2

Based on this PoC:

https://twitter.com/brainsmoke/status/948561799875502080

enter image description here

I see there are four rows outputed, the second one are two bytes of address of sys_read. What is the first one? Would third row be sys_write? I did some calculations on my laptop with Kernel 4.10 and the offsets of the syscalls on my laptop and the screenshot outputs don't match ....

Anybody has ideas what are those?

Xavier59
  • 2,874
  • 3
  • 17
  • 34
dev
  • 937
  • 1
  • 8
  • 23

1 Answers1

1

First row is guess (leaking by guessing), second timing (for this guess). So best guess, that syscall sysread is at 3a50, that matches reality.

kuker20
  • 26
  • 1