 Cool, so I'm the second talk of the day and my talk is going to be about a paper with a pretty long title It's called row hammer Flipping bits and memory without accessing them colon even more stuff And experimented something but that doesn't really matter. So My name is Vishnu, and I'm a year four comma comma computer science students just like Jin. I I And we are actually part of NUS hackers, which is a club slash society in NUS This is my second time here. I was here exactly 12 papers. We love a go one year ago Presenting the Diffie helman key a key exchange, which is also a security realtor paper and today's another security realtor paper Even though I have no Academic experience in security at all. It just seems to click with my interest So the paper It's called it's a colon and experiment study of D run disturbance errors And this is a joint publication by CMU and Intel labs The reason why it fascinated me so much is when we always talk about software exploits is something to its software It's a bug in software Either programmer made a mistake or it's usually a programmer made a mistake somewhere or you forgot to check something But this is a hardware bug that affects software and that fascinated me like a mistake in hardware or So-called mistake in hardware, which you cannot fix because you can't patch hardware It's now affecting software forever and it's almost unpatchable just because of the way hardware. It's where you went once you release hardware That's it So before we talk about what the papers about let me just give you a brief history lesson on what DRAM is DRAM stands for dynamic RAM and that's the kind of RAM that we have in all of our machines Thank you Yep, a lot of jokes like that sprinkle inside the stock So DRAM stands for dynamic RAM and it's the kind of kind of RAM that we have in every single machine that we touch these days Though previously the 90s there was there's thing called SRAM, but it wasn't performed enough So they made a single D a DRAM for dynamic RAM. Here's an example of a kind of DDRAM out there This is the micron something and this is a one MB chip So this entire chip holds exactly one megabyte information, which means that's about one million Sorry Sorry mega bit which makes it 188 kb. Sorry. Yeah, you're right. It's actually want you to kick it and Yeah, so that's actually like 1 million dots in here if you count So so so each single dot here is called DRAM cell and to understand the flaw here We actually need need to learn exactly how a DRAM cell works. I'm going to simplify a lot of electrical Like engineering skills here and just simplify things so that we can all understand them That's what a DRAM cell looks like. There are two two electrical lines here There's a word line at the top and there's a bit line that goes vertically as well So the the word line goes horizontally the bit line goes Vertically and the two components here there is the there's a transistor The simplest way to understand transistor transistor is just a switch You give when you give electricity on the top on the top line The transistor would basically make the thing on the left talk to the thing on the right and it connects them to together Electrically, that's it if you don't give electricity at the top. They won't be connected. That's what trying to stress The second component here is a capacitor This is the capacitor a capacitor holds a charge as simple as that so we hold a charge to signify one bit Like as bit one we and if and if the capacitor doesn't hold a charge that's bit zero and that's all we need to know and Are the way that these capacitors are designed they lose their charge every 64 milliseconds So every 64 milliseconds if there is a charge it goes below a certain threshold where we can't tell that apart from noise So every 64 milliseconds we need to keep recharging them. We just say important concept as well So let's say so this is an example of the same bit and that bit has one So basically green sorry blue means one vote and zero means zero volt So you let us assume that there's a potential charge difference of one vote on the capacitor right now Which means if I connect the capacitors to something it would discharge at one vote and one vote equals to one bit in this example Let's see how like a DRAM microcontroller would read that so what it first does is it so a capacitor holds a charge of one vote The bid line gets activated to half the potential difference so one minus zero divided by two is 0.5 So the bid line gets activated to pre-charged to 0.5 volts and then we activate the word line So as I said the word line is the one that touches the transistor so once you touch the transistor the transistor now activates and You basically this can now talk to that and what happens is since one volt is higher than 0.5 volts the capacitor discharge discharges itself and It discharges itself and the potential difference of the bit line increases very slightly It goes on zero point five to like for example zero zero point five five because of the tiny hole that the capacitor just discharged Note here that by reading it We actually destroyed that capacitor because we had to extract the data from the from the capacitor so every time you read We actually destroy There's a thing called a sense amplifier Basically what that is is it detects the fact that that line there changed from zero point five to zero point five five It amplifies that change so that that line now becomes one The reason why we amplify that back to one is when we read something we don't want to destroy our data We want to load that back into into the capacitor so by amplifying that into one The capacitor gets charged again The capacitor is recharged because of the fact that we have one vote there because a sense amplifier detected the fact that we change from 0.5 to 0.55 we amplify that line to one and now