20

GitHub - depletionmode/wsIPC: Working Set Page Cache side-channel IPC PoC

 5 years ago
source link: https://github.com/depletionmode/wsIPC
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.

README.md

wsIPC

wsIPC is a Proof-of-Concept for Windows that abuses shared RO pages in the process Working Set (page cache) to build a simple covert inter-process communication channel.

Demo gif

Background

Page Cache Attacks is a recently published paper by Gruss et al. which describes a page-resolution side-channel due to process-level page caching on OSes such as Linux and Windows. Full details are in the paper.

PoC

This VS2017 solution consists of a wsIPC dynamically-linked library which implements the side channel-based communications and some demo template code to show how it's used. To run, simply start one instance of Demo.exe as the sender:

PS C:\wsIPC> .\Demo.exe send
             _______  _____
 _    _____ /  _/ _ \/ ___/
| |/|/ (_-<_/ // ___/ /__
|__,__/___/___/_/   \___/
 POC by @depletionmode
[+] wsIpc library loaded successfully @ 0x0FDE0000.
[-] Attempting to send message (ArthurMorgan[13])...
[+] ...successfully sent!

And a further instance as the receiver:

PS C:\wsIPC> .\Demo.exe recv
             _______  _____
 _    _____ /  _/ _ \/ ___/
| |/|/ (_-<_/ // ___/ /__
|__,__/___/___/_/   \___/
 POC by @depletionmode
 [+] wsIpc library loaded successfully @ 0x0FDE0000.
 [-] Attempting to read message...
 [+] ...successfully received! -> ArthurMorgan

report

Recommend

About Joyk


Aggregate valuable and interesting links.
Joyk means Joy of geeK