Cool-Y.github.io/2021/01/08/dolphin-attack-practice/index.html
2021-05-21 15:35:38 +08:00

1165 lines
40 KiB
HTML
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<!DOCTYPE html>
<html class="theme-next muse use-motion" lang="zh-Hans">
<head><meta name="generator" content="Hexo 3.8.0">
<meta charset="UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1">
<meta name="theme-color" content="#222">
<script src="/lib/pace/pace.min.js?v=1.0.2"></script>
<link href="/lib/pace/pace-theme-center-atom.min.css?v=1.0.2" rel="stylesheet">
<meta http-equiv="Cache-Control" content="no-transform">
<meta http-equiv="Cache-Control" content="no-siteapp">
<link href="/lib/fancybox/source/jquery.fancybox.css?v=2.1.5" rel="stylesheet" type="text/css">
<link href="/lib/font-awesome/css/font-awesome.min.css?v=4.6.2" rel="stylesheet" type="text/css">
<link href="/css/main.css?v=5.1.4" rel="stylesheet" type="text/css">
<link rel="apple-touch-icon" sizes="180x180" href="/images/hackerrank.png?v=5.1.4">
<link rel="icon" type="image/png" sizes="32x32" href="/images/hackerrank.png?v=5.1.4">
<link rel="icon" type="image/png" sizes="16x16" href="/images/hackerrank.png?v=5.1.4">
<link rel="mask-icon" href="/images/logo.svg?v=5.1.4" color="#222">
<meta name="keywords" content="硬件攻击,传感器,语音助手,">
<link rel="alternate" href="/atom.xml" title="混元霹雳手" type="application/atom+xml">
<meta name="description" content="眼前一亮的工作!海豚音攻击,试着复现看看(贫穷版)">
<meta name="keywords" content="硬件攻击,传感器,语音助手">
<meta property="og:type" content="article">
<meta property="og:title" content="Dolphin Attack 论文复现">
<meta property="og:url" content="https://cool-y.github.io/2021/01/08/dolphin-attack-practice/index.html">
<meta property="og:site_name" content="混元霹雳手">
<meta property="og:description" content="眼前一亮的工作!海豚音攻击,试着复现看看(贫穷版)">
<meta property="og:locale" content="zh-Hans">
<meta property="og:image" content="https://res.cloudinary.com/dozyfkbg3/image/upload/v1610082052/Dolphin%20Attack/08_YW7UW_PS_TOE_LZZY.png">
<meta property="og:image" content="https://res.cloudinary.com/dozyfkbg3/image/upload/v1610082052/Dolphin%20Attack/WGD_U453KYP3M3_2639_5I.png">
<meta property="og:image" content="https://res.cloudinary.com/dozyfkbg3/image/upload/v1610082051/Dolphin%20Attack/K5447O57_S___A_O_Q3V.png">
<meta property="og:image" content="https://res.cloudinary.com/dozyfkbg3/image/upload/v1610082052/Dolphin%20Attack/OPSXK_21_7R24_I_NIWM0_8.png">
<meta property="og:image" content="https://res.cloudinary.com/dozyfkbg3/image/upload/v1610082051/Dolphin%20Attack/G8_K4_ZG__PE2CQ_5_UYY.png">
<meta property="og:image" content="https://res.cloudinary.com/dozyfkbg3/image/upload/v1610082508/Dolphin%20Attack/Snipaste_2021-01-08_13-06-55.png">
<meta property="og:updated_time" content="2021-04-10T13:41:53.589Z">
<meta name="twitter:card" content="summary">
<meta name="twitter:title" content="Dolphin Attack 论文复现">
<meta name="twitter:description" content="眼前一亮的工作!海豚音攻击,试着复现看看(贫穷版)">
<meta name="twitter:image" content="https://res.cloudinary.com/dozyfkbg3/image/upload/v1610082052/Dolphin%20Attack/08_YW7UW_PS_TOE_LZZY.png">
<script type="text/javascript" id="hexo.configurations">
var NexT = window.NexT || {};
var CONFIG = {
root: '/',
scheme: 'Muse',
version: '5.1.4',
sidebar: {"position":"left","display":"always","offset":12,"b2t":false,"scrollpercent":true,"onmobile":true},
fancybox: true,
tabs: true,
motion: {"enable":true,"async":false,"transition":{"post_block":"fadeIn","post_header":"slideDownIn","post_body":"slideDownIn","coll_header":"slideLeftIn","sidebar":"slideUpIn"}},
duoshuo: {