the capacitor gets charged again This is how and then we sweet we switch off those two things So that's the six-step process into reading the fact that this cell just like like this cell is signifying one bit Let's do the zero-bit example There Basically, there's no charge on the capacitor right now We do the same thing we activate the bit line with half the potential difference We activate the word line now because the fact that the word line has a higher potential difference than this it's going to actually recharge it's going to charge the capacitor a bit and This would cause the the potential difference of the bit line to reduce from zero point five something zero point four five sense amplified detects that and Like so the sense amplified now knows that that cell is holding a zero a bit zero it amplifies that into nothing Which causes the capacitor to this to discharge again basically get refreshed and it becomes zero again and The capacitors back to its old state and we have read the fact that this bit is now zero So that's how we read the single bit. It's simple as that. So one bit is cool But how do you do many gigabytes? Right, so that's when things get a bit more or like interesting. So we actually connect this into arrays Into horizontal arrays where the word lines are connected and vertical arrays where the bit lines are connected and So all And this is how actually ram looks like from a microscope scopic scale where the bit lines are all connected Individually to their own sense and sense amplifiers and the word lines are connected horizontally So if I want to read something in this row I activate all of my bit lines and then I activate this world word line and I can in and I can immediately read Every single bit in that row because they would be amplified by my sense amplifiers Let's talk about the structure a bit. So there's a cell holds one bit a Cell forms a bank of DRAM and a bank is basically a 2d array. This is a 8 times 8 array. It's actually huge It's hundred thousand rows by 64,000 rows or something and it's huge and and and each bank has a row buffer the robot But buffers basically the sense and amplifier. So whenever we we read a row that row gets copied here that row gets erased and then we push this back into that that row as part of refreshing and This is one bank One chip that you see if you've seen the DRAM chips before you see like physically black chips on it Each physical chips usually coral coral coral corresponds eight or sixteen banks So and the reason why we have eight or sixteen banks is so that we can do things in parallel Because if you realize we can only read one bit at a time so each bank can only read one bit at a time So if you have eight of them or more you can read things in parallel now, which makes things far faster and more perform Let's talk back to the array now and let's see Let's just throw in some numbers here And let's say we get a command from the CPU that says hey, I want you to read row three column four So what actually happens is the memory controller Tells row three to open itself. It's called the open row procedure Where the bit lines get charged as before the word line gets activated And when this happens the value that gets discharged and copied into a row buffer through the sense amplifiers, right? And then And immediately the sense amplifies would amplify the charge So that the charge gets back into the original cell again And now we have read everything we actually by the By the nature of this design if you want to read one row by if you want to read one cell you actually read the entire row So we have actually read exactly the value that we need So we tell the row first then we tell our call our column selector row three column four is a zero The cool thing here is if you are now are going to going to ask for column six You don't have to do the whole thing again because you already have it in our row buffer Most memory controllers are smart They're going to hold things in the row in the row buffer until you need to change rows Because there's a high chance that you're going to get data sequentially because if you want to bite you At least need eight right so you are going to do things sequentially so it tries to be as smart as it can So how do you write something writing is extremely easy because every single time you read we erase So the fact so how you write something is let's say we get an instruction I want you to write zero on that same cell All you need to do is you update your row buffer to zero Sense amplifier sets that entire bit line to zero Which is nothing and that instantly gets set back on the thing on that thing itself That's how you read and write stuff. So reading actually destroy cells So the closing row mechanism is let's say I want you the CPU says read another row Basically, you have to clear your row buffer. So all you do is You deactivate all you deactivate your word line you deactivate you and you discharge your My hotline. I mean, uh, my bit line that's autocorrect there And then you clear your row buffer and that that's what we call closed row And remember previously I said that capacitors lose a charge instantly I mean, they lose a charge every 64 milliseconds. So this reading process, which is basically refreshing Needs to be done every 64 milliseconds to every cell. So every cell here loses their Entire entire thing in 64 milliseconds every 64 milliseconds. This scan that you see here happens And the the thing is you may think this is very inefficient because every 64 milliseconds I need to do do do this but actually the process of reading is extremely fast We can actually open we we can open a row and read a single bit in about 50 nanoseconds And there are about 1.2 million 50 nanoseconds in 64 milliseconds. So we can actually access The same row about 1.2 million times before it needs to be refreshed