well as the OpenCL API developed by Khronos group (GPU). Code currently supports AMD and NVIDIA graphics cards. However, the
3
3
AMDAPPSDK does support Intel as well.
4
4
5
-
Advantages of gpu stored memory:
5
+
Someadvantages of gpu stored memory:
6
6
- No gpu malware analysis tools available on web
7
7
- Can snoop on cpu host memory via DMA
8
8
- Gpu can be used for fast/swift mathematical calculations like xor'ing or parsing
9
-
- Stubs
9
+
- Stub/signature generation
10
10
- Malicious memory may be retained across warm reboots. (Did more conductive research on the theory of malicious memory still being in gpu after shutdown)
11
11
12
12
Requirements for use:
13
13
- Have OpenCL drivers/icds installed (Fun fact: Mac OS X boxes come pre-installed with OpenCL)
14
14
- Nvidia or AMD graphics card (intel supports amd's sdk)
15
15
16
-
Update:
17
-
- Compiler errors resolved, testing PoC now
18
-
19
-
Disclaimer:
20
-
Educational purposes only; authors of this project/demonstration are in no way, shape or form responsible for what you may use this
21
-
for whether illegal or not.
16
+
Features (more features soon):
17
+
- client listener, record data to gpu and send magic packet when ready to dump
22
18
23
19
Heads up:
24
20
- Windows GPU Remote Access Tool (RAT) PoC official release @ /WIN_JELLY
21
+
- Working on PoC for Mac OS X
25
22
23
+
Disclaimer:
24
+
- Educational purposes only; authors of this project/demonstration are in no way, shape or form responsible for what you may use this