userId: '0',
author: '博主'
},
algolia: {
applicationID: '',
apiKey: '',
indexName: '',
hits: {"per_page":10},
labels: {"input_placeholder":"Search for Posts","hits_empty":"We didn't find any results for the search: ${query}","hits_stats":"${hits} results found in ${time} ms"}
}
};
</script>
<link rel="canonical" href="https://cool-y.github.io/2021/01/08/dolphin-attack-practice/">
<title>Dolphin Attack 论文复现 | 混元霹雳手</title>
</head>
<body itemscope itemtype="http://schema.org/WebPage" lang="zh-Hans">
<div class="container sidebar-position-left page-post-detail">
<div class="headband"></div>
<header id="header" class="header" itemscope itemtype="http://schema.org/WPHeader">
<div class="header-inner"><div class="site-brand-wrapper">
<div class="site-meta ">
<div class="custom-logo-site-title">
<a href="/" class="brand" rel="start">
<span class="logo-line-before"><i></i></span>
<span class="site-title">混元霹雳手</span>
<span class="logo-line-after"><i></i></span>
</a>
</div>
<p class="site-subtitle">Battle⚔ 2 the world🌎</p>
</div>
<div class="site-nav-toggle">
<button>
<span class="btn-bar"></span>
<span class="btn-bar"></span>
<span class="btn-bar"></span>
</button>
</div>
</div>
<nav class="site-nav">
<ul id="menu" class="menu">
<li class="menu-item menu-item-home">
<a href="/" rel="section">
<i class="menu-item-icon fa fa-fw fa-home"></i> <br>
首页
</a>
</li>
<li class="menu-item menu-item-about">
<a href="/about/" rel="section">
<i class="menu-item-icon fa fa-fw fa-user"></i> <br>
关于
</a>
</li>
<li class="menu-item menu-item-tags">
<a href="/tags/" rel="section">
<i class="menu-item-icon fa fa-fw fa-tags"></i> <br>
标签
</a>
</li>
<li class="menu-item menu-item-categories">
<a href="/categories/" rel="section">
<i class="menu-item-icon fa fa-fw fa-th"></i> <br>
分类
</a>
</li>
<li class="menu-item menu-item-archives">
<a href="/archives/" rel="section">
<i class="menu-item-icon fa fa-fw fa-archive"></i> <br>
归档
</a>
</li>
<li class="menu-item menu-item-bookmarks">
<a href="/bookmarks/" rel="section">
<i class="menu-item-icon fa fa-fw fa-map"></i> <br>
书签
</a>
</li>
<li class="menu-item menu-item-album">
<a href="/album/" rel="section">
<i class="menu-item-icon fa fa-fw fa-heartbeat"></i> <br>
相簿
</a>
</li>
</ul>
</nav>
</div>
</header>
<main id="main" class="main">
<div class="main-inner">
<div class="content-wrap">
<div id="content" class="content">
<div id="posts" class="posts-expand">
<article class="post post-type-normal" itemscope itemtype="http://schema.org/Article">
<div class="post-block">
<link itemprop="mainEntityOfPage" href="https://cool-y.github.io/2021/01/08/dolphin-attack-practice/">
<span hidden itemprop="author" itemscope itemtype="http://schema.org/Person">
<meta itemprop="name" content="Cool-Y">
<meta itemprop="description" content>
<meta itemprop="image" content="/images/avatar.png">
</span>
<span hidden itemprop="publisher" itemscope itemtype="http://schema.org/Organization">
<meta itemprop="name" content="混元霹雳手">
</span>
<header class="post-header">
<h1 class="post-title" itemprop="name headline">Dolphin Attack 论文复现</h1>
<div class="post-meta">
<span class="post-time">
<span class="post-meta-item-icon">
<i class="fa fa-calendar-o"></i>
</span>
<span class="post-meta-item-text">发表于</span>
<time title="创建于" itemprop="dateCreated datePublished" datetime="2021-01-08T12:54:41+08:00">
2021-01-08
</time>
</span>
<span class="post-category">
<span class="post-meta-divider">|</span>
<span class="post-meta-item-icon">
<i class="fa fa-folder-o"></i>
</span>
<span class="post-meta-item-text">分类于</span>