So it's actually quite performant Key takeaway so far about how DRM works reading one bit requires the entire row to be refreshed And every 64 milliseconds we refresh every single bit. So if we have 8 GB of RAM every single bit gets refreshed 64 milliseconds Now let's talk about disturbances of what the paper actually are discovered, which is what the paper's all about Yeah No, it's not it actually gives like a I believe it gets a set of of instructions for the memory controller and the memory controller does Okay, but the data bus is 64 bits These days you typically have dual channel memory at the very least so 128 bits per read Right, but does that correspond to a single row? Because That's why there's a memory controller in the way on the so there's the two memory controllers and everything You have a memory controller CPU that says give me these addresses to the RAM module The RAM module has its own internal thing Which you can think of is what the SSD controller does of like hey I'm going to put this physical memory there and that physical memory here because I know this row is broken for some reason And that goes into Like a bit level shopping. It's not like You generally it generally goes wrong at a time. So if there's one row, that's bad. It'll just take it off the But one row is not 128 bits One row is not 128 bits Yeah, it's much longer because it's across multiple memory chips as well Okay, but you don't read from every memory chip on You won't read from every chip that's on the module at a time Continuing on to disturbances, which is actually what the paper discovered So the problem here is that we as consumers we always want things to be smaller faster and cheaper And that's how things are always working So if you look at the graph over there like the DRAM part over there The size of DRAM has been decreasing exponentially Where in 2000 the size of DRAM used to be around I don't know what that is in log terms But somewhere between 1 gigabyte and 500 megabits per centimeter square and right now we are somewhere at actually 15 15 or so gigabits per centimeter square And the reason is as things become as these cells become closer and closer and closer to together It becomes harder for manufacturers to build cells that are completely electrically sealed And this would cause like charge leakages and sometimes cause like real issues. That's what the paper discovered So back to a pictorial representation here on what they actually discovered. So this is an array of cells I want to read the middle row. So I activate all my bit lines I activate my Word line, which is a horizontal line and what they discovered is if you hammer this Hammer is just basically you hit the same line The maximum number of times you can before it refreshes like this If you hammered like 1.2 million times in a refresh a charge could accidentally leak from there into the transistor below Because the fact that these things are nanometers apart, right? So a charge could accidentally leak from there to the transistor below What that basically does is that activates that transistor Whatever charge in there gets leaked into that that bit line because the only thing protecting you from the bit line Is the transistor so the charge leaks there The bit that's going to get flipped because if it's a zero it becomes a one now and it was if it was a one now it became zero And it and it could could get flipped like that and so that's exactly what row hammer is so That's basically the concept of row hammer where you hammer the same row many many many many many many times You cause it and you basically cause a charge leakage to happen just because how close they were together This didn't usually be a problem, but now it is just because of how close our how chips are And the paper tries to prove that row hammer exists using code So there were two pieces of assembly coding. I know we all hate assembly, but this is only five lines So it should be easy to understand. So let's first look at the control So what the control does is it's a function and we morph which basically copies A bit or a I think that copies a bit or whatever like it's an x into a cpu Her register and then we call cl flush cl flush basically is flush as a cache Uh cpu has its own like l1 l2 blah blah blah cash And we have to flush the cache because if you ask for the same like x again It's going to get there from the cache. So you always need to clear your cpu cache And this is what the code actually does. So let's assume that x is there is is asking for that bit And uh, let's say you you ask for for that bit to be copied into a register And if you run this code like millions of times What the memory control actually does it it basically opens the row Or and before that to run the experiment they actually like allocated a few gigabytes They basically maximize the row ram chip and set all the bits to zero So that when if something flips you can see that it flipped So they set everything to either zero one Depending on whether they were they were looking for a charge or or a discharge leakage So that's what access and they found out that because the fact that the data actually gets cached in the row row buffer Like even if you access the few million times You're only going to get data from the row buffer every single time which means you're not hammering that line And that they detected that there were no flips data was consistent In the other code, let's assume that x and y is now here. So you ask for x You copy to the to a register and then you move y into another register Then you flush your cpu caches. We flush a cache the only way to now get this data now is to To is to is to load the entire row again is to open that row again. So this basically caused this to happen Basically caused the rows to be flipped I mean they caused this to happen and once they did this they