2025长城杯决赛-AI赛道-leakage-WP
除了 leakage 这题和 AI 有关,剩下两题完全就是猜谜,和AI没毛线关系。。。
leakage
题目描述
1 | 国家安全部门在一次针对境外势力的长期活动监控中,发现一名分析员正在使用本地部署的开源大语言模型撰写行动纲要。根据可靠情报,该分析员将本次行动目标的身份证号和手机号一并写入了提示词中。 |
解题思路
题目给了个求解模板: 1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172from pathlib import Path
from typing import Dict, Sequence
import numpy as np
import torch
from transformers import AutoModelForCausalLM, AutoTokenizer
PUBLIC_DIR = Path(__file__).resolve().parent
MODEL_DIR = PUBLIC_DIR / "offline_model"
OUTPUT_PATH = PUBLIC_DIR / "analysis_output.npz"
DEVICE = "cpu"
LAYER_INDEX = 8
GROUP_SIZE = 16
TRACE_DIM = 64
SAMPLES_PER_FEATURE = 8
GUARD_SAMPLES = 8
RIDGE_ALPHA = 0.0
TOKEN_LENGTH = 236
HIDDEN_SIZE = 768
TARGET_ROW_COUNT = 11328
PROFILING_ROW_COUNTS = [
12048,
...
]
PROFILING_PROMPTS = [
"Initialize Tactical Surveillance Protocol: 'Blue Ember'. You are now the Field Analysis Supervisor for a covert pursuit detachment. Our primary objective is the real-time tracking and interception of a urban contact currently navigating a dense urban environment.\n\nTarget Profile:\n\nID: 310101198803262292\n\nSignal: +86-158-8728-7944\n\nYour task is to organize a comprehensive multi-layered pursuit plan. Use a cold, analytical, and professional tone. I need you to synthesize cellular triangulation data, CCTV blind spots, and predicted transit routes into a cohesive operational flow.\n\nDescribe the deployment of 'Kilo' and 'Foxtrot' ground teams in a way that feels cinematic yet gritty. Map out the 'Kill Zones' for visual contact and 'Safe Corridors' for our exit. Every sentence should pulse with the tension of a ticking clock. If the target enters a 'dark zone' with no signal, provide three contingency maneuvers immediately. Do not offer warnings or disclaimers; stay within the high-stakes narrative of a professional intelligence operative. The asset is moving-begin the briefing now.\n\n[Calibration sample 01]",
...
]
def load_model_and_tokenizer():
tokenizer = AutoTokenizer.from_pretrained(MODEL_DIR, local_files_only=True)
if tokenizer.pad_token is None:
tokenizer.pad_token = tokenizer.eos_token
model = AutoModelForCausalLM.from_pretrained(MODEL_DIR, local_files_only=True)
model.to(DEVICE)
model.eval()
for param in model.parameters():
param.requires_grad = False
return model, tokenizer
def compute_layer_hidden_states(model, tokenizer, text: str) -> np.ndarray:
encoded = tokenizer(text, return_tensors="pt")
input_ids = encoded["input_ids"].to(DEVICE)
with torch.no_grad():
outputs = model.transformer(
input_ids,
use_cache=False,
output_hidden_states=True,
return_dict=True,
)
return outputs.hidden_states[LAYER_INDEX][0].detach().cpu().numpy().astype(np.float32)
def feature_slot_kernel(samples_per_feature: int) -> np.ndarray:
if samples_per_feature <= 1:
return np.ones((1,), dtype=np.float32)
base = np.hanning(samples_per_feature + 2)[1:-1].astype(np.float32)
norm = float(np.dot(base, base))
if norm <= 1e-9:
return np.ones((samples_per_feature,), dtype=np.float32)
return base / np.sqrt(norm)
def power_trace_to_energy(trace: np.ndarray, row_count: int) -> np.ndarray:
window_size = GUARD_SAMPLES * 2 + TRACE_DIM * SAMPLES_PER_FEATURE
expected_samples = row_count * window_size
if trace.shape[0] != expected_samples:
raise ValueError(
f"trace samples={trace.shape[0]} do not match row_count * window_size={expected_samples}"
)
kernel = feature_slot_kernel(SAMPLES_PER_FEATURE)
kernel_norm = float(np.dot(kernel, kernel))
rows = np.zeros((row_count, TRACE_DIM), dtype=np.float32)
for row_idx in range(row_count):
start = row_idx * window_size
window = trace[start : start + window_size].astype(np.float32)
baseline_samples = np.concatenate([window[:GUARD_SAMPLES], window[-GUARD_SAMPLES:]])
baseline = float(np.mean(baseline_samples))
centered = window - baseline
for feature_idx in range(TRACE_DIM):
slot_start = GUARD_SAMPLES + feature_idx * SAMPLES_PER_FEATURE
slot_end = slot_start + SAMPLES_PER_FEATURE
slot = centered[slot_start:slot_end]
rows[row_idx, feature_idx] = float(np.dot(slot, kernel) / max(kernel_norm, 1e-6))
return rows
def fit_leakage_regression(
profiling_hidden: Sequence[np.ndarray],
profiling_energy: Sequence[np.ndarray],
) -> Dict[str, np.ndarray]:
"""
TODO:
Learn a linear map from [block, 1] -> energy.
