Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/zt-chen/PMFault
https://github.com/zt-chen/PMFault
Last synced: about 20 hours ago
JSON representation
- Host: GitHub
- URL: https://github.com/zt-chen/PMFault
- Owner: zt-chen
- License: mit
- Created: 2023-01-06T04:37:08.000Z (over 1 year ago)
- Default Branch: main
- Last Pushed: 2023-03-07T00:29:03.000Z (over 1 year ago)
- Last Synced: 2024-02-29T03:34:19.698Z (4 months ago)
- Language: C
- Size: 9.74 MB
- Stars: 14
- Watchers: 4
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Lists
- Awesome-SGX-Open-Source - https://github.com/zt-chen/PMFault
README
# PMFault: Faulting and Bricking Server CPUs through Management Interfaces
DOI for this repo: [![DOI](https://zenodo.org/badge/585790412.svg)](https://zenodo.org/badge/latestdoi/585790412)**Disclaimer: The code in this repo can cause PERMANENT DAMAGE to your server. Use at your own risk.**
This repo contains the supplementary materials for the paper "PMFault: Faulting and Bricking Server CPUs through Management Interfaces", which will appear in [CHES 2023](https://ches.iacr.org/2023/).
Check [our website](https://zt-chen.github.io/PMFault/) for a brief introduction of the PMFault attack.
[PMFaut paper](https://tches.iacr.org/index.php/TCHES/article/view/10275) is available on CHES Website.
## Folder Structure
### Attack to Supermicro X11 Motherboards* [x11-undervolt_from_rpi](./x11-undervolt_from_rpi.c): PoC of undervolting via raspberry pi, used in initial investigation
* [x11-FirmwareRepacking](./x11-FirmwareRepacking/): PoC of firmware repacking to enable SSH access to BMC
* [x11-BMC-DMA-PMBus](./x11-BMC-DMA-PMBus): PoC of PMBus voltage control via code execution on BMC
* brick.c : overvolt and brick the CPU
* undervolt.c : undervolt and inject fault to SGX
* [x11-voltage-change-with-ipmitool](./x11-voltage-change-with-ipmitool.md): Steps for changeing the voltage via ipmitool (over lan/kcs)The target of the fault injection is the same as those used in [PlunderVolt](https://github.com/KitMurdock/plundervolt)
### Attack to ASRock Rack Motherboard
* asrock-pmbus-powerdown: PoC of powerdown via PMBus for ASRock motherboard, execute with root privilege on CPU### PMBusDetect Tool
* [pmbusdetect](./pmbusdetect): PMBusDetect tool for detecting the connection between CPU/BMC and VRM.
* currently it support ISL68137 and MP2955, welcome to add support for other VRM by opening an issue or pull request.## Library
If you are using the OS provided i2c bus (`/dev/i2c-X`) to communicate with PMBus, you'll need to:1. Load the kernel module to enable i2c bus, different motherboard may need different kernel module, check which one to use at [here](https://docs.kernel.org/i2c/busses/index.html) `sudo modprobe i2c-i801` works for Supermicro X11.
2. `libi2c` library is required for building `PMBusDetect`, `asrock-pmbus-powerdown` and `x11-undervolt_from_rpi`, you can install it with `sudo apt-get install -y libi2c-dev` or compile from source: [i2c-tools](https://github.com/mozilla-b2g/i2c-tools)## Cite this work
```
@article{Chen_Oswald_2023,
title={PMFault: Faulting and Bricking Server CPUs through Management Interfaces: Or: A Modern Example of Halt and Catch Fire},
author={Chen, Zitai and Oswald, David},
year={2023},
month={Mar.},
journal={IACR Transactions on Cryptographic Hardware and Embedded Systems},
volume={2023},
number={2},
pages={1–23}
url={https://tches.iacr.org/index.php/TCHES/article/view/10275},
DOI={10.46586/tches.v2023.i2.1-23}
}
```