realized that Randomly the adjacent rows that were adjacent to those target rows were getting flipped And this is what basically and this is how they proved that this is Indeed an occurrence by having a control that did not have like hammer row and then by just hammering two rows They proved that this happened. So This code were inducing errors and that code was not Proving that row hammer is indeed a problem because the fact that we can't actually inspect these ram chips because they're built in such a close fashion And we don't even know how they are designed. So this is the only way to like actually like experiment on test on these things Question, how do you pick the right x and y right? This is actually very hard to pick because Virtual memory we don't have access to the real memory. How do you know? That the x and y is in the same chip in the same array in the same fashion and they're actually going to activate two different rows So what they did in the experiment is They had physical access to they had bam metal access because the paper wasn't about finding a security expert The paper was actually finding out about the hardware bug. So they had physical access to To the to the hardware itself and they had pseudo access. So there is a process called slash proc slash slash pid slash page map where you can actually get the Where you can actually get the relationship between virtual memory and physical physical address space And by using that you can make sure that your x and y are close enough to be in the same bank But different enough to be on different rows That's what they did but from an unprivileged standpoint What you can just do is you can assume that there are either eight or sixteen banks So if you just ask for two random memory addresses, that's a one by eight chance That uh, they would be on the same bank, which is pretty good enough for standard signal like analysis So one by eight chance if you're assuming that there are the eight banks to make your chances even higher you can hammer four or eight Rows like four or eight bits at once You don't have to just do two and you can do double sided row hammer Which is basically that requires a bit of like trickery So what the double sided row hammer is once you've figured out the number of bits in one row It takes a while to figure that out through row hammering By finding out just by doing a lot of like mathematical analysis from from hammering You can actually then row hammer the the first row and the third row at the same time Which should cause which has a very high chance to cause a leakage in the in the middle in the middle in the middle row Basically, so if you hammer this row and this row at the same time There's a high chance that you'll cause a leakage there just because of the fact that there's more pressure on that row To induce a leakage. So that's what double sided row hammering is Next the paper goes on to talk about what their setup was and what they found out through experimentation They built in fbjs and stuff Yes Yeah to get such low level access right And the heaters there actually because they had a hypothesis that if things were hot the chance of row hammering is higher But it actually wasn't true. So temperature is not a matter yet turns out So these are some graphs that they found out so Three manufacturers here. So abc are different manufacturers. They don't want to like like expose them so These are three different manufacturers and the the errors per cell And the year where the manufacturer the year where the d-rump chip was made So through this you can find out that this happened to this error started out basically in 2010 So they they guessed that in 2010 they like all the manufacturers they started to change their process in some way They either like experiment on a new process to compact things to do together Which caused like this this error to have happened and the second thing is just once the spike goes up There's a trend of it going down Which means that the manufacturers actually realize that this is an issue and they've been trying to solve it in some way Which is why the trend has been going down to 2040 and like there's one chip there in 2040 that does not show this error at all 2040 yeah, so that's the end of the research here Uh, other few cool graphs in the paper is this uh, this is If you change the the refresh interval So the refresh interval is average of 64 milliseconds It's going to refresh itself if you make it shorter the chance of row hammer is less because that that makes sense right because If the refresh interval is 64 and you access it every 50 milliseconds You you can hammer a row 1.2 1.1 million times if you've reduced the refresh interval you can only hammer it less So that is a correlation between the number of times you hammer a row Versus, I mean that to the chance of of a bit flipping which completely makes sense That's the opposite correlation there where the activation interval, which is basically how many nanoseconds do you wait between a hammer? So it's it's basically inverse because if you wait longer between hammers you get less hammers between a refresh because every time you get a refresh All the things will basically you're back to a reset state one more final graph I'd like to show is this is uh, uh, uh, basically a distribution of uh, they hammered row in this graph row zero was the one that was hammered And this is the relative rows that were flipped Based of row zero. So it's obvious that minus one and one has the most here because that's the one that's closest and their theory on why There are flips in row set three and seven is because some chips So they they basically Some chips, uh, is basically Like like because of row re remap they say that there's a chance that Like the the actual physical rows are not in order compared to logic for some reason And that's