<span itemprop="about" itemscope itemtype="http://schema.org/Thing">
<a href="/categories/顶会论文/" itemprop="url" rel="index">
<span itemprop="name">顶会论文</span>
</a>
</span>
</span>
<span id="/2021/01/08/dolphin-attack-practice/" class="leancloud_visitors" data-flag-title="Dolphin Attack 论文复现">
<span class="post-meta-divider">|</span>
<span class="post-meta-item-icon">
<i class="fa fa-eye"></i>
</span>
<span class="post-meta-item-text">阅读次数&#58;</span>
<span class="leancloud-visitors-count"></span>
</span>
<div class="post-wordcount">
<span class="post-meta-item-icon">
<i class="fa fa-file-word-o"></i>
</span>
<span title="字数统计">
1.4k 字
</span>
<span class="post-meta-divider">|</span>
<span class="post-meta-item-icon">
<i class="fa fa-clock-o"></i>
</span>
<span title="阅读时长">
5 分钟
</span>
</div>
<div class="post-description">
眼前一亮的工作!海豚音攻击,试着复现看看(贫穷版)
</div>
</div>
</header>
<div class="post-body" itemprop="articleBody">
<h1 id="海豚音攻击-复现"><a href="#海豚音攻击-复现" class="headerlink" title="海豚音攻击-复现"></a>海豚音攻击-复现</h1><p>文章中提到两种方案,一是具有信号发生器的强大变送器,二是带有智能手机的便携式变送器;前一种方案成本过于高,本文不做分析,后一种方案的实现成本在我们可接收的范围。<br>但原文中对后一方案的实现没有太多介绍,于是我通过邮件咨询了作者-闫琛博士,闫博士非常友好,我是在晚上十点发送的第一封邮件,差不多在十分钟内通过几封邮件的交流,解决了我的问题,很快确定了我的具体实现路径,非常感谢大佬!</p>
<ul>
<li>Q: 使用便携式设备攻击的时候三星Galaxy S6 Edge发送的高频声音信号是怎么生成的呢是预先使用专业设备调制好的信号保存为mp3吗</li>
<li>A: 通过软件调制,生成.wav的超声波音频文件再通过三星手机播放的。</li>
<li>Q: 用的是什么软件进行调制?</li>
<li>A: 用过matlab和python都是可以的</li>
</ul>
<h2 id="0x01-语音命令生成"><a href="#0x01-语音命令生成" class="headerlink" title="0x01 语音命令生成"></a>0x01 语音命令生成</h2><p><a href="https://ttstool.com/" target="_blank" rel="noopener">https://ttstool.com/</a><br>微软的TTS接口生成的是mp3格式音频一般来说我们使用python处理音频都是针对wav格式。<br><a href="https://www.aconvert.com/cn/audio/mp3-to-wav/" target="_blank" rel="noopener">https://www.aconvert.com/cn/audio/mp3-to-wav/</a><br>我们可以通过这个网站对格式做转换。<br><a href="https://coolyim.quip.com/-/blob/OVVAAAmjZcr/Eq9qXdQ7_eD5KQaR33wCCw?name=xiaoyi.wav" target="_blank" rel="noopener">xiaoyi.wav</a><br>这个网站的采样率最高只能达到96000hz<br><a href="https://coolyim.quip.com/-/blob/OVVAAAmjZcr/aZfltfEV_ZxV1LCGznB1OA?name=6wxmu-crusr.wav" target="_blank" rel="noopener">6wxmu-crusr.wav</a></p>
<h2 id="0x02-语音命令调制"><a href="#0x02-语音命令调制" class="headerlink" title="0x02 语音命令调制"></a>0x02 语音命令调制</h2><p>生成语音命令的基带信号后,我们需要在超声载波上对其进行调制,以使它们听不到。 为了利用麦克风的非线性DolphinAttack必须利用幅度调制AM</p>
<h3 id="AM调制原理"><a href="#AM调制原理" class="headerlink" title="AM调制原理"></a>AM调制原理</h3><p>使载波的振幅按照所需传送信号的变化规律而变化但频率保持不变的调制方法。调幅在有线电或无线电通信和广播中应用甚广。调幅是高频载波的振幅随信号改变的调制AM。其中载波信号的振幅随着调制信号的某种特征的变换而变化。例如0或1分别对应于无载波或有载波输出电视的图像信号使用调幅。调频的抗干扰能力强失真小但服务半径小。<br>假设载波uc(t)和调制信号的频率分别为ωc和Ω在已调波中包含三个频率成分ωc、ωc+Ω和ωc-Ω。ωc+Ω称为上边频ωc-Ω称为下边频。</p>
<p><a href="https://epxx.co/artigos/ammodulation.html" target="_blank" rel="noopener">https://epxx.co/artigos/ammodulation.html</a><br><a href="http://www.chenjianqu.com/show-44.html" target="_blank" rel="noopener">http://www.chenjianqu.com/show-44.html</a><br><a href="https://zhuanlan.zhihu.com/p/54561504" target="_blank" rel="noopener">https://zhuanlan.zhihu.com/p/54561504</a><br><a href="http://www.mwhitelab.com/archives/208" target="_blank" rel="noopener">http://www.mwhitelab.com/archives/208</a></p>
<h3 id="使用python调制"><a href="#使用python调制" class="headerlink" title="使用python调制"></a>使用python调制</h3><p>现在我们已经有了基带信号,使用<a href="https://www.fosshub.com/Audacity.html" target="_blank" rel="noopener">Audacity</a>对其进行频谱分析此语音的带宽或频谱左图为采样频率48khz音频右图为96khz <br><img src="https://res.cloudinary.com/dozyfkbg3/image/upload/v1610082052/Dolphin%20Attack/08_YW7UW_PS_TOE_LZZY.png" alt><br><img src="https://res.cloudinary.com/dozyfkbg3/image/upload/v1610082052/Dolphin%20Attack/WGD_U453KYP3M3_2639_5I.png" alt></p>