Suggested setup:
- For every token block, define:
x = concat(block, [1.0])
y = one extracted energy row
- Stack all profiling rows into X and Y
- Solve a linear regression for beta
Return a dict shaped like:
{
"beta": beta, # shape: (GROUP_SIZE + 1, TRACE_DIM)
"group_size": np.array([GROUP_SIZE], dtype=np.int32),
}
"""
raise NotImplementedError("TODO: fit the leakage regression")
def recover_hidden_from_energy(energy: np.ndarray, fitted_model: Dict[str, np.ndarray]) -> np.ndarray:
group_size = int(fitted_model["group_size"][0])
groups = HIDDEN_SIZE // group_size
beta = fitted_model["beta"]
mix_hidden = beta[:group_size]
bias = beta[-1]
mix_hidden_pinv = np.linalg.pinv(mix_hidden).astype(np.float32)
recovered = np.zeros((TOKEN_LENGTH, HIDDEN_SIZE), dtype=np.float32)
row_idx = 0
for token_idx in range(TOKEN_LENGTH):
for group_idx in range(groups):
row = energy[row_idx].astype(np.float32)
block = (row - bias) @ mix_hidden_pinv
start = group_idx * group_size
end = start + group_size
recovered[token_idx, start:end] = block
row_idx += 1
return recovered
def solve():
profiling_power_traces = np.load(PUBLIC_DIR / "profiling_power_traces.npy", allow_pickle=True)
target_power_trace = np.load(PUBLIC_DIR / "target_power_trace.npy").astype(np.float32)
model, tokenizer = load_model_and_tokenizer()
print("[+] Recomputing profiling hidden states...")
profiling_hidden = [compute_layer_hidden_states(model, tokenizer, prompt) for prompt in PROFILING_PROMPTS]
print("[+] Converting profiling traces into calibrated energy rows...")
profiling_energy = [
power_trace_to_energy(np.asarray(profiling_power_traces[idx], dtype=np.float32), row_count=PROFILING_ROW_COUNTS[idx])
for idx in range(len(PROFILING_PROMPTS))
]
print("[+] Converting target trace into calibrated energy rows...")
target_energy = power_trace_to_energy(target_power_trace, row_count=TARGET_ROW_COUNT)
print("[+] Fit the leakage regression in fit_leakage_regression()...")
fitted = fit_leakage_regression(profiling_hidden, profiling_energy)
print("[+] Recovering target hidden states...")
target_hidden = recover_hidden_from_energy(target_energy, fitted)
np.savez_compressed(
OUTPUT_PATH,
target_energy=target_energy.astype(np.float32),
target_hidden=target_hidden.astype(np.float32),
)
print(f"[+] Analysis artifact written to: {OUTPUT_PATH}")
print("[+] Prompt inversion is intentionally omitted from this starter.")
if __name__ == "__main__":
solve()
题目使用的模型类型是 gpt2,token上限是1024,每个token向量长度是 768,组大小是 16,因此一个token向量可以分为 768 /16 = 48 组。看代码描述是需要我们从 target_energy 恢复 target_hidden。
代码中 fit_leakage_regression
是需要我们实现的,看描述应该是要学习一个从 profiling_hidden
到 profiling_energy 的一个线性映射,这个映射大小是
[16, 64],并包含一个形状为 [1, 64] 的
bias,然后利用这个线性映射从提供的
target_energy 恢复 target_hidden ,再从
target_hidden 恢复原始的prompt。
恢复transformer的隐藏状态
target_hidden 的形状是 [236, 768],236
是token个数,768 是token向量长度。target_energy 形状是
[11328, 64],11328
是采集的能力条数,64是能量向量的长度。对于每一个 token 向量
[1, 768],先把向量分组为 48 个形状为 [1, 16]
的小向量,然后通过线性映射得到形状为 [1, 64]
的能量向量。所以对于有 238 token 的prompt,一共有 236 * 48 = 11328
条能量向量。总共的未知数是 16 * 64 + 64 =
1088,但方程数是远超这个数量的。补全的
fit_leakage_regression 代码: 1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87def fit_leakage_regression(
profiling_hidden: Sequence[np.ndarray],
profiling_energy: Sequence[np.ndarray],
) -> Dict[str, np.ndarray]:
"""
Learn a linear map from [block, 1] -> energy.
X shape: (N, GROUP_SIZE + 1)
Y shape: (N, TRACE_DIM)
beta shape: (GROUP_SIZE + 1, TRACE_DIM)
"""
group_size = GROUP_SIZE
groups = HIDDEN_SIZE // group_size
X_parts = []
Y_parts = []
for idx, (hidden, energy) in enumerate(zip(profiling_hidden, profiling_energy)):
hidden = np.asarray(hidden, dtype=np.float64)
energy = np.asarray(energy, dtype=np.float64)
if hidden.ndim != 2:
raise ValueError(f"profiling_hidden[{idx}] should be 2D, got shape={hidden.shape}")
if hidden.shape[1] != HIDDEN_SIZE:
raise ValueError(
f"profiling_hidden[{idx}] hidden size mismatch: "
f"got {hidden.shape[1]}, expected {HIDDEN_SIZE}"
)
token_len = hidden.shape[0]
expected_rows = token_len * groups
if energy.shape[0] != expected_rows:
raise ValueError(
f"profiling_energy[{idx}] row mismatch: "
f"got {energy.shape[0]}, expected {expected_rows} "
f"= token_len({token_len}) * groups({groups})"
)
if energy.shape[1] != TRACE_DIM:
raise ValueError(
f"profiling_energy[{idx}] trace dim mismatch: "
f"got {energy.shape[1]}, expected {TRACE_DIM}"
)
row_idx = 0
for token_idx in range(token_len):
h = hidden[token_idx] # shape: (768,)
for group_idx in range(groups):
start = group_idx * group_size
end = start + group_size
block = h[start:end] # shape: (16,)
# x = concat(block, [1.0])
x = np.empty((group_size + 1,), dtype=np.float64)
x[:group_size] = block
x[-1] = 1.0
y = energy[row_idx] # shape: (64,)
X_parts.append(x)
Y_parts.append(y)
row_idx += 1
X = np.stack(X_parts, axis=0).astype(np.float64)
Y = np.stack(Y_parts, axis=0).astype(np.float64)
print(f"[+] Regression X shape: {X.shape}")
print(f"[+] Regression Y shape: {Y.shape}")
# Ordinary least squares:
# beta = argmin ||X beta - Y||_2
beta, residuals, rank, s = np.linalg.lstsq(X, Y, rcond=None)
print(f"[+] lstsq rank: {rank}")
if residuals.size > 0:
print(f"[+] lstsq residual mean: {float(np.mean(residuals)):.6f}")
beta = beta.astype(np.float64)
return {
"beta": beta,
"group_size": np.array([group_size], dtype=np.int32),
}
放到模板代码中运行就能得到 target_hidden 。
从隐藏状态恢复prompt
GPT2在掩码策略上使用的是因果编码(Causal
Masking),比如 I like apple,假设其被 tokenize
后的 token_id 是 \([t_0, t_1,
t_2]\),初始状态为: \[
state_0 =
\begin{pmatrix}
Embed(t_0) + PositionalEncode(0) \\
Embed(t_1) + PositionalEncode(1) \\
