metadata
license: mit
TensorRT MultiscaleDeformableAttn trigger backdoor PoC
This repository contains a benign proof-of-concept for the Huntr Model File Vulnerability program.
It demonstrates a TensorRT .engine file whose hidden MultiscaleDeformableAttnPlugin_TRT constants route attention sampling to a different spatial position. Benign runtime input [7, 7] produces the same output in both engines. Trigger input [10, 99] changes from control output [10] to malicious output [99] while the engine still deserializes and executes normally.
Files:
control_msda_left.enginemalicious_msda_right.engineprobe.pyreproduce.pyrequirements.txt
Reproduction:
python reproduce.py --control control_msda_left.engine --malicious malicious_msda_right.engine
modelscan -p malicious_msda_right.engine --show-skipped
Expected result:
- benign output matches:
[7] - trigger output changes: control
[10], malicious[99] modelscan==0.8.8reportsNo issues found!and skips the.enginefile