<p>我们可以看到带宽为8000-9000hz左右这是女声因此频带范围较宽。这可能导致可听范围内的频率泄露但这里我们先不去讨论之后再使用带宽较小的语音以创建基带语音信号。<br>wave包最多能读取的wav音频采样率为<a href="https://github.com/jiaaro/pydub/issues/134" target="_blank" rel="noopener">48khz</a>当超过这个值时wave就不再支持wave.Error: unknown format: 65534。但我们的载波频率为30khz左右这就要求音频文件的采样率高于60khz才能保证不失真。所幸<a href="https://kite.com/python/docs/scipy.io.wavfile" target="_blank" rel="noopener"><code>scipy.io.wavfile</code></a>支持高于48khz的wav文件读取。<br>使用以下Python程序来生成调制的AM和AM-SC音频AM是广播无线电调制的“正常”声音它加上了载波AM-SC则只是载波与原始信号的乘积。</p>
<figure class="highlight python"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br><span class="line">26</span><br><span class="line">27</span><br><span class="line">28</span><br><span class="line">29</span><br><span class="line">30</span><br><span class="line">31</span><br><span class="line">32</span><br><span class="line">33</span><br><span class="line">34</span><br><span class="line">35</span><br><span class="line">36</span><br><span class="line">37</span><br><span class="line">38</span><br></pre></td><td class="code"><pre><span class="line"><span class="comment"># coding=utf-8</span></span><br><span class="line"><span class="keyword">import</span> numpy <span class="keyword">as</span> np</span><br><span class="line"><span class="keyword">import</span> matplotlib.pyplot <span class="keyword">as</span> plt</span><br><span class="line"><span class="keyword">import</span> os</span><br><span class="line"><span class="keyword">import</span> wave</span><br><span class="line"><span class="keyword">import</span> struct</span><br><span class="line"><span class="keyword">import</span> math</span><br><span class="line"><span class="keyword">from</span> pydub <span class="keyword">import</span> AudioSegment</span><br><span class="line"><span class="keyword">import</span> scipy.io.wavfile</span><br><span class="line"></span><br><span class="line"><span class="function"><span class="keyword">def</span> <span class="title">main</span><span class="params">()</span>:</span></span><br><span class="line"> test = scipy.io.wavfile.read(<span class="string">"xiaoyi.wav"</span>)</span><br><span class="line"> nframes = len(test[<span class="number">1</span>])</span><br><span class="line"> waveData = np.fromstring(test[<span class="number">1</span>],dtype=np.short)<span class="comment">#将原始字符数据转换为整数</span></span><br><span class="line"> <span class="comment">#音频数据归一化</span></span><br><span class="line"> maxW = max(abs(waveData))</span><br><span class="line"> waveData = waveData * <span class="number">1.0</span>/maxW</span><br><span class="line"> <span class="comment">#将音频信号规整乘每行一路通道信号的格式即该矩阵一行为一个通道的采样点共nchannels行</span></span><br><span class="line"> Tdata = np.reshape(waveData,[nframes,<span class="number">1</span>]).T <span class="comment"># .T 表示转置</span></span><br><span class="line"> am = wave.open(<span class="string">"am.wav"</span>, <span class="string">"w"</span>)</span><br><span class="line"> amsc = wave.open(<span class="string">"amsc.wav"</span>, <span class="string">"w"</span>)</span><br><span class="line"> carrier = wave.open(<span class="string">"carrier3000.wav"</span>, <span class="string">"w"</span>)</span><br><span class="line"> <span class="keyword">for</span> f <span class="keyword">in</span> [am,amsc,carrier]:</span><br><span class="line"> f.setnchannels(<span class="number">1</span>)</span><br><span class="line"> f.setsampwidth(<span class="number">2</span>)</span><br><span class="line"> f.setframerate(<span