Professional Documents
Culture Documents
Summary
This is a proof-of-concept exploit of the PortSmash microarchitecture attack, tracked by CVE-2018-5407.
Setup
Prerequisites
A CPU featuring SMT (e.g. Hyper-Threading) is the only requirement.
This exploit code should work out of the box on Skylake and Kaby Lake. For other SMT architectures,
customizing the strategies and/or waiting times in spy is likely needed.
OpenSSL
Download and install OpenSSL 1.1.0h or lower:
cd /usr/local/src
wget https://www.openssl.org/source/openssl-1.1.0h.tar.gz
tar xzf openssl-1.1.0h.tar.gz
cd openssl-1.1.0h/
export OPENSSL_ROOT_DIR=/usr/local/ssl
./config -d shared --prefix=$OPENSSL_ROOT_DIR --openssldir=$OPENSSL_ROOT_DIR -Wl,-rp
make -j8
make test
sudo checkinstall --strip=no --stripso=no --pkgname=openssl-1.1.0h-debug --provides=
https://github.com/bbbrumley/portsmash 1/4
05/11/2018 GitHub - bbbrumley/portsmash
If you use a different path, you'll need to make changes to Makefile and sync.sh .
Tooling
freq.sh
Turns off frequency scaling and TurboBoost.
sync.sh
Sync trace through pipes. It has two victims, one of which should be active at a time:
The script will generate a P-384 key pair in secp384r1.pem if it does not already exist.
The script outputs data.bin which is what openssl dgst signed, and you should be able to verify the
ECDSA signature data.sig afterwards with
In the ecc tool case, data.bin and secp384r1.pem are meaningless and data.sig is not created.
For the taskset commands in sync.sh , the cores need to be two logical cores of the same physical core;
sanity check with
So the script is currently configured for logical cores 3 and 7 that both map to physical core 3 ( core_id ).
spy
Measurement process that outputs measurements in timings.bin . To change the spy strategy, check the
port defines in spy.h . Only one strategy should be active at build time.
Note that timings.bin is actually raw clock cycle counter values, not latencies. Look
in parse_raw_simple.py to understand the data format if necessary.
https://github.com/bbbrumley/portsmash 2/4
05/11/2018 GitHub - bbbrumley/portsmash
ecc
Victim harness for running OpenSSL scalar multiplication with known inputs. Example:
./ecc M 4 deadbeef0123456789abcdef00000000c0ff33
Will execute 4 consecutive calls to EC_POINT_mul with the given hex scalar.
parse_raw_simple.py
Quick and dirty hack to view 1D traces. The top plot is the raw trace. Everything below is a different digital
filter of the raw trace for viewing purposes. Zoom and pan are your friends here.
You might have to adjust the CEIL variable if the plots are too aggressively clipped.
Python packages:
Usage
Turn off frequency scaling:
./freq.sh
make clean
make
Take a measurement:
./sync.sh
You can play around with one victim at a time in sync.sh . Sample output for the openssl dgst victim
is in parse_raw_simple.png .
Credits
https://github.com/bbbrumley/portsmash 3/4
05/11/2018 GitHub - bbbrumley/portsmash
https://github.com/bbbrumley/portsmash 4/4