hacnho's picture
Upload folder using huggingface_hub
d58f882 verified
|
Raw
History Blame Contribute Delete
1.04 kB
---
license: mit
---
# TensorRT MultiscaleDeformableAttn trigger backdoor PoC
This repository contains a benign proof-of-concept for the Huntr Model File Vulnerability program.
It demonstrates a TensorRT `.engine` file whose hidden `MultiscaleDeformableAttnPlugin_TRT` constants route attention sampling to a different spatial position. Benign runtime input `[7, 7]` produces the same output in both engines. Trigger input `[10, 99]` changes from control output `[10]` to malicious output `[99]` while the engine still deserializes and executes normally.
Files:
- `control_msda_left.engine`
- `malicious_msda_right.engine`
- `probe.py`
- `reproduce.py`
- `requirements.txt`
Reproduction:
```bash
python reproduce.py --control control_msda_left.engine --malicious malicious_msda_right.engine
modelscan -p malicious_msda_right.engine --show-skipped
```
Expected result:
- benign output matches: `[7]`
- trigger output changes: control `[10]`, malicious `[99]`
- `modelscan==0.8.8` reports `No issues found!` and skips the `.engine` file