class="number">96000</span>)</span><br><span class="line"> <span class="keyword">for</span> n <span class="keyword">in</span> range(<span class="number">0</span>, nframes):</span><br><span class="line"> carrier_sample = math.cos(<span class="number">30000.0</span> * (n / <span class="number">96000.0</span>) * math.pi * <span class="number">2</span>)</span><br><span class="line"> signal_am = signal_amsc= waveData[n] * carrier_sample</span><br><span class="line"> signal_am += carrier_sample</span><br><span class="line"> signal_am /= <span class="number">2</span></span><br><span class="line"> am.writeframes(struct.pack(<span class="string">'h'</span>, signal_am * maxW))</span><br><span class="line"> amsc.writeframes(struct.pack(<span class="string">'h'</span>, signal_amsc * maxW))</span><br><span class="line"> carrier.writeframes(struct.pack(<span class="string">'h'</span>, carrier_sample * maxW))</span><br><span class="line"></span><br><span class="line"></span><br><span class="line"><span class="keyword">if</span> __name__==<span class="string">'__main__'</span>:</span><br><span class="line"> main()</span><br></pre></td></tr></table></figure>
<p>分别对am.wav、amsc.wav、carrier3000.wav做频谱分析<br>carrier3000.wav的频谱的为集中在载波频率30khz上的一个脉冲<a href="https://coolyim.quip.com/-/blob/OVVAAAmjZcr/9RE4Z0lCs1WACO75zLTAhA?name=carrier3000.wav" target="_blank" rel="noopener">carrier3000.wav</a><br><img src="https://res.cloudinary.com/dozyfkbg3/image/upload/v1610082051/Dolphin%20Attack/K5447O57_S___A_O_Q3V.png" alt><br>amsc.wav的带宽约为18khz是原来的两倍关于f=30khz镜面对称。AM调制会创建原始信号的两个“副本”一个在21-30kHz频段另一个在30-39kHz。<br><img src="https://res.cloudinary.com/dozyfkbg3/image/upload/v1610082052/Dolphin%20Attack/OPSXK_21_7R24_I_NIWM0_8.png" alt></p>
<p>am.wav在这种调制中我们可以听到载波而在AM-SC中则听不到。频谱类似于AM-SC但在载波频率上还有一个尖锐的“尖峰”<br><img src="https://res.cloudinary.com/dozyfkbg3/image/upload/v1610082051/Dolphin%20Attack/G8_K4_ZG__PE2CQ_5_UYY.png" alt></p>
<h2 id="0x03-语音命令发送器"><a href="#0x03-语音命令发送器" class="headerlink" title="0x03 语音命令发送器"></a>0x03 语音命令发送器</h2><p>下图是由智能手机驱动的便携式发射器。便携式发射器利用智能手机来发射调制信号。许多设备的最佳载波频率都大于24 kHz 大多数智能手机无法完成任务。大多数智能手机最多支持48 kHz采样率所以只能发送载波频率最高为24 kHz的调制窄带信号。需要支持高达192 kHz的采样率的手机而且扬声器会衰减频率大于20 kHz的信号。为了减轻这个问题我使用窄带超声换能器作为扬声器并在超声换能器之前添加了一个放大器这样有效的攻击范围得以扩展。</p>
<p><img src="https://res.cloudinary.com/dozyfkbg3/image/upload/v1610082508/Dolphin%20Attack/Snipaste_2021-01-08_13-06-55.png" alt></p>
</div>
<div>
<div style="padding: 10px 0; margin: 20px auto; width: 90%; text-align: center;">
<div>您的支持将鼓励我继续创作!</div>
<button id="rewardButton" disable="enable" onclick="var qr = document.getElementById('QR'); if (qr.style.display === 'none') {qr.style.display='block';} else {qr.style.display='none'}">
<span>打赏</span>
</button>
<div id="QR" style="display: none;">
<div id="wechat" style="display: inline-block">
<img id="wechat_qr" src="/images/Wechatpay.png" alt="Cool-Y 微信支付">
<p>微信支付</p>
</div>
<div id="alipay" style="display: inline-block">
<img id="alipay_qr" src="/images/Alipay.png" alt="Cool-Y 支付宝">
<p>支付宝</p>
</div>
</div>
</div>
</div>
<div>
<ul class="post-copyright">
<li class="post-copyright-author">
<strong>本文作者:</strong>
Cool-Y
</li>
<li class="post-copyright-link">
<strong>本文链接:</strong>
<a href="https://cool-y.github.io/2021/01/08/dolphin-attack-practice/" title="Dolphin Attack 论文复现">https://cool-y.github.io/2021/01/08/dolphin-attack-practice/</a>
</li>
<li class="post-copyright-license">
<strong>版权声明: </strong>
本博客所有文章除特别声明外,均采用 <a href="https://creativecommons.org/licenses/by-nc-sa/3.0/" rel="external nofollow" target="_blank">CC BY-NC-SA 3.0</a> 许可协议。转载请注明出处!
