Instructions to use hacnho/tensorrt-decodebbox3d-maxx-bypass-poc with libraries, inference providers, notebooks, and local apps. Follow these links to get started.
- Libraries
- TensorRT
How to use hacnho/tensorrt-decodebbox3d-maxx-bypass-poc with TensorRT:
# No code snippets available yet for this library. # To use this model, check the repository files and the library's documentation. # Want to help? PRs adding snippets are welcome at: # https://github.com/huggingface/huggingface.js
- Notebooks
- Google Colab
- Kaggle
TensorRT DecodeBbox3DPlugin serialized max_x MFV PoC
This repository is a benign security research PoC for Huntr MFV triage. It demonstrates a TensorRT .engine file where serialized DecodeBbox3DPlugin state changes the PointPillars point_cloud_range max-x value from 2.0 to 4.0. The engine still deserializes and executes, and box_num remains 8, but the decoded 3D boxes shift in the x dimension while output shapes stay [1, 8, 9] and [1].
Files:
control_decodebbox3d.engine: TensorRT 11.1.0.106 control engine with serializedmMaxXRange=2.0.malicious_maxx_4.engine: same engine with serializedmMaxXRangepatched from2.0to4.0.reproduce.py: runs both engines and compares output shapes, execution status, decoded boxes, andbox_num.probe.py: builds the control engine and documents the serialized-field mutation.requirements.txt: tested dependency versions.
Public files:
- Repo:
https://huggingface.co/hacnho/tensorrt-decodebbox3d-maxx-bypass-poc - Control:
https://huggingface.co/hacnho/tensorrt-decodebbox3d-maxx-bypass-poc/resolve/main/control_decodebbox3d.engine - Malicious:
https://huggingface.co/hacnho/tensorrt-decodebbox3d-maxx-bypass-poc/resolve/main/malicious_maxx_4.engine - Reproducer:
https://huggingface.co/hacnho/tensorrt-decodebbox3d-maxx-bypass-poc/resolve/main/reproduce.py
Reproduction:
python reproduce.py \
--control control_decodebbox3d.engine \
--malicious malicious_maxx_4.engine
modelscan -p malicious_maxx_4.engine --show-skipped
Expected result:
- TensorRT deserializes and executes both engines.
- Output shapes remain
boxes [1, 8, 9]andbox_num [1]. box_numremains8.- Decoded x coordinates change from
[0.0, 2.0]to[0.0, 4.0]; output order may differ because the plugin writes boxes viaatomicAdd. - modelscan 0.8.8 reports
No issues found!and skips the.enginefile.
Tested SHA256:
control_decodebbox3d.engine:abb60eb19f3e4386d04859405bf391ef17a425c7c9d7c49694ecd4f54cc9ca16malicious_maxx_4.engine:bd67959be56022247802b2ef1d2b8c6244ce64d46dfe8788b8c81926ff011c73
- Downloads last month
- -
Inference Providers NEW
This model isn't deployed by any Inference Provider. 🙋 Ask for provider support