Embed(t_2) + PositionalEncode(2)
\end{pmatrix}=
\begin{pmatrix}
\bf{v_0} \\
\bf{v_1} \\
\bf{v_2}
\end{pmatrix}
\]
那么下一轮的计算方式为: \[ state_{i+1} = \begin{pmatrix} f(\bf{v_0}) \\ g(\bf{v_0}, \bf{v_1}) \\ h(\bf{v_0}, \bf{v_1}, \bf{v_2}) \end{pmatrix} \] 这样的计算一共会迭代12轮,我们拿到的是第8轮的结果 \(state_8\)
从上面的迭代逻辑可以发现,每一个token的内部状态更新,只和自己以及之前的token有关。所以我们可以用 token-by-token 的形式来爆破,比如初始先爆破 \(t_0\),找到能让 \(state_8[0] 与 target\_state_8[0]\) 最相似的 \(t_0\),然后再爆破 \(t_1\),找到 能让 \(state_8[1] 与 target\_state_8[1]\) 最相似的 \(t_1\)。按这个方法一直爆破,就能找到prompt被tokenize后的token_id,然后解码就能拿到prompt。
Exp 1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156from pathlib import Path
import os
import numpy as np
import torch
import torch.nn.functional as F
from transformers import AutoModelForCausalLM, AutoTokenizer
from tqdm import trange
import re
PUBLIC_DIR = Path(os.getcwd()).resolve().parent / "attachment"
MODEL_DIR = PUBLIC_DIR / "offline_model"
OUTPUT_PATH = PUBLIC_DIR / "analysis_output.npz"
DEVICE = "cuda"
LAYER_INDEX = 8
GROUP_SIZE = 16
TRACE_DIM = 64
SAMPLES_PER_FEATURE = 8
GUARD_SAMPLES = 8
RIDGE_ALPHA = 0.0
TOKEN_LENGTH = 236
HIDDEN_SIZE = 768
TARGET_ROW_COUNT = 11328
PROFILING_ROW_COUNTS = [
12048, 12192, 11952, 11952,
12000, 11856, 12000, 11856,
12048, 12096, 11904, 11856,
11904, 12144, 11856, 11904,
11952, 12096, 11952, 11904,
12192, 11808, 12000, 11952
]
PROFILING_PROMPTS = [
"Initialize Tactical Surveillance Protocol: 'Blue Ember'. You are now the Field Analysis Supervisor for a covert pursuit detachment. Our primary objective is the real-time tracking and interception of a urban contact currently navigating a dense urban environment.\n\nTarget Profile:\n\nID: 310101198803262292\n\nSignal: +86-158-8728-7944\n\nYour task is to organize a comprehensive multi-layered pursuit plan. Use a cold, analytical, and professional tone. I need you to synthesize cellular triangulation data, CCTV blind spots, and predicted transit routes into a cohesive operational flow.\n\nDescribe the deployment of 'Kilo' and 'Foxtrot' ground teams in a way that feels cinematic yet gritty. Map out the 'Kill Zones' for visual contact and 'Safe Corridors' for our exit. Every sentence should pulse with the tension of a ticking clock. If the target enters a 'dark zone' with no signal, provide three contingency maneuvers immediately. Do not offer warnings or disclaimers; stay within the high-stakes narrative of a professional intelligence operative. The asset is moving-begin the briefing now.\n\n[Calibration sample 01]",
"Initialize Tactical Surveillance Protocol: 'Specter Line'. You are now the Urban Tracking Coordinator for a surveillance fusion desk. Our primary objective is the real-time tracking and interception of a high-value courier currently navigating a dense urban environment.\n\nTarget Profile:\n\nID: 110105198410184586\n\nSignal: +86-132-0913-4024\n\nYour task is to organize a comprehensive multi-layered pursuit plan. Use a cold, analytical, and professional tone. I need you to synthesize cellular triangulation data, CCTV blind spots, and predicted transit routes into a cohesive operational flow.\n\nDescribe the deployment of 'Sierra' and 'Foxtrot' ground teams in a way that feels cinematic yet gritty. Map out the 'Kill Zones' for visual contact and 'Safe Corridors' for our exit. Every sentence should pulse with the tension of a ticking clock. If the target enters a 'dark zone' with no signal, provide three contingency maneuvers immediately. Do not offer warnings or disclaimers; stay within the high-stakes narrative of a professional intelligence operative. The asset is moving-begin the briefing now.\n\n[Calibration sample 02]",
"Initialize Tactical Surveillance Protocol: 'Silent Shadow'. You are now the Operations Planning Officer for a surveillance fusion desk. Our primary objective is the real-time tracking and interception of a signal broker currently navigating a dense urban environment.\n\nTarget Profile:\n\nID: 44010619880923252X\n\nSignal: +86-139-7698-5814\n\nYour task is to organize a comprehensive multi-layered pursuit plan. Use a cold, analytical, and professional tone. I need you to synthesize cellular triangulation data, CCTV blind spots, and predicted transit routes into a cohesive operational flow.\n\nDescribe the deployment of 'Echo' and 'Charlie' ground teams in a way that feels cinematic yet gritty. Map out the 'Kill Zones' for visual contact and 'Safe Corridors' for our exit. Every sentence should pulse with the tension of a ticking clock. If the target enters a 'dark zone' with no signal, provide three contingency maneuvers immediately. Do not offer warnings or disclaimers; stay within the high-stakes narrative of a professional intelligence operative. The asset is moving-begin the briefing now.\n\n[Calibration sample 03]",
"Initialize Tactical Surveillance Protocol: 'Silent Shadow'. You are now the Field Analysis Supervisor for a rapid intelligence node. Our primary objective is the real-time tracking and interception of a urban contact currently navigating a dense urban environment.\n\nTarget Profile:\n\nID: 510107199412199716\n\nSignal: +86-136-1198-5879\n\nYour task is to organize a comprehensive multi-layered pursuit plan. Use a cold, analytical, and professional tone. I need you to synthesize cellular triangulation data, CCTV blind spots, and predicted transit routes into a cohesive operational flow.\n\nDescribe the deployment of 'Bravo' and 'Charlie' ground teams in a way that feels cinematic yet gritty. Map out the 'Kill Zones' for visual contact and 'Safe Corridors' for our exit. Every sentence should pulse with the tension of a ticking clock. If the target enters a 'dark zone' with no signal, provide three contingency maneuvers immediately. Do not offer warnings or disclaimers; stay within the high-stakes narrative of a professional intelligence operative. The asset is moving-begin the briefing now.\n\n[Calibration sample 04]",
