--- license: mit --- # TensorRT MultiscaleDeformableAttn trigger backdoor PoC This repository contains a benign proof-of-concept for the Huntr Model File Vulnerability program. It demonstrates a TensorRT `.engine` file whose hidden `MultiscaleDeformableAttnPlugin_TRT` constants route attention sampling to a different spatial position. Benign runtime input `[7, 7]` produces the same output in both engines. Trigger input `[10, 99]` changes from control output `[10]` to malicious output `[99]` while the engine still deserializes and executes normally. Files: - `control_msda_left.engine` - `malicious_msda_right.engine` - `probe.py` - `reproduce.py` - `requirements.txt` Reproduction: ```bash python reproduce.py --control control_msda_left.engine --malicious malicious_msda_right.engine modelscan -p malicious_msda_right.engine --show-skipped ``` Expected result: - benign output matches: `[7]` - trigger output changes: control `[10]`, malicious `[99]` - `modelscan==0.8.8` reports `No issues found!` and skips the `.engine` file