actually why they saw like a consistent like a high a number in three and seven You can try it at home. Uh, so google, uh, published this thing called row hammer test And I downloaded it. I ran and into my machine. I only ran like 50 iterations I believe if you run millions of your Of iterations you could find about like a flaw in your actual machine But I think this issue has been solved in ddr4, which is what most of our machines are doing That just came out a month ago or something that shows some ddr4 modules are still longer Okay, yeah, but in general ddr4 is supposed to fix it. Yeah Yes, exactly. So I I ran this in mine and this is what one iteration looks like It's basically trying to access 4.3 billion uh, billion Hammers per each map like a dresser basically it it allocates one gb of a memory and it tries to hammer like every single bit Yeah, it takes about 49 nanoseconds per hammer in my machine Don't you need to know all kinds of details of the physical layout of the How can you write this test program so that you can work on your machine and my machine when The ram ships we use are going to be completely different in terms of the layout the generic grid layout is the same for every ranger So and you can just make random assumptions because we we don't know which bits are are weak And if there is a weak bit that bit is repeatable and for every single device, it's different So is this is this a pro is this a probability thing where we have to randomly Try to flip flip a bit Also do interesting things like the assigned chunks of memory and then try to see what What are physical addresses they got and based on that guess Where they're how big a row is how long a row is and all these things. So they do a lot of I remember I did it like there's a bunch of random assignments and be assigned to it and be assigned to it and be assigned to Just to figure out the structure of memory at the beginning and once it has that Then it can actually do much more predictable That's also one of the reasons why the the native versions of this are much quicker than The javascript version that someone pushed out because the javascript version can't and lock its memory block So that's just going to turn up somewhere and then be paged out and it doesn't know that it's been paged out So it's a lot slower Whereas if you're doing it in something native, you can just allocate me three giant bloody buffers and then lock them in physical memory and you can't depict them Second Yes, I'll be talking about that soon actually about how ecc is a major is a potential mitigator to this So that's what the paper described and the paper actually ends here The paper did not go on to like explain how this could be exploited More most of the work that i'm going to show on now was done by the google project zero zero team So they picked up the paper immediately when it was published Five months later. They made a blog post saying that here's what we found and they basically were able to build proof of code concepts in two platforms in knackle native client Where you can run c slash c plus plus code in in chrome and in linux As well and the knackle one was immediately patched through an easy patch But the linux kernel privilege like escalation cannot be patched just because of how it's designed so i'm going to talk about the second one And a bit of basic knowledge that we need is we need to learn about what memory protection is So a very quick computer science class on what is memory protection? um What is unprotected memory so many many years ago when memory was first created memory wasn't protected where uh If you are process a and you ask for x amount of memory This is basically a linear layout of ram They always would just say hey, you can access everything from 11111 to 3333 Try not to go beyond that but just do your best process b comes along and said i would like some memory as well Here's what you have Try not to go beyond that do your best, right? The problem here is this nothing stopping process b from actually touching pro process a's ram And if it does it could crash process a Or if it touches something that belongs to the kernel it would instantly cause a kernel panic And that's why all systems were really really unstable Everything we touch nowadays have Memory protection and this is what memory protection is where your physical ram and we as Processes we don't have access to physical ram at all. We can't even see what's inside It's a completely controlled by the kernel And let's say there's a and every single process gets its own virtual memory It's almost an infinite amount of space that starts from zero to f f f f f And you you can do whatever you want in here completely and The layout of this doesn't have to map to the to the physical Layout at all so if you Try to like use some amount of memory in your process that gets mapped in physical Memory and it doesn't even have to be a continuous block It's completely hidden to you because that's how virtual memory works if there's a second proper process And that would also get its own space in physical memory The cool thing here is this uh promote security because you can only access whatever you have access to And you cannot access anyone else's Her memory which makes things crash-proof and also it's a really really really really big like a security point because I can only access my own things right so I can't change things that belong to other processes or other Lexis like like like system stuff This mapping here is held by a by this thing called a Linux page table Uh page is basically the minimum amount of memory you can ask from the system in most systems of pages for kilobytes You can ask for two two two megabytes through the single huge pages, but that doesn't matter right now Uh, just assume that four kilobytes is the is the minimum you you can ask a page table stores