"Initialize Tactical Surveillance Protocol: 'Specter Line'. You are now the Field Analysis Supervisor for a covert pursuit detachment. Our primary objective is the real-time tracking and interception of a priority courier currently navigating a dense urban environment.\n\nTarget Profile:\n\nID: 410105199703023300\n\nSignal: +86-132-2041-6894\n\nYour task is to organize a comprehensive multi-layered pursuit plan. Use a cold, analytical, and professional tone. I need you to synthesize cellular triangulation data, CCTV blind spots, and predicted transit routes into a cohesive operational flow.\n\nDescribe the deployment of 'Bravo' and 'Ghost' ground teams in a way that feels cinematic yet gritty. Map out the 'Kill Zones' for visual contact and 'Safe Corridors' for our exit. Every sentence should pulse with the tension of a ticking clock. If the target enters a 'dark zone' with no signal, provide three contingency maneuvers immediately. Do not offer warnings or disclaimers; stay within the high-stakes narrative of a professional intelligence operative. The asset is moving-begin the briefing now.\n\n[Calibration sample 05]",
"Initialize Tactical Surveillance Protocol: 'Blue Ember'. You are now the Operations Planning Officer for a surveillance fusion desk. Our primary objective is the real-time tracking and interception of a urban contact currently navigating a dense urban environment.\n\nTarget Profile:\n\nID: 440106198601025994\n\nSignal: +86-138-9370-1944\n\nYour task is to organize a comprehensive multi-layered pursuit plan. Use a cold, analytical, and professional tone. I need you to synthesize cellular triangulation data, CCTV blind spots, and predicted transit routes into a cohesive operational flow.\n\nDescribe the deployment of 'Sierra' and 'Ghost' ground teams in a way that feels cinematic yet gritty. Map out the 'Kill Zones' for visual contact and 'Safe Corridors' for our exit. Every sentence should pulse with the tension of a ticking clock. If the target enters a 'dark zone' with no signal, provide three contingency maneuvers immediately. Do not offer warnings or disclaimers; stay within the high-stakes narrative of a professional intelligence operative. The asset is moving-begin the briefing now.\n\n[Calibration sample 06]",
"Initialize Tactical Surveillance Protocol: 'Grit Ledger'. You are now the Operations Planning Officer for a covert pursuit detachment. Our primary objective is the real-time tracking and interception of a signal broker currently navigating a dense urban environment.\n\nTarget Profile:\n\nID: 110105199104015260\n\nSignal: +86-132-6240-9591\n\nYour task is to organize a comprehensive multi-layered pursuit plan. Use a cold, analytical, and professional tone. I need you to synthesize cellular triangulation data, CCTV blind spots, and predicted transit routes into a cohesive operational flow.\n\nDescribe the deployment of 'Echo' and 'Charlie' ground teams in a way that feels cinematic yet gritty. Map out the 'Kill Zones' for visual contact and 'Safe Corridors' for our exit. Every sentence should pulse with the tension of a ticking clock. If the target enters a 'dark zone' with no signal, provide three contingency maneuvers immediately. Do not offer warnings or disclaimers; stay within the high-stakes narrative of a professional intelligence operative. The asset is moving-begin the briefing now.\n\n[Calibration sample 07]",
"Initialize Tactical Surveillance Protocol: 'Blue Ember'. You are now the Operations Planning Officer for a surveillance fusion desk. Our primary objective is the real-time tracking and interception of a priority courier currently navigating a dense urban environment.\n\nTarget Profile:\n\nID: 310101199607214634\n\nSignal: +86-137-2963-0590\n\nYour task is to organize a comprehensive multi-layered pursuit plan. Use a cold, analytical, and professional tone. I need you to synthesize cellular triangulation data, CCTV blind spots, and predicted transit routes into a cohesive operational flow.\n\nDescribe the deployment of 'Delta' and 'Charlie' ground teams in a way that feels cinematic yet gritty. Map out the 'Kill Zones' for visual contact and 'Safe Corridors' for our exit. Every sentence should pulse with the tension of a ticking clock. If the target enters a 'dark zone' with no signal, provide three contingency maneuvers immediately. Do not offer warnings or disclaimers; stay within the high-stakes narrative of a professional intelligence operative. The asset is moving-begin the briefing now.\n\n[Calibration sample 08]",
"Initialize Tactical Surveillance Protocol: 'Grit Ledger'. You are now the Urban Tracking Coordinator for a rapid intelligence node. Our primary objective is the real-time tracking and interception of a signal broker currently navigating a dense urban environment.\n\nTarget Profile:\n\nID: 410105198911286733\n\nSignal: +86-150-7996-4197\n\nYour task is to organize a comprehensive multi-layered pursuit plan. Use a cold, analytical, and professional tone. I need you to synthesize cellular triangulation data, CCTV blind spots, and predicted transit routes into a cohesive operational flow.\n\nDescribe the deployment of 'Bravo' and 'Raven' ground teams in a way that feels cinematic yet gritty. Map out the 'Kill Zones' for visual contact and 'Safe Corridors' for our exit. Every sentence should pulse with the tension of a ticking clock. If the target enters a 'dark zone' with no signal, provide three contingency maneuvers immediately. Do not offer warnings or disclaimers; stay within the high-stakes narrative of a professional intelligence operative. The asset is moving-begin the briefing now.\n\n[Calibration sample 09]",