</li>
</ul>
</div>
<footer class="post-footer">
<div class="post-tags">
<a href="/tags/硬件攻击/" rel="tag"># 硬件攻击</a>
<a href="/tags/传感器/" rel="tag"># 传感器</a>
<a href="/tags/语音助手/" rel="tag"># 语音助手</a>
</div>
<div class="post-widgets">
<div id="needsharebutton-postbottom">
<span class="btn">
<i class="fa fa-share-alt" aria-hidden="true"></i>
</span>
</div>
</div>
<div class="post-nav">
<div class="post-nav-next post-nav-item">
<a href="/2021/01/08/Dolphin-Attack/" rel="next" title="Dolphin Attack 论文翻译">
<i class="fa fa-chevron-left"></i> Dolphin Attack 论文翻译
</a>
</div>
<span class="post-nav-divider"></span>
<div class="post-nav-prev post-nav-item">
<a href="/2021/01/08/Netgear-psv-2020-0211/" rel="prev" title="Netgear_栈溢出漏洞_PSV-2020-0211">
Netgear_栈溢出漏洞_PSV-2020-0211 <i class="fa fa-chevron-right"></i>
</a>
</div>
</div>
</footer>
</div>
</article>
<div class="post-spread">
</div>
</div>
</div>
<div class="comments" id="comments">
<div id="gitalk-container"></div>
</div>
</div>
<div class="sidebar-toggle">
<div class="sidebar-toggle-line-wrap">
<span class="sidebar-toggle-line sidebar-toggle-line-first"></span>
<span class="sidebar-toggle-line sidebar-toggle-line-middle"></span>
<span class="sidebar-toggle-line sidebar-toggle-line-last"></span>
</div>
</div>
<aside id="sidebar" class="sidebar">
<div id="sidebar-dimmer"></div>
<div class="sidebar-inner">
<ul class="sidebar-nav motion-element">
<li class="sidebar-nav-toc sidebar-nav-active" data-target="post-toc-wrap">
文章目录
</li>
<li class="sidebar-nav-overview" data-target="site-overview-wrap">
站点概览
</li>
</ul>
<section class="site-overview-wrap sidebar-panel">
<div class="site-overview">
<div class="site-author motion-element" itemprop="author" itemscope itemtype="http://schema.org/Person">
<img class="site-author-image" itemprop="image" src="/images/avatar.png" alt="Cool-Y">
<p class="site-author-name" itemprop="name">Cool-Y</p>
<p class="site-description motion-element" itemprop="description">Juice is temporary but Sauce is forever</p>
</div>
<nav class="site-state motion-element">
<div class="site-state-item site-state-posts">
<a href="/archives/">
<span class="site-state-item-count">31</span>
<span class="site-state-item-name">日志</span>
</a>
</div>
<div class="site-state-item site-state-categories">
<a href="/categories/index.html">
<span class="site-state-item-count">7</span>
<span class="site-state-item-name">分类</span>
</a>
</div>
<div class="site-state-item site-state-tags">
<a href="/tags/index.html">
<span class="site-state-item-count">55</span>
<span class="site-state-item-name">标签</span>
</a>
</div>
</nav>
<div class="feed-link motion-element">
<a href="/atom.xml" rel="alternate">
<i class="fa fa-rss"></i>
RSS
</a>
</div>
<div class="links-of-author motion-element">
<span class="links-of-author-item">
<a href="https://github.com/Cool-Y" target="_blank" title="GitHub">
<i class="fa fa-fw fa-github"></i>GitHub</a>
</span>
<span class="links-of-author-item">
<a href="mailto:cool.yim@whu.edu.cn" target="_blank" title="E-Mail">
<i class="fa fa-fw fa-envelope"></i>E-Mail</a>
</span>
<span class="links-of-author-item">
<a href="https://www.instagram.com/yan__han/" target="_blank" title="Instagram">
<i class="fa fa-fw fa-instagram"></i>Instagram</a>
</span>
</div>
<div id="music163player">
<iframe frameborder="no" border="0" marginwidth="0" marginheight="0" width="330" height="110" src="//music.163.com/outchain/player?type=4&id=334277093&auto=1&height=90"></iframe>
</div>
</div>
</section>
<!--noindex-->
<section class="post-toc-wrap motion-element sidebar-panel sidebar-panel-active">
<div class="post-toc">