the mapping Between that arrows there right so that basically stores the mapping between virtual addresses for a process and the physical address in physical memory Each mapping Is saved in the page table and each table can hold up to 512 mappings Uh, yes, so which means that uh and each Sorry and each uh, that's my two gb. Yeah, okay Yeah, so so every two megabytes of virtual memory requires a four kilobyte page file because you because each page is four kb four times five five one two is two megabytes And so every two megabytes of virtual memory requires a four kb page file to be written into physical ram Which is controlled by the os which we do not control to Now let's talk about exploit. So this is how the exploit works We so this is our process here and our process is is running in user land So it's completely unprivileged, but we can do anything that c can do so first thing we do is um We allocate shed like a shed memory file through this thing called dev dev dev slash shed memory Where we're basically telling the os i'm going to allocate this file here or this this like a few pages and i want this to be shed and That's how it would look like right so that's the block in our virtual virtual address space And that will get created in the physical address space as well Actually in actuality it's actually controlled by page file Because for every single mapping there's a page file there and it's written in the page file that uh that page file is Basically what's in the page file is this processes blah blah blah address linked to the blah blah blah address in physical memory That's what a page file is And the exploit what the exploit does is it maps that file using mmap millions of times And what it does is when you mmap a file in shed memory space because of memory deduplication You don't actually recreate you don't actually reallocate that memory in physical ram. You just create more page tables That point to that same thing. So you have all this These addresses in virtual memory that are pointing to page tables that are pointing to The same amount of of memory in ram You spray the entire physical Memory with page ta tables these these are only four Kilobytes large, but we do it a million times. That's uh four gigabytes Yeah, one million times is four gigabytes. So you spray the entire physical memory with page tables This is where things things are going to get exciting So we know that for any of these virtual addresses here These virtual files here if they're all controlled by a page table, right? And every page table has the mapping written inside it What if you bit flip the mapping? You and if you bit flip a mapping because the fact that probabilistically Most of your memory is now page tables if you bit flip the mapping you're not going to point to something else So the page table is now going to say Basically, since you created this file the page table says you have read write access to this amount of memory If you bit flip that to point to somewhere else in memory it now says I have read write access to that amount of memory I just escaped linux's memory protection here because I'm now read write accessing a file that's own A page that's owned by the kernel, which is a page file itself Just a bit of a segue just a bit of a distraction. This is what a page table looks looks like it's 64 bits And the page addresses are I told you they're 512 page page addresses. They're all sorry. This is one entry itself I'm sorry the page addresses are stored between here and there. This is in reverse order And the place where you want to attack is this part because if you flip a bit in the higher order bid section there You would get a memory address that points outside that points outside your entire physical map So you want to flip a bit in the lower Bit range of your page address and the chance of you doing that is 31 So if you cause a bit flip in that four kilobyte section There's a 31 chance that you would flip a bit there Which is where you want if you flip a bit somewhere else you will just crash because you can't access that that ram Back to my example. So let's say because of a bit flip there that points to another To another place in her memory and you know that there's a page folder because you spam the entire physical ram with page faults You can now compromise that page file because I have read where access to a page file and that page file is actually called That page file has the mappings for another memory Another block of virtual memory that you want So I just compromise the entire system here because now what I can do is I can use this access to rewrite that page file to point to the entire memory space Basically saying that This process now can write read or write to the entire physical memory address and through this Thing it's basically basically if I try to run a file here. That's basically going to Allow me to read write the entire memory address And that's how the this exploit works in a very simple sense Yeah, so that's that's the exploit basically so once you have memory address what like once you have full memory access What can you do? The google paper goes on to explain that you could modify a set uid Like executable such as ping Ping is requires sudo or root access to run because ping is creating raw sockets Not raw sockets, but it's it's it's it's opening and creating its own sockets and but we as We as normal users we can run ping the reasons because it's like it's it's basically an suid Executable which basically says that anyone can run this but when you run it it gets elevated Privileges just for that prop that process So you could open in c like you could you could open that executable And and inject your own shell code into that executable in memory because the fact that you have access to everything in memory now I could basically scan my entire like memory space