I got a USB-Stick. How do I verify it?
FLIPPYR.AM @38c3

About Rowhammer

In 2014, Kim et al. reported a new disturbance effect in modern DRAM that they called Rowhammer. The Rowhammer effect flips bits in inaccessible memory locations just by reading the content of nearby memory locations that are attacker-accessible. They trigger the Rowhammer effect by accessing memory locations at a high frequency, using memory accesses and flushes. The root problem behind Rowhammer is the continuous increase in cell density in modern DRAM. In early 2015, Seaborn and Dullien were the first to demonstrate the security impact of this new disturbance effect. In two different exploit variants, they demonstrated privilege escalation from the Google Chrome NaCl sandbox to native code execution and from unprivileged native code execution to kernel privileges. Later, in 2015, Gruss et al. demonstrated that this effect can even be triggered from JavaScript, which they presented in their talk "Rowhammer.js: Root privileges for web apps?" at 32C3.

Now, in 2024, it is precisely 10 years after Rowhammer was discovered. We have seen a seemingly endless cat-and-mouse security game with a constant stream of new attacks and new defenses. New Rowhammer attacks pushed the boundaries further with each defense and challenge. While initial attacks required native code on Intel x86 with DDR3 memory, subsequent attacks have also been demonstrated on DDR4 and, more recently, DDR5. Attacks have also been demonstrated on mobile Arm processors and AMD x86 desktop processors. Furthermore, instead of native code, attacks from sandboxed JavaScript or even remote attacks via network have been demonstrated as well.

We want to invite everyone to contribute to solving one of the biggest unanswered questions about Rowhammer: What is the real-world prevalence of the Rowhammer effect? How many systems, in their current configurations, are vulnerable to Rowhammer? As large-scale studies with hundreds to thousands of systems are not easy to perform, such a study has not yet been performed. Therefore, we developed a new framework to check if your system is vulnerable to Rowhammer, incorporating the state-of-the-art Rowhammer techniques and tools. Thus, we invite everyone to participate in this unique opportunity to join forces and close this research gap together.

Participate

Welcome to our FLIPPYR.AM Study. We want to analyze the prevalence of Rowhammer in real-world systems. Everybody can participate in our study. The entire source code is open-source and available via GitHub. You can either build the ISO yourself or run the entire study using Docker. However, we highly recommend using the ISO image.
Simply follow these steps:

  1. Download our ISO image and flash it to a USB thumb drive (see the following Links for a instructions on Windows MacOS Linux).
  2. Boot the system you want to test using the thumb drive you created before.
  3. Specify the time the experiment should run and confirm your participation in the study. (When you do not want to participate in our study, you can still check if your system is vulnerable to Rowhammer without submitting any data.)
  4. Wait for the experiment to finish
  5. You will get a brief overview of the results. Additionally, the raw results will be stored on the thumb drive for you to inspect them afterwards.
  6. The results will be uploaded to our server and you can access them using a URL shown at the end of the test (only if you confimed to participate before).

Incentives

When you upload a valid dataset, you will receive a cryptographic token. This token is generated by hashing random data, and when you upload your dataset, we will save this token separately in our database. This means the token is not associated with your dataset. This ensures that you can participate in the raffle without linking the token to your dataset. Please make sure to bookmark or save this token. As an incentive, the following two rewards can be won:

  1. The first people to send us 10 valid tokens via e-mail (flippy underscore ram at hof minus university dot de) will receive a free flippyr.am t-shirt. We have 10 t-shirts to give away. First come, first served!
  2. Everyone who sends us an e-mail with a valid token will participate in a raffle and have a chance to win a €10 Amazon gift card. The more tokens you send us, the higher your chances are.

I got a USB Stick at 38C3. How to verify it?

You can use the following SHA256 hashes to verify if the USB Stick you got from us is original and was not modified. Because we fixed a minor bug while flashing, there are two different thumb drives, so your thumb drive should have one of the following SHA256 hashes:

The SHA256 sums are calculated over the entire devices (e.g., /dev/sdb) and will change at first boot since running the experiment will resize the partitions and store files on the devices.

How to verify the ISO image?

The ISO image can be verified using SHA256. The current image uploaded by us has the following hash: df42c0310e8a576ceeeeb8f56e806b76b256c239a795f8f443dcaf681614bce7

Study Details

When participating in this study by either using the upload functionality of our ISO image or manually uploading your results to this page, we will store information about your system. Take a look at our Privacy Statement for more information.

Access tokens

If you have participated in the study, you can access a token by typing it in the following text field (to bookmark the token). Normally, it should not be required to manually type the token.

Upload new Dataset

When you did the experiment on your system, you can upload the dataset using this dialog. Just select the ZIP file that is stored on the USB thumb drive. When the upload was successful, you are redirected to the detailed page of your Dataset. Bookmark this page in order to keep access to your dataset (so you can download or delete it afterwards).

Acknowledgments

This project was funded by the Deutsche Forschungsgemeinschaft (DFG) under grant number 503876675, and partly funded by the European Union under grant number ROF-SG20-3066-3-2-2.