Hi,
In the file: profiling\aes_example\spy.cpp
Why the key[] are all 0x00?
In the code line: “int fd = open("./libcrypto.so", O_RDONLY);”， is the libcrypto.so a special file which must be reloaded? Or can I replace it with other any .so file?
The size of this file must can full reload in the L1 Cache or L2 Cache size?
What is the function of maccess(void *p)?

Is it wrong that timing first then flush in the function flushandreload(). It should be flush first, should it?

Hi,
Can you tell me which version of openssl did you use for the attach, as the new releases have a different implementation?

Hello,
Sorry to bother if what I'm saying is wrong but the command given in README.md for the keypresses is not working for me. the grep expression inside the ` ` is not working I think. You need the space after the ^ but then it will also get the space.

Here is possible solution to fix it:
$ cat /proc/`ps -A | grep gedit | grep -oE "^ [0-9]+" | sed "s| ||g"`/maps | grep r-x | grep gdk-3

This is probably not the best solution but I'm not really good with grep, just wanted to point out the mistake.

Intel suggests to use a cpuid rdtsc instruction rdtsc cpuid sequence to measure the time.link. Also the test sequence is fence cpuid rdtsc instruction rdtsc cpuid mfence in the software prefetch paper of CCS16. So why here the calibration code use the mfence rdtsc mfence instr mfence rdtsc mfence sequece? I have combine the test process to one specific cpu0 and give it highest priority, Also I have isolated one specific cpu to make sure no other processes can run on it. However, I still get different thresholds after each run. Sometimes 220 cycles and sometimes 130 cycles.

In order to get the cache hit/miss threshold, I will the calibration tool to measure that. I will get different results from multiple runs(randomly ranging from 145 to 250). And at the same time, the problem remains even if I use taskset to run the calibration on a fixed core which is isolated from kernel(use isolcpus in grub file to isolate a cpu that will not be scheduled by other process). So have you ever met with problem that multiple runs of calibration produce different results?

Hi,
I am trying to generate the template-profiles of each key by running the linux_low_frequency_example, but the results are nowhere near to the ones mentioned in Readme.md.
The log.txt thus generated doesn't have any address which has a sharp distinction in terms of cache hits for key n. While running the example, I tweaked the code to only look for libgdk-3 files.
Can you please tell me what may have gone wrong, or what set of conditions did you use while experimenting?

Thanks

i am unable to find the xdo.h file

Hi @dgruss ,

First of all, many thanks for sharing this very useful project.
I successfully managed to do the profiling on windows using Mingw, and my aim is to perform a side channel attack on my windows environment.
My understanding is that, for an attack to be performed, the exploitation phase needs to be triggered. However, I can only see the documentation for the exploitation on a Linux environment:
cd exploitation/generic
make
./spy /usr/lib/x86_64-linux-gnu/libgdk-3.so.0.1200.2 0x85ec0

This does not work on mingw. Can you please suggest commands that can work on Mingw?

Any help is highly appreciated.
Antonio

Thank you for providing this code! I was looking for implementation examples for educative purposes. Yet one thing didn't get from reading the papers:

"Use it only on test systems which contain no sensitive data." does it say in the Readme.md.

Can I try this on a virtual machine without any harm to the data on my host system?

Thank you very much in advance!

when cd calibration, and then
make
it comes some error as follow:

error inconsistent operand constraints in an ‘asm’

is there some wrong in the Makefile?

than you!