) base;
event_new(&data->ev_data, 1, 0);
event_new(&data->ev_done, 1, 0);
@@ -180,7 +181,7 @@ void entry_async(uint64_t *base)
data->count = 0;
for(i = 0; i < 16; i++)
{
for(j = 0; j < 16; j++)
for(j = 0; j < 256; j++)
{
data->t[i][j] = 0;
data->tsq[i][j] = 0;
@@ -190,17 +191,16 @@ void entry_async(uint64_t *base)
while(1)
{
// randomly generate a new msg based on the old one
for(i = 0; i < 16; i++)
msg_old[i] = msg[i];
for(addr = sbox; addr < sbox + 256; addr += 64)
inv_va(addr);
// encrypt it and measure time
start = get_ticks();
aes128_encrypt_ecb(msg, msg_len, key, sbox, key_sched, mul2, mul3);
timing = (double) (get_ticks() - start);
// update counters
for(i = 0; i < 16; i++)
{
data->t[i][msg_old[i]] += timing;
@@ -211,6 +211,7 @@ void entry_async(uint64_t *base)
data->ttotal += timing;
}
// check if host has requested data
iter_count++;
if(iter_count % 100000 == 0)
{

73
c8_remote/main.c
View File

@@ -490,7 +490,7 @@ void usb_task_exit(struct pwned_device *dev)
int main()
{
struct dev_cmd_resp *resp;
struct aes_sw_bernstein_data *data;
struct aes_sw_bernstein_data data;
struct pwned_device *dev = exploit_device();
DEV_PTR_T addr_async_buf;
@@ -499,6 +499,9 @@ int main()
double udev[16][256];
double taverage;
FILE *outfile;
char linebuf[256];
if(dev == NULL || dev->status == DEV_NORMAL)
{
printf("Failed to exploit device\n");
@@ -517,7 +520,7 @@ int main()
while(1)
{
sleep(15);
sleep(60);
if(IS_CHECKM8_FAIL(open_device_session(dev)))
{
printf("failed to open device session");
@@ -542,34 +545,9 @@ int main()
return -1;
}
data = (struct aes_sw_bernstein_data *) resp->data;
printf("have count %lli\n", data->count);
taverage = data->ttotal / (double) data->count;
for(j = 0; j < 16; j++)
{
for(b = 0; b < 256; b++)
{
u[j][b] = data->t[j][b] / data->tnum[j][b];
udev[j][b] = data->tsq[j][b] / data->tnum[j][b];
udev[j][b] -= u[j][b] * u[j][b];
udev[j][b] = sqrt(udev[j][b]);
}
}
for(j = 0; j < 16; j++)
{
for(b = 0; b < 256; b++)
{
printf("%2d %3d %lli %.3f %.3f %.3f %.3f\n",
j, b, (long long) data->tnum[j][b],
u[j][b], udev[j][b],
u[j][b] - taverage, udev[j][b] / sqrt(data->tnum[j][b])
);
}
}
memcpy(&data, resp->data, sizeof(struct aes_sw_bernstein_data));
free_dev_cmd_resp(resp);
resp = execute_gadget(dev, ADDR_EVENT_NOTIFY, 0, 1,
addr_async_buf + offsetof(struct aes_sw_bernstein_data, ev_done));
if(IS_CHECKM8_FAIL(resp->ret))
@@ -585,6 +563,43 @@ int main()
printf("failed to close device session\n");
return -1;
}
printf("have count %lli\n", data.count);
taverage = data.ttotal / (double) data.count;
for(j = 0; j < 16; j++)
{
for(b = 0; b < 256; b++)
{
u[j][b] = data.t[j][b] / data.tnum[j][b];
udev[j][b] = data.tsq[j][b] / data.tnum[j][b];
udev[j][b] -= u[j][b] * u[j][b];
udev[j][b] = sqrt(udev[j][b]);
}
}
sprintf(linebuf, "dat_%lli.dat", data.count);
outfile = fopen(linebuf, "w+");
if(outfile == NULL)
{
printf("failed to open data file\n");
return -1;
}
for(j = 0; j < 16; j++)
{
for(b = 0; b < 256; b++)
{
sprintf(linebuf,
"%2d %3d %lli %f %f %f %f\n",
j, b, (long long) data.tnum[j][b],
u[j][b], udev[j][b],
u[j][b] - taverage, udev[j][b] / sqrt(data.tnum[j][b]));
fputs(linebuf, outfile);
}
}
fclose(outfile);
}
free_device(dev);