Working with this PoC
https://github.com/IAIK/meltdown
Running it:
# ./secret
[+] Secret: Sample text
[+] Virtual address of secret: 0x4af528
[+] Physical address of secret: 0x172bc3528
[+] Exit with Ctrl+C if you are done reading the secret
However reading shows nothing:
$ ./physical_reader 0x172bc3528
[+] Physical address : 0x172bc3528
[+] Physical offset : 0xffff880000000000
[+] Reading virtual address: 0xffff880172bc3528
I have KASLR disabled.
BOOT_IMAGE=/boot/vmlinuz-4.4.0-93-generic root=UUID=6c2b06f8-b8dd-4117-a77e-2425b27fb749 ro quiet splash crashkernel=384M-2G:128M,2G-:256M vt.handoff=7
Reliability test works fine:
# ./reliability
[-] Success rate: 99.40% (read 166 values)
Anybody has an idea why it cannot read the memory address from secret?
Without KASLR, physical offset will remain always 0xffff880000000000, right?
Thanks,