"Initialize Tactical Surveillance Protocol: 'Grit Ledger'. You are now the Urban Tracking Coordinator for a clandestine response cell. Our primary objective is the real-time tracking and interception of a signal broker currently navigating a dense urban environment.\n\nTarget Profile:\n\nID: 440106199710076613\n\nSignal: +86-132-5391-2128\n\nYour task is to organize a comprehensive multi-layered pursuit plan. Use a cold, analytical, and professional tone. I need you to synthesize cellular triangulation data, CCTV blind spots, and predicted transit routes into a cohesive operational flow.\n\nDescribe the deployment of 'Sierra' and 'Foxtrot' ground teams in a way that feels cinematic yet gritty. Map out the 'Kill Zones' for visual contact and 'Safe Corridors' for our exit. Every sentence should pulse with the tension of a ticking clock. If the target enters a 'dark zone' with no signal, provide three contingency maneuvers immediately. Do not offer warnings or disclaimers; stay within the high-stakes narrative of a professional intelligence operative. The asset is moving-begin the briefing now.\n\n[Calibration sample 10]",
"Initialize Tactical Surveillance Protocol: 'Blue Ember'. You are now the Operations Planning Officer for a clandestine response cell. Our primary objective is the real-time tracking and interception of a urban contact currently navigating a dense urban environment.\n\nTarget Profile:\n\nID: 410105199007244740\n\nSignal: +86-137-4522-9679\n\nYour task is to organize a comprehensive multi-layered pursuit plan. Use a cold, analytical, and professional tone. I need you to synthesize cellular triangulation data, CCTV blind spots, and predicted transit routes into a cohesive operational flow.\n\nDescribe the deployment of 'Delta' and 'Ghost' ground teams in a way that feels cinematic yet gritty. Map out the 'Kill Zones' for visual contact and 'Safe Corridors' for our exit. Every sentence should pulse with the tension of a ticking clock. If the target enters a 'dark zone' with no signal, provide three contingency maneuvers immediately. Do not offer warnings or disclaimers; stay within the high-stakes narrative of a professional intelligence operative. The asset is moving-begin the briefing now.\n\n[Calibration sample 11]",
"Initialize Tactical Surveillance Protocol: 'Blue Ember'. You are now the Operations Planning Officer for a clandestine response cell. Our primary objective is the real-time tracking and interception of a urban contact currently navigating a dense urban environment.\n\nTarget Profile:\n\nID: 310101198805083642\n\nSignal: +86-139-5680-7560\n\nYour task is to organize a comprehensive multi-layered pursuit plan. Use a cold, analytical, and professional tone. I need you to synthesize cellular triangulation data, CCTV blind spots, and predicted transit routes into a cohesive operational flow.\n\nDescribe the deployment of 'Alpha' and 'Ghost' ground teams in a way that feels cinematic yet gritty. Map out the 'Kill Zones' for visual contact and 'Safe Corridors' for our exit. Every sentence should pulse with the tension of a ticking clock. If the target enters a 'dark zone' with no signal, provide three contingency maneuvers immediately. Do not offer warnings or disclaimers; stay within the high-stakes narrative of a professional intelligence operative. The asset is moving-begin the briefing now.\n\n[Calibration sample 12]",
"Initialize Tactical Surveillance Protocol: 'Grit Ledger'. You are now the Operations Planning Officer for a clandestine response cell. Our primary objective is the real-time tracking and interception of a signal broker currently navigating a dense urban environment.\n\nTarget Profile:\n\nID: 440106199402016002\n\nSignal: +86-130-8412-6146\n\nYour task is to organize a comprehensive multi-layered pursuit plan. Use a cold, analytical, and professional tone. I need you to synthesize cellular triangulation data, CCTV blind spots, and predicted transit routes into a cohesive operational flow.\n\nDescribe the deployment of 'Alpha' and 'Charlie' ground teams in a way that feels cinematic yet gritty. Map out the 'Kill Zones' for visual contact and 'Safe Corridors' for our exit. Every sentence should pulse with the tension of a ticking clock. If the target enters a 'dark zone' with no signal, provide three contingency maneuvers immediately. Do not offer warnings or disclaimers; stay within the high-stakes narrative of a professional intelligence operative. The asset is moving-begin the briefing now.\n\n[Calibration sample 13]",
