/revanc

Reverse Engineering Page Table Caches in Your Processor

Primary LanguageCApache License 2.0Apache-2.0

Introduction

This directory contains the source code for both anc and revanc. anc is an implementation of the ASLR^Cache (AnC) attack which is an EVICT+TIME side-channel attack on the MMU. AnC relies on the fact that page table lookups by the MMU are stored in the last level cache (LLC) in order to speed up the next required translation. By flushing parts of the LLC and timing the page table lookup, AnC can identify which parts of the LLC store page tables. On top of flushing the LLC, AnC also needs to flush the TLB as well as page table caches. Since the information on the size of the TLB and the LCC is available, the AnC attack can be used to reverse engineer the properties of the page table caches that are of interest to attackers, like their internal architecure and size. revanc is an implemention that retrofits AnC to acquire this information.

With anc, we have demonstrated that numerous x86-64, ARMv7-A and ARMv8-A microarchitectures are affected by the AnC attack. Furthermore, with revanc we have been able to detect the existence of page table caches and the amount of entries that they contain on these microarchitectures. As the code is written with portability in mind, it should be easy to add support for other potentially affected platforms that share a similar MMU design.

We invite you to visit our project page for more information.

Usage

To build the code, simply type:

make

After the code has been built, the anc and revanc programs should be available in the obj directory.

The results generated by the anc program by plotted as MMU-grams using the Python 3 script provided. As this script depends on numpy and matplotlib, these dependencies should be installed first:

sudo apt-get install python3-numpy python3-matplotlib

Then after running the anc program, the script can be run as follows:

scripts/plot.py

The script will then generate a file named mmugram.pdf.

Examples

On x86-64, the cpuid instruction is used to automatically detect the sizes of the caches and the TLBs. As such, it is often sufficient ro anc without any arguments:

./obj/anc

However, since the TLB sizes are also used as a guideline to evict the page table or translation caches, it is sometimes necessary to specify the sizes of these caches. While Intel Ivy Bridge and older microarchitectures do implement a translation cache for PDPTEs, there either is no TLB to cache 1G huge pages, or cpuid does not report its existence. As such we have to specify that this cache consists of four entries manually:

./obj/anc --pl3-entries=4

Similarly, several AMD microarchitectures implement a page table cache with 24 entries:

./obj/anc --pl2-entries=24

With the revanc program, these page table and translation caches can be reverse engineered. However, to optimise the results it is currently advised to specify the virtual address:

./obj/revanc --target=0x222e2599000 --runs=10

For ARMv7-A and ARMv8-A, the sizes of the caches and TLBs cannot be determined automatically yet. As such, it is important to specify these manually. Further, while the ARMv7-A and ARMv8-A platforms do offer Performance Monitoring Units with a register similar to the Timestamp Counter on x86-64, this is not used as it is not accessible from user mode by default. On these platforms a thread that increments a volatile global variable simulating a cycle counter is used instead. Hence it is important to take more timing samples (e.g. 100 rather than the default of 10). For instance, for the Nvidia Tegra K1 the following can be used:

./obj/revanc --target=0x10040000 --evict-target=0x80000000 --runs=10 --cache-size=4M --pl1-entries1=544 --rounds=100

Some ARMv7-A platforms have Large Physical Address Extensions enabled. If this is the case, then the arm-lpae page format has to be specified as well:

./obj/revanc --target=0x10040000 --evict-target=0x80000000 --runs=10 --cache-size=4M --pl1-entries1=544 --page-format=arm-lpae --rounds=100

On ARMv8-A another target address is recommended. For instance, for the Allwinner A64, the following can be used:

./obj/revanc --target=0x116565000 --runs=10 --cache-size=2M --pl1-entries=522 --rounds=100

Frequently Asked Questions (FAQ)

Q. What processor architectures are currently supported/affected?

The anc and revanc can currently be built for and run on the x86-64, ARMv7-A and ARMv8-A architectures and show that these architectures are affected.

Q. What operating systems are currently supported?

The code can currently be built for BSD, Linux, Mac OS X and Microsoft Windows (using MSYS 2).

Q. Does this attack work on hardened systems with ASLR enabled?

Yes, the native implementation of the attack has been reported to work on an Intel Xeon E3-1505M v5 running HardenedBSD/amd64 (thanks to Shawn Webb).

Q. Does this attack work in virtualised environments?

Yes, we have run this attack within KVM guests running Linux on an Intel Atom C2750 and an Intel Xeon E5-2658 v2. In fact, because the hypervisor makes use of the MMU as well, the page table and/or translation cache(c) used by the MMU may end up being (partially) evicted already, amplifyingthe AnC attack. However, because the MMU is used by the hypervisor as well, the revanc program cannot reliably determine the sizes of these caches.

For other questions, please refer to the project page first.