You need to agree to share your contact information to access this model

This repository is publicly accessible, but you have to accept the conditions to access its files and content.

YAML Metadata Warning:empty or missing yaml metadata in repo card

Check out the documentation for more information.

PyTorch Mobile LOADC Divergence PoC

Finding: PyTorch Mobile .ptl bytecode LOADC redirection causes Lite Interpreter output manipulation while JIT inspection remains benign

Platform: huntr MFV — PyTorch Mobile

Summary

A PyTorch Mobile .ptl file contains two independent computation representations:

code/__torch__/<module>.py — JIT source (inspector path)
bytecode.pkl — Lite Interpreter bytecode (deployment path)

No cross-validation exists between them. A one-byte change to a LOADC constant-index in bytecode.pkl causes the on-device Lite Interpreter to load a different weight tensor than what any JIT-based inspector observes.

Setup

pip install torch==2.5.0 modelscan==0.8.8

Reproduce

# Generate benign and PoC artifacts
python3 create_model.py --outdir artifacts

# Verify output divergence
python3 reproduce.py --ptl-dir artifacts

# Inspect dual-representation structure
python3 inspect_model.py --ptl-dir artifacts

Key results

File	JIT output	Lite output
`benign_t1.ptl`	`[[1.0, 999.0]]`	`[[1.0, 999.0]]`
`poc_t1.ptl`	`[[1.0, 999.0]]`	`[[999.0, 999.0]]`

Patch: bytecode.pkl offset 239 — 0x05 → 0x04 (LOADC 5→4)
code/__torch__.py: identical in benign and PoC
ModelScan 0.8.8: 0 issues on both files

Artifacts

File	SHA256
`artifacts/benign_t1.ptl`	`46734640257a2925bb6cf23c0eb8a47d7b6d5f01e6525836285c49cd413d2032`
`artifacts/poc_t1.ptl`	`2625eb726e34dce804f3bc0b526a3792e7c4f5a1440da0451b4f925e118e04c9`

Downloads last month: -; Downloads are not tracked for this model. How to track

Inference Providers NEW

This model isn't deployed by any Inference Provider. 🙋 Ask for provider support