No announcement yet.

Blacksmith: Rowhammer Fuzzer with 100% success rate

  • Filter
  • Time
  • Show
Clear All
new posts

  • Blacksmith: Rowhammer Fuzzer with 100% success rate

    About 2 months ago, Comsec security researchers published research which used a fuzzer based Rowhammer named Blacksmith to trigger bitflips across all 40 modules they tested (ArsTechnica writeup). They don't release which memory modules they tested, but their sample included memory from every major manufacturer.

    The publicly released software is (unfortunately) hardcoded to the Intel Coffee Lake architecture. My test rig runs on AMD and I only use ECC and I'm nearly perfectly ignorant on how this works on the hardware level, but my understanding is that it requires reverse engineering for each architecture (see also: Packaging for GUIX ticket, Python matrices generator script gist, IAIK/Drama, and vusec/trrespass/drama).

    All of the above is liberally licensed (MIT, Apache, or Unlicense) and it would be nice to see it packaged up in a commercial offering like Memtest86.

  • #2
    Good rowhammer code is much much easier to write if you only limit yourself to one type of memory manager (1 CPU model), one RAM configuration (e.g. 1 single stick in a particular slot), one particular BIOS configuration (1 motherboard) and one type of RAM (e.g. DDR4). Plus their test took 12 hours to run just for row hammer.

    For example it is trivial to get extra bit flips by increasing the BIOS refresh period in BIOS. And equally trivial to reduce them by reducing the period.

    In the real world there is a huge amount of variation.