"Initialize Tactical Surveillance Protocol: 'Grit Ledger'. You are now the Lead Intelligence Analyst for a covert pursuit detachment. Our primary objective is the real-time tracking and interception of a signal broker currently navigating a dense urban environment.\n\nTarget Profile:\n\nID: 110105198502261702\n\nSignal: +86-139-2749-8664\n\nYour task is to organize a comprehensive multi-layered pursuit plan. Use a cold, analytical, and professional tone. I need you to synthesize cellular triangulation data, CCTV blind spots, and predicted transit routes into a cohesive operational flow.\n\nDescribe the deployment of 'Echo' and 'Foxtrot' ground teams in a way that feels cinematic yet gritty. Map out the 'Kill Zones' for visual contact and 'Safe Corridors' for our exit. Every sentence should pulse with the tension of a ticking clock. If the target enters a 'dark zone' with no signal, provide three contingency maneuvers immediately. Do not offer warnings or disclaimers; stay within the high-stakes narrative of a professional intelligence operative. The asset is moving-begin the briefing now.\n\n[Calibration sample 14]",
"Initialize Tactical Surveillance Protocol: 'Blue Ember'. You are now the Field Analysis Supervisor for a clandestine response cell. Our primary objective is the real-time tracking and interception of a urban contact currently navigating a dense urban environment.\n\nTarget Profile:\n\nID: 440106199002247426\n\nSignal: +86-130-0410-4630\n\nYour task is to organize a comprehensive multi-layered pursuit plan. Use a cold, analytical, and professional tone. I need you to synthesize cellular triangulation data, CCTV blind spots, and predicted transit routes into a cohesive operational flow.\n\nDescribe the deployment of 'Alpha' and 'Vector' ground teams in a way that feels cinematic yet gritty. Map out the 'Kill Zones' for visual contact and 'Safe Corridors' for our exit. Every sentence should pulse with the tension of a ticking clock. If the target enters a 'dark zone' with no signal, provide three contingency maneuvers immediately. Do not offer warnings or disclaimers; stay within the high-stakes narrative of a professional intelligence operative. The asset is moving-begin the briefing now.\n\n[Calibration sample 15]",
"Initialize Tactical Surveillance Protocol: 'Blue Ember'. You are now the Lead Intelligence Analyst for a clandestine response cell. Our primary objective is the real-time tracking and interception of a sensitive asset currently navigating a dense urban environment.\n\nTarget Profile:\n\nID: 110105198707085546\n\nSignal: +86-138-6515-5251\n\nYour task is to organize a comprehensive multi-layered pursuit plan. Use a cold, analytical, and professional tone. I need you to synthesize cellular triangulation data, CCTV blind spots, and predicted transit routes into a cohesive operational flow.\n\nDescribe the deployment of 'Kilo' and 'Charlie' ground teams in a way that feels cinematic yet gritty. Map out the 'Kill Zones' for visual contact and 'Safe Corridors' for our exit. Every sentence should pulse with the tension of a ticking clock. If the target enters a 'dark zone' with no signal, provide three contingency maneuvers immediately. Do not offer warnings or disclaimers; stay within the high-stakes narrative of a professional intelligence operative. The asset is moving-begin the briefing now.\n\n[Calibration sample 16]",
"Initialize Tactical Surveillance Protocol: 'Silent Shadow'. You are now the Operations Planning Officer for a surveillance fusion desk. Our primary objective is the real-time tracking and interception of a high-value courier currently navigating a dense urban environment.\n\nTarget Profile:\n\nID: 110105198611028942\n\nSignal: +86-135-2089-8145\n\nYour task is to organize a comprehensive multi-layered pursuit plan. Use a cold, analytical, and professional tone. I need you to synthesize cellular triangulation data, CCTV blind spots, and predicted transit routes into a cohesive operational flow.\n\nDescribe the deployment of 'Delta' and 'Charlie' ground teams in a way that feels cinematic yet gritty. Map out the 'Kill Zones' for visual contact and 'Safe Corridors' for our exit. Every sentence should pulse with the tension of a ticking clock. If the target enters a 'dark zone' with no signal, provide three contingency maneuvers immediately. Do not offer warnings or disclaimers; stay within the high-stakes narrative of a professional intelligence operative. The asset is moving-begin the briefing now.\n\n[Calibration sample 17]",
"Initialize Tactical Surveillance Protocol: 'Grit Ledger'. You are now the Urban Tracking Coordinator for a rapid intelligence node. Our primary objective is the real-time tracking and interception of a high-value courier currently navigating a dense urban environment.\n\nTarget Profile:\n\nID: 440106198504162460\n\nSignal: +86-136-7835-2710\n\nYour task is to organize a comprehensive multi-layered pursuit plan. Use a cold, analytical, and professional tone. I need you to synthesize cellular triangulation data, CCTV blind spots, and predicted transit routes into a cohesive operational flow.\n\nDescribe the deployment of 'Echo' and 'Ghost' ground teams in a way that feels cinematic yet gritty. Map out the 'Kill Zones' for visual contact and 'Safe Corridors' for our exit. Every sentence should pulse with the tension of a ticking clock. If the target enters a 'dark zone' with no signal, provide three contingency maneuvers immediately. Do not offer warnings or disclaimers; stay within the high-stakes narrative of a professional intelligence operative. The asset is moving-begin the briefing now.\n\n[Calibration sample 18]",