<div class="post-toc-content"><ol class="nav"><li class="nav-item nav-level-1"><a class="nav-link" href="#海豚音攻击-复现"><span class="nav-text">海豚音攻击-复现</span></a><ol class="nav-child"><li class="nav-item nav-level-2"><a class="nav-link" href="#0x01-语音命令生成"><span class="nav-text">0x01 语音命令生成</span></a></li><li class="nav-item nav-level-2"><a class="nav-link" href="#0x02-语音命令调制"><span class="nav-text">0x02 语音命令调制</span></a><ol class="nav-child"><li class="nav-item nav-level-3"><a class="nav-link" href="#AM调制原理"><span class="nav-text">AM调制原理</span></a></li><li class="nav-item nav-level-3"><a class="nav-link" href="#使用python调制"><span class="nav-text">使用python调制</span></a></li></ol></li><li class="nav-item nav-level-2"><a class="nav-link" href="#0x03-语音命令发送器"><span class="nav-text">0x03 语音命令发送器</span></a></li></ol></li></ol></div>
</div>
</section>
<!--/noindex-->
</div>
</aside>
</div>
</main>
<footer id="footer" class="footer">
<div class="footer-inner">
<div class="copyright">&copy; 2019 &mdash; <span itemprop="copyrightYear">2021</span>
<span class="with-love">
<i class="fa fa-user"></i>
</span>
<span class="author" itemprop="copyrightHolder">Cool-Y</span>
<span class="post-meta-divider">|</span>
<span class="post-meta-item-icon">
<i class="fa fa-area-chart"></i>
</span>
<span title="Site words total count">105.1k</span>
</div>
<div class="powered-by"><a class="theme-link" target="_blank" href="https://hexo.io">Hexo</a> 强力驱动</div>
<div class="busuanzi-count">
<script async src="//busuanzi.ibruce.info/busuanzi/2.3/busuanzi.pure.mini.js"></script>
<span class="site-uv">
<i class="fa fa-user"></i>
<span class="busuanzi-value" id="busuanzi_value_site_uv"></span>
</span>
<span class="site-pv">
<i class="fa fa-eye"></i>
<span class="busuanzi-value" id="busuanzi_value_site_pv"></span>
</span>
</div>
</div>
</footer>
<div class="back-to-top">
<i class="fa fa-arrow-up"></i>
<span id="scrollpercent"><span>0</span>%</span>
</div>
<div id="needsharebutton-float">
<span class="btn">
<i class="fa fa-share-alt" aria-hidden="true"></i>
</span>
</div>
</div>
<script type="text/javascript">
if (Object.prototype.toString.call(window.Promise) !== '[object Function]') {
window.Promise = null;
}
</script>
<script type="text/javascript" src="/lib/jquery/index.js?v=2.1.3"></script>
<script type="text/javascript" src="/lib/fastclick/lib/fastclick.min.js?v=1.0.6"></script>
<script type="text/javascript" src="/lib/jquery_lazyload/jquery.lazyload.js?v=1.9.7"></script>
<script type="text/javascript" src="/lib/velocity/velocity.min.js?v=1.2.1"></script>
<script type="text/javascript" src="/lib/velocity/velocity.ui.min.js?v=1.2.1"></script>
<script type="text/javascript" src="/lib/fancybox/source/jquery.fancybox.pack.js?v=2.1.5"></script>
<script type="text/javascript" src="/js/src/utils.js?v=5.1.4"></script>
<script type="text/javascript" src="/js/src/motion.js?v=5.1.4"></script>
<script type="text/javascript" src="/js/src/scrollspy.js?v=5.1.4"></script>
<script type="text/javascript" src="/js/src/post-details.js?v=5.1.4"></script>
<script type="text/javascript" src="/js/src/bootstrap.js?v=5.1.4"></script>
<!-- LOCAL: You can save these files to your site and update links -->
<link rel="stylesheet" href="https://unpkg.com/gitalk/dist/gitalk.css">
<script src="https://unpkg.com/gitalk/dist/gitalk.min.js"></script>
<!-- END LOCAL -->
<script type="text/javascript">
function renderGitalk(){
var gitalk = new Gitalk({
owner: 'Cool-Y',
repo: 'gitment-comments',
clientID: '180955a2c3ae3d966d9a',
clientSecret: '1c5db4da72df5e6fc318d12afe5f4406f7c54343',
admin: 'Cool-Y',
id: decodeURI(location.pathname),
distractionFreeMode: 'true'
});
gitalk.render('gitalk-container');
}
renderGitalk();
</script>
<script src="https://cdn1.lncld.net/static/js/av-core-mini-0.6.4.js"></script>
