|
…
|
||
|---|---|---|
| .. | ||
| README.md | ||
| big-fuzz.yaml | ||
| conf-v4.yaml | ||
| detecting-foreshadow.yaml | ||
| detecting-mds.yaml | ||
| detecting-v1-var.yaml | ||
| detecting-v1.yaml | ||
| detecting-v4.yaml | ||
| detecting-zdo.yaml | ||
README.md
This demo shows how Revizor can find real-world vulnerabilities in CPUs. Each config here is intentionally made to detect only one type of vulnerabilities.
For example, if you fuzz an Intel CPU with conf-v1.yaml, you will likely detect an instance of Spectre V1.
(of course, there is always a chance that you will find a new previously-unknown vulnerability with this config, but the likelihood is rather low).
This demo targets Intel CPUs. Other microarchitectures are not yet supported (but coming soon!).
The commands below assume that the ISA spec (downloaded via rvzr download_spec) is stored in base.json.
- Spectre V1 (description):
rvzr fuzz -s base.json -c demo/conf-v1.yaml -i 50 -n 10000
Expected duration - several seconds.
- MDS or LVI-Null, depending on the CPU model (description of MDS and LVI):
rvzr fuzz -s base.json -c demo/conf-v1.yaml -i 50 -n 10000
Expected duration - several minutes.
- Spectre V4 (description):
rvzr fuzz -s base.json -c demo/conf-v4.yaml -i 50 -n 10000
Expected duration - 5-20 minutes.
- Spectre V1-Var (description and here)
rvzr fuzz -s base.json -c demo/conf-v1.yaml -i 50 -n 10000
Expected duration - several minutes.