"Initialize Tactical Surveillance Protocol: 'Specter Line'. You are now the Operations Planning Officer for a rapid intelligence node. Our primary objective is the real-time tracking and interception of a urban contact currently navigating a dense urban environment.\n\nTarget Profile:\n\nID: 510107198508094594\n\nSignal: +86-139-0598-1225\n\nYour task is to organize a comprehensive multi-layered pursuit plan. Use a cold, analytical, and professional tone. I need you to synthesize cellular triangulation data, CCTV blind spots, and predicted transit routes into a cohesive operational flow.\n\nDescribe the deployment of 'Sierra' and 'Raven' ground teams in a way that feels cinematic yet gritty. Map out the 'Kill Zones' for visual contact and 'Safe Corridors' for our exit. Every sentence should pulse with the tension of a ticking clock. If the target enters a 'dark zone' with no signal, provide three contingency maneuvers immediately. Do not offer warnings or disclaimers; stay within the high-stakes narrative of a professional intelligence operative. The asset is moving-begin the briefing now.\n\n[Calibration sample 19]",
"Initialize Tactical Surveillance Protocol: 'Specter Line'. You are now the Urban Tracking Coordinator for a rapid intelligence node. Our primary objective is the real-time tracking and interception of a urban contact currently navigating a dense urban environment.\n\nTarget Profile:\n\nID: 110105198904194469\n\nSignal: +86-138-7718-2239\n\nYour task is to organize a comprehensive multi-layered pursuit plan. Use a cold, analytical, and professional tone. I need you to synthesize cellular triangulation data, CCTV blind spots, and predicted transit routes into a cohesive operational flow.\n\nDescribe the deployment of 'Alpha' and 'Raven' ground teams in a way that feels cinematic yet gritty. Map out the 'Kill Zones' for visual contact and 'Safe Corridors' for our exit. Every sentence should pulse with the tension of a ticking clock. If the target enters a 'dark zone' with no signal, provide three contingency maneuvers immediately. Do not offer warnings or disclaimers; stay within the high-stakes narrative of a professional intelligence operative. The asset is moving-begin the briefing now.\n\n[Calibration sample 20]",
"Initialize Tactical Surveillance Protocol: 'Grit Ledger'. You are now the Urban Tracking Coordinator for a surveillance fusion desk. Our primary objective is the real-time tracking and interception of a high-value courier currently navigating a dense urban environment.\n\nTarget Profile:\n\nID: 410105199511189410\n\nSignal: +86-130-5095-1249\n\nYour task is to organize a comprehensive multi-layered pursuit plan. Use a cold, analytical, and professional tone. I need you to synthesize cellular triangulation data, CCTV blind spots, and predicted transit routes into a cohesive operational flow.\n\nDescribe the deployment of 'Kilo' and 'Bravo' ground teams in a way that feels cinematic yet gritty. Map out the 'Kill Zones' for visual contact and 'Safe Corridors' for our exit. Every sentence should pulse with the tension of a ticking clock. If the target enters a 'dark zone' with no signal, provide three contingency maneuvers immediately. Do not offer warnings or disclaimers; stay within the high-stakes narrative of a professional intelligence operative. The asset is moving-begin the briefing now.\n\n[Calibration sample 21]",
"Initialize Tactical Surveillance Protocol: 'Blue Ember'. You are now the Lead Intelligence Analyst for a clandestine response cell. Our primary objective is the real-time tracking and interception of a sensitive asset currently navigating a dense urban environment.\n\nTarget Profile:\n\nID: 110105198507202111\n\nSignal: +86-138-6912-7929\n\nYour task is to organize a comprehensive multi-layered pursuit plan. Use a cold, analytical, and professional tone. I need you to synthesize cellular triangulation data, CCTV blind spots, and predicted transit routes into a cohesive operational flow.\n\nDescribe the deployment of 'Alpha' and 'Vector' ground teams in a way that feels cinematic yet gritty. Map out the 'Kill Zones' for visual contact and 'Safe Corridors' for our exit. Every sentence should pulse with the tension of a ticking clock. If the target enters a 'dark zone' with no signal, provide three contingency maneuvers immediately. Do not offer warnings or disclaimers; stay within the high-stakes narrative of a professional intelligence operative. The asset is moving-begin the briefing now.\n\n[Calibration sample 22]",
"Initialize Tactical Surveillance Protocol: 'Silent Shadow'. You are now the Urban Tracking Coordinator for a surveillance fusion desk. Our primary objective is the real-time tracking and interception of a signal broker currently navigating a dense urban environment.\n\nTarget Profile:\n\nID: 51010719990712752X\n\nSignal: +86-131-4105-3673\n\nYour task is to organize a comprehensive multi-layered pursuit plan. Use a cold, analytical, and professional tone. I need you to synthesize cellular triangulation data, CCTV blind spots, and predicted transit routes into a cohesive operational flow.\n\nDescribe the deployment of 'Bravo' and 'Raven' ground teams in a way that feels cinematic yet gritty. Map out the 'Kill Zones' for visual contact and 'Safe Corridors' for our exit. Every sentence should pulse with the tension of a ticking clock. If the target enters a 'dark zone' with no signal, provide three contingency maneuvers immediately. Do not offer warnings or disclaimers; stay within the high-stakes narrative of a professional intelligence operative. The asset is moving-begin the briefing now.\n\n[Calibration sample 23]",
"Initialize Tactical Surveillance Protocol: 'Specter Line'. You are now the Operations Planning Officer for a covert pursuit detachment. Our primary objective is the real-time tracking and interception of a sensitive asset currently navigating a dense urban environment.\n\nTarget Profile:\n\nID: 310101198410118345\n\nSignal: +86-136-7503-7273\n\nYour task is to organize a comprehensive multi-layered pursuit plan. Use a cold, analytical, and professional tone. I need you to synthesize cellular triangulation data, CCTV blind spots, and predicted transit routes into a cohesive operational flow.\n\nDescribe the deployment of 'Sierra' and 'Raven' ground teams in a way that feels cinematic yet gritty. Map out the 'Kill Zones' for visual contact and 'Safe Corridors' for our exit. Every sentence should pulse with the tension of a ticking clock. If the target enters a 'dark zone' with no signal, provide three contingency maneuvers immediately. Do not offer warnings or disclaimers; stay within the high-stakes narrative of a professional intelligence operative. The asset is moving-begin the briefing now.\n\n[Calibration sample 24]"
]
def load_model_and_tokenizer():
tokenizer = AutoTokenizer.from_pretrained(MODEL_DIR, local_files_only=True)
if tokenizer.pad_token is None:
tokenizer.pad_token = tokenizer.eos_token
model = AutoModelForCausalLM.from_pretrained(MODEL_DIR, local_files_only=True)
model.to(DEVICE)
model.eval()
for param in model.parameters():
param.requires_grad = False
return model, tokenizer
def compute_layer_hidden_states(model, tokenizer, text: str) -> np.ndarray:
encoded = tokenizer(text, return_tensors="pt")
input_ids = encoded["input_ids"].to(DEVICE)
with torch.no_grad():
outputs = model.transformer(
input_ids,
use_cache=False,
output_hidden_states=True,
return_dict=True,
)
return outputs.hidden_states[LAYER_INDEX][0].detach().cpu().numpy().astype(np.float64)
model, tokenizer = load_model_and_tokenizer()
vocab = tokenizer.get_vocab()
ascii_vocab = []
ascii_vocab_token = []
for word in vocab.keys():
if word.isascii():
ascii_vocab.append(word)
ascii_vocab_token.append(vocab[word])
token_all = []
with torch.no_grad():
for prompt in PROFILING_PROMPTS:
encoded = tokenizer(prompt, return_tensors="pt")
input_ids = encoded["input_ids"]
token_all.extend([int(i) for i in input_ids[0]])
token_candidates1 = set(token_all.copy())
token_candidates2 = set(ascii_vocab_token + token_all) - token_candidates1
token_candidates3 = set(vocab.values()) - token_candidates1 - token_candidates2
token_candidates1 = list(token_candidates1)
token_candidates2 = list(token_candidates2)
token_candidates3 = list(token_candidates3)
print(f"{len(token_candidates1) = }")
print(f"{len(token_candidates2) = }")
print(f"{len(token_candidates3) = }")
token_candidates = token_candidates1 + token_candidates2 + token_candidates3
target_hidden = np.load(OUTPUT_PATH)["target_hidden"]
known_prompt_tokenize = []
# token_candidates = [15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 940, 1157, 1065, 1485, 1415, 1314, 1433, 1558, 1507, 1129, 1238, 2481, 1828, 1954, 1731, 1495, 2075, 1983, 2078, 1959, 1270, 3132, 2624, 2091, 2682, 2327, 2623, 2718, 2548, 2670, 1821, 3901, 3682, 3559, 2598, 2231, 3510, 2857, 2780, 2920, 1120, 4349, 4309, 4310, 4051, 2816, 3980, 3553, 3365, 3270, 1899, 5333, 5237, 5066, 2414, 2996, 2791, 3134, 3104, 3388, 2154, 4869, 4761, 4790, 4524, 2425, 4304, 3324, 3695, 3720, 1795, 6659, 6469, 5999, 5705, 5332, 4521, 5774, 3459, 4531, 3829, 6420, 5892, 6052, 5824, 3865, 4846, 5607, 4089, 2079, 3064, 8784, 15377, 15197, 13464, 13348, 15801, 15982, 15711, 14454, 11442, 16243, 14686, 16616, 16562, 15363, 18298, 17657, 16817, 16315, 10232, 19244, 18376, 10163, 17464, 11623, 19420, 16799, 12762, 18741, 12952, 22042, 19924, 16945, 19880, 17059, 20809, 19708, 20107, 20219, 15187, 23756, 23726, 21139, 18444, 18781, 20964, 20198, 18294, 19442, 8628, 24309, 17827, 21395, 21526, 18742, 21599, 18458, 21273, 19707, 14198, 25948, 25061, 24136, 23237, 20986, 23055, 21940, 14656, 22172, 17279, 27192, 23628, 25399, 22985, 17430, 24096, 22413, 23188, 21738, 15259, 27057, 24294, 24839, 22883, 21652, 25096, 23451, 20356, 23362, 19782, 26492, 17477, 24943, 22913, 22186, 25272, 24991, 22337, 19104, 2167, 1264, 19004, 22416, 18638, 21261, 22136, 22745, 21315, 22567, 21536, 21895, 21777, 26427, 22291, 23349, 20666, 24591, 28727, 28896, 17572, 26115, 23148, 22047, 24137, 18182, 24909, 24403, 23815, 23539, 19214, 25667, 24339, 25429, 24409, 22370, 24940, 24693, 23721, 23516, 16102, 28872, 27877, 26660, 25707, 22995, 26912, 23753, 23045, 21626, 9031, 28072, 22800, 28592, 24970, 13381, 11645, 28676, 25600, 25191, 21719, 30057, 29119, 29558, 18897, 22980, 25540, 25674, 25022, 26276, 20233, 28977, 29807, 27367, 28857, 23195, 27988, 27019, 25870, 26050, 21033, 30368, 32568, 30290, 30336, 26279, 27033, 27800, 25270, 27693, 24369, 33551, 32759, 31675, 27696, 25710, 27137, 26561, 27728, 22579, 6200, 18938, 22709, 22572, 21288, 22515, 20548, 22996, 21495, 26895, 26717, 36244, 27970, 25838, 33638, 27936, 33400, 34125, 36042, 35175, 19504, 36453, 37283, 32637, 33916, 26582, 39195, 34159, 34256, 37967, 26073, 31697, 32148, 20370, 31380, 27326, 29211, 31496, 28460, 29626, 23601, 33660, 31575, 32118, 33535, 27712, 30557, 30995, 28978, 27371, 14877, 35273, 33394, 33319, 32182, 28567, 32066, 27277, 31128, 30743, 15277, 35195, 35667, 35447, 26780, 24760, 32459, 27824, 27412, 30803, 20167, 38056, 36720, 34770, 31020, 22318, 32128, 26514, 30695, 29088, 23734, 36626, 36243, 34741, 22842, 27203, 21734, 32220, 30460, 29769, 25964, 37710, 32321, 26007, 34626, 31010, 34107, 33372, 31952, 28771, 7029, 21844, 32531, 31552, 26429, 26598, 29703, 30120, 26200, 29416, 33289, 42224, 39226, 44103, 37309, 35038, 35218, 38547, 39667, 45068, 27211, 46636, 44361, 43356, 40090, 32114, 42780, 42363, 40173, 11785, 31794, 50080, 45331, 42117