About  Project Blog Resources

Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

Platypus Attack- 314

Several University ProfessorsPosted 5 Years Ago
  • Uses power consumption APIs on Intel RAPLs and AMD on a local machine in order to distinguish between instructions and memory loads. This allows for leakage of cryptographic keys, breaks KASLR and leaks other important bits of information.
  • For finding encryption keys, this takes a bunch of complicated mathematics. A bunch of data is encrypted, where the consumption of power is taken from the system for the given instruction. Based upon the power consumption (over lots of traces), this estimated power consumption can be used in order to figure the key.
  • For breaking KASLR, this attack uses a low memory consumption with the physical memory address of the kernel is actually accessed. While, with non-mapped memory will take longer to access, as it is not cached. This one is actually simple.
  • To mitigate this attack, Linux takes away the ability to access power consumption APIs from non-privileged users. Additionally, Intel released a Microcode patch to prevent this distinguishing of data to occur.
  • The post claims that AMD has the same issues but has not responded back to the researchers or fixed anything.

Maxwell DulinEmail me!TwitterGithubAdminBlog RSS FeedResources RSS Feed