Flipper is a novel approach for Rowhammer that increases the number of bit flips
found in a given time on mitigated DDR3 systems (double refresh rate mitigation)
by a factor of 830. It consists of two components: CMPIST and CMPPAR, which
are implemented in memPressureGen and hammerTool.
The tool memPressureGen allocates memory and runs the cmpsb and repe x86
instructions on that memory. It showed that this approach increases the number
of bit flips found by a Rowhammer PoC running in parallel.
There are several command line options supported. Run the following command to get a list:
./bin/memPressureGen -h
The tool hammerTool is a Rowhammer PoC that includes automated addressing
function detection on Intel CPUs (does not work on AMD based systems). In
addition to a parallelized hammering mode, it supports many other options.
Run the following command to get a list of supported command line options:
./bin/hammerTool -h
If the automatic detection of address function fails, it is possible to load these functions from a file. The file has the following format:
banks=16
masks=0x0011,0x0022,0x0044,0x0088
The specified number of banks should be two to the power of the number of submitted masks.
The file can be specified with the --importConfig command line parameter.
The amplification factor was calculated between two measurements:
In the first one, hammerTool was started in single-threaded mode and
memPressureGen was not running in parallel.
In the second one, memPressureGen was started. After the initialization phase
(output [INFO]: Comparing pages. Press CTRL-C to stop.), hammerTool was
started with as many threads as there are logical CPU cores on the system and
with CPU pinning.
In both cases, the number of detected bit flips was parsed from the command line
output of hammerTool.