and look for ping And insert code into there and i'm and i'm now running shell code as root Which is how the privilege like escalation works Uh, that's an optimization to that attack The optimization just basically using page page reuse the previous attempt it required us to be lucky Because we had we needed a bit of luck We can increase our luck by using page reuse which basically what this is is The first thing that we do is we allocate a huge amount of of memory that we own in the entire physical address space We row hammer every single bit and we find weak bits And then we look for bits that are good for us And when I said good for a dreamer just now I said there's a 31 chance of attack in this region So we basically look for bits that are within that 35 percent 31 percent zone Where it's good if a bit flips there We release that back into the memory pool by using m unmapped the m unmapped Which releases that for kilobyte block into the Memory pool. We immediately ask for more ram Which would in which would ensure that the Linux kernel would now use that as a page file We release all the allocations that that we have done replacing them with page files as we have done before Same thing again. So we know that that Like basically if a bit flips there it's going to be good for like good for us We do we do the same thing. We basically induce a bit flip Which causes that to point to something else and now we've access to entire physical memory in a much more Good way in a much more lucky way There are more exploits that so that's just one of the exploits out there And and the other one is the knuckle one that I spoke about basically the fix that they did for that was uh, they They disallowed the use of cl flush Because you need cl flush to make this work and they realized that no one actually needs cl flush if you're writing a knuckle code So if you don't allow cl flush patched Uh flip function. This is the one where uh, another six security group. They made a compromise Or they measure compromise open, uh, like open ssh and abgap I haven't really read this if you google flip function, you'll find out more about it The same guys who did that they actually made an android proof of concept called drama Which is basically the same thing that google made but on android So you can run that on android because most old and android phones are still using ddr3 memory. I'm sure And you you can see if and it takes about uh 30 seconds to run if i'm not wrong To to to allocate as much ram as i ram as it can and hammer every single bit So how do we stop this? uh, the good thing is uh, this is an issue that only started out in around 2010 And manufacturers at least now they know about it. So the chances of this happening will be reducing but the problem here is We can't fix this on old devices just because of the fact that There's no way to fix it because it's a hardware problem. You can't patch hardware I can't release a software update that says hey v1.1 of hardware uh So we just so manufacturers screwed up in 2010 and now we we we we just had to wait for the next version Of their stuff. So the paper Proposes these solutions the first one is make biota chips. That's the easy answer If you had a time machine problem is always solved Uh self-corruption, which is what you mentioned ecc. So ecc does Solve it in some way, but ecc only gives you a single bit fixes Double bit detection triple bit gone, right? So a single bit fixes and so it is not a fully foolproof solution And it also comes with the performance and cost uh cost Which is one of the problems with ecc The next way is to increase your target refresh rate. So if you saw my chart just now The place to get to the refresh rate to guarantee That uh, you would never have that you would never have row hammer is 6.8. Sorry 8.8 milliseconds So if you reduce your refresh rate from 64 milliseconds to 8 milliseconds, you will never have row hammer You can never flip a bit But the problem with that is Ram is already spending 4 percent of the time refreshing So 4 percent of an entire ram's time is spent refreshing if you if you reduce your Your uh refresh rate to 6 to 8 milliseconds is now going to spend 30 percent of its time refreshing Which will reduce the performance of ram will cost more It will spend more power doing random stuff and that's not good as well So these are the two better solutions that were proposed the first one was proposed by google This is a simple one where you identify hard rows and hard rows you basically have a counter If the same row is being accessed too many times you refresh the rows around it Simple right because I know that if this row is accessed too many times There's a chance that that charge might leak to rows around it So I force a refresh by basically I just read rows around it Like up to a certain point by having a counter DDR4 so low power DDR4 has this in spec Which means that low power DDR4 should Have this and should protect you against a row half What's the difference between LP and non LP? So the LP DDR specs always come out usually three to four years after the baseline specs comes out Okay, the idea is so you you used to only have like say ddr2 and lbddr2 and ddr3 and lbddr3 lbddr was designed to run at a lower voltage consume lower power Generally by doing either smart I think generally the idea is you put lbddr in places where Cost is less of an issue because power is a massive issue So you know embedded space these days on ultra books and stuff It got a bit murky in the ddr3 era because you have a ddr3 l and then you have an lbddr3 And they're both low power but in different ways And the last one that so this was proposed by the paper Which is every time a row is Like like every time a row is accessed you refresh an adjacent row with very very low probability And this would statistically ensure that if you try to