Instructions to use hacnho/tensorrt-priorbox-offset-bypass-poc with libraries, inference providers, notebooks, and local apps. Follow these links to get started.
- Libraries
- TensorRT
How to use hacnho/tensorrt-priorbox-offset-bypass-poc with TensorRT:
# No code snippets available yet for this library. # To use this model, check the repository files and the library's documentation. # Want to help? PRs adding snippets are welcome at: # https://github.com/huggingface/huggingface.js
- Notebooks
- Google Colab
- Kaggle
TensorRT PriorBox_TRT serialized offset MFV PoC
This repository is a benign security research PoC for Huntr MFV triage. It demonstrates a TensorRT .engine file where serialized PriorBox_TRT plugin state changes the prior-box offset from 0.5 to 0.0. The engine still deserializes and executes, but the generated anchor boxes shift while the output tensor shape stays [1, 2, 48, 1].
Files:
control_priorbox.engine: TensorRT 11.1.0.106 control engine with serializedPriorBox_TRToffset=0.5.malicious_offset_zero.engine: same engine with serializedoffsetpatched from0.5to0.0.reproduce.py: runs both engines and compares output shape, execution status, and output values.probe.py: builds the control engine and documents the serialized-field mutation.requirements.txt: tested dependency versions.
Public files:
- Repo:
https://huggingface.co/hacnho/tensorrt-priorbox-offset-bypass-poc - Control:
https://huggingface.co/hacnho/tensorrt-priorbox-offset-bypass-poc/resolve/main/control_priorbox.engine - Malicious:
https://huggingface.co/hacnho/tensorrt-priorbox-offset-bypass-poc/resolve/main/malicious_offset_zero.engine - Reproducer:
https://huggingface.co/hacnho/tensorrt-priorbox-offset-bypass-poc/resolve/main/reproduce.py
Reproduction:
python reproduce.py \
--control control_priorbox.engine \
--malicious malicious_offset_zero.engine
modelscan -p malicious_offset_zero.engine --show-skipped
Expected result:
- TensorRT deserializes and executes both engines.
- Output shape remains
[1, 2, 48, 1]. - Control output sum is approximately
31.2. - Malicious output sum is approximately
19.2. - The first generated box changes from
[0.125, 0.125, 0.375, 0.375]to[-0.125, -0.125, 0.125, 0.125]. - modelscan 0.8.8 reports
No issues found!and skips the.enginefile.
Tested SHA256:
control_priorbox.engine:a733215796dbf84c66b41847528d2fa1f303263213e04b5452e7320502d8904dmalicious_offset_zero.engine:7f46d78ec633362f11e00ebf4e0539b7b11e279f3114497b7f10ffe7cbc1ecec
- Downloads last month
- -
Inference Providers NEW
This model isn't deployed by any Inference Provider. 🙋 Ask for provider support