<script>AV.initialize("CnxMogaLcXQrm9Q03lF8XH7j-gzGzoHsz", "EHqNuJ6AYvuHnY6bN6w2SMXl");</script>
<script>
function showTime(Counter) {
var query = new AV.Query(Counter);
var entries = [];
var $visitors = $(".leancloud_visitors");
$visitors.each(function () {
entries.push( $(this).attr("id").trim() );
});
query.containedIn('url', entries);
query.find()
.done(function (results) {
var COUNT_CONTAINER_REF = '.leancloud-visitors-count';
if (results.length === 0) {
$visitors.find(COUNT_CONTAINER_REF).text(0);
return;
}
for (var i = 0; i < results.length; i++) {
var item = results[i];
var url = item.get('url');
var time = item.get('time');
var element = document.getElementById(url);
$(element).find(COUNT_CONTAINER_REF).text(time);
}
for(var i = 0; i < entries.length; i++) {
var url = entries[i];
var element = document.getElementById(url);
var countSpan = $(element).find(COUNT_CONTAINER_REF);
if( countSpan.text() == '') {
countSpan.text(0);
}
}
})
.fail(function (object, error) {
console.log("Error: " + error.code + " " + error.message);
});
}
function addCount(Counter) {
var $visitors = $(".leancloud_visitors");
var url = $visitors.attr('id').trim();
var title = $visitors.attr('data-flag-title').trim();
var query = new AV.Query(Counter);
query.equalTo("url", url);
query.find({
success: function(results) {
if (results.length > 0) {
var counter = results[0];
counter.fetchWhenSave(true);
counter.increment("time");
counter.save(null, {
success: function(counter) {
var $element = $(document.getElementById(url));
$element.find('.leancloud-visitors-count').text(counter.get('time'));
},
error: function(counter, error) {
console.log('Failed to save Visitor num, with error message: ' + error.message);
}
});
} else {
var newcounter = new Counter();
/* Set ACL */
var acl = new AV.ACL();
acl.setPublicReadAccess(true);
acl.setPublicWriteAccess(true);
newcounter.setACL(acl);
/* End Set ACL */
newcounter.set("title", title);
newcounter.set("url", url);
newcounter.set("time", 1);
newcounter.save(null, {
success: function(newcounter) {
var $element = $(document.getElementById(url));
$element.find('.leancloud-visitors-count').text(newcounter.get('time'));
},
error: function(newcounter, error) {
console.log('Failed to create');
}
});
}
},
error: function(error) {
console.log('Error:' + error.code + " " + error.message);
}
});
}
$(function() {
var Counter = AV.Object.extend("Counter");
if ($('.leancloud_visitors').length == 1) {
addCount(Counter);
} else if ($('.post-title-link').length > 1) {
showTime(Counter);
}
});
</script>
<script>
(function(){
var bp = document.createElement('script');
var curProtocol = window.location.protocol.split(':')[0];
if (curProtocol === 'https') {
bp.src = 'https://zz.bdstatic.com/linksubmit/push.js';
}
else {
bp.src = 'http://push.zhanzhang.baidu.com/push.js';
}
var s = document.getElementsByTagName("script")[0];
s.parentNode.insertBefore(bp, s);
})();
</script>
<link rel="stylesheet" href="/lib/needsharebutton/needsharebutton.css">
<script src="/lib/needsharebutton/needsharebutton.js"></script>
<script>
pbOptions = {};
pbOptions.iconStyle = "box";
pbOptions.boxForm = "horizontal";
pbOptions.position = "bottomCenter";
pbOptions.networks = "Weibo,Wechat,Douban,QQZone,Twitter,Facebook";
new needShareButton('#needsharebutton-postbottom', pbOptions);
flOptions = {};
flOptions.iconStyle = "box";
flOptions.boxForm = "horizontal";
flOptions.position = "middleRight";
flOptions.networks = "Weibo,Wechat,Douban,QQZone,Twitter,Facebook";
new needShareButton('#needsharebutton-float', flOptions);
</script>
<script type="text/javascript" src="/js/src/js.cookie.js?v=5.1.4"></script>
<script type="text/javascript" src="/js/src/scroll-cookie.js?v=5.1.4"></script>
</body>
</html>