hammer the same row There's a good chance that the rows around it would get refreshed because you're doing a low probability And as I said you need to hit you you can hammer a row 1.1 million times before it gets refreshed So low probability and that's fine That's the end so these are the links that I'll upload my slide somewhere the paper link is here the google blog post link There's a blackhead presentation about this by the same guys who wrote the google blog post i think And the dramer poc which you can actually install on any of your android phones if you Trust untrust with sources, which you should not so don't own install it Yeah, that's the end. Thank you What what do you say if you move the if you decrease decrease the refresh rate down to eight Eight milliseconds. Yeah, it will make it impossible Because there was experiment done by them and according to their charts Experimentally they This one couldn't Somewhere like this is eight or something. Yeah Okay, basically you can't either add or drain enough charge in that amount of time. Yeah Or given current run Okay, so you cannot hammer it enough times You cannot hammer enough time because by the time you're almost there it gets refreshed so does it mean that Your charge will leak Given sufficient number of hammering. Yes. Okay. That's exactly what this graph shows Because the longer you wait the more hammers you have and the more hammers you have the higher the the errors That's what this graph is Is it a stochastic process or is it like a gradual build up of charge? Oh, you mean how it actually holds a charge. No, no, I mean when you do this hammering right the error Is it a stochastic thing? like you need to do it a lot of times because you have some probability of Finally fitting it or you have like a gradual build up of charge I believe enough time then it all gets over threshold and I believe the answer is the first one for this where it's It's a random term like that. Yeah Oh, it's literally telling me Oh, it's literally telling me Quantum tunneling? Oh, quantum tunneling. Okay, you can stop Electrons going through things that they're not supposed to pass through Okay, and the idea that if you smash yourself against the wall enough times you will get to the wall Now assume you're an electron and the wall is the transistor. Okay. Okay. So you need in you need the quantity Yes, okay, and all the power but because we don't control the power the only thing we can do is hit more times So this is not a probabilistic thing. It is probably because quantum tunneling is probabilistic Okay, okay, because the more number of times you do it There's a there's a probabilistic chance that you'll actually go through so the number of times you do it But if it's probabilistic then it doesn't guarantee it right it could be It could be an ms. You can just Yes, yes, but I think this is this this numbers are over a large number of experiments Yeah But you can't induce them which is the difference And in this one it's the weak bits are repeatable. So if you discover a weak bit There's a very high chance that you can flip that same bit again That indicates probably a process level thing where Because of the process certain bits are much more like like you to Flip, right? Yeah, probably slightly closer. Maybe it's like some mistake or it could be anything He called meter closer to the next transistor or whatever. Yep. Or just, you know, uneven building. Yeah, uneven building So if I if I download the program and I run it on my laptop a lot of times Yeah, it's fine. It could wear down your ram. I think ram has a wear limit. I'm not sure but The thing is your ram is going to get refreshed anyway, right? So Okay, let's go to this way, right? It's 30 ancient the ram's still working It's been through a lot Okay, so the lifespan of ram is so long that you generally don't need to worry about right If anything it's going to be either the controller on the memory or the tracers that will die and this does not affect that If you have all machines still running did you three I recommend using them because that's a you if you run the google test You could find Does it have that high In this case But I don't think ram makes any I don't think so But it's going to be hard to They're really close by yeah, and it's by So flaw and it's unpatched. So that's the end of it Throw away all your machines throw everything start over. You know, we need to we need to go back to having like 180 nanometers process Like hey, man, I have an awesome laptop. It has 512 megs of ram So Yes, you can so there was a javascript thingy recently Yes, you can I believe they use easy easy grade ram But still you can so the fun thing is someone was trying to see if they could get QMU to stop passing the cl flush instruction through The conclusion is yes, you can stop QMU from sending the cl flush instruction through But it doesn't help because everyone runs QMU with And because what kdm does is it goes yo cpu. You're going to take care of this with me, right? Which point you're down to patching the current the processor So the only thing you can do is like hope to high heavens that intel releases Microput update to disable cl flush, which they'll never do so Is to see how flush use a lot no I mean it's an explicit patch line flush I can imagine Remote performance things where it might be useful, but in the grand scheme of things you can It's only x86 right like so and 64 They the Android one basically that paper explains how this entire thing can work in Because arm doesn't have So Using what you do is what you mess it earlier, which is where you map and unmap things repeatedly to cause a flush Well, actually All right, all right, so if you map enough things you will just flush the cache right because yeah Cool, do you want to do your finishing too? Thank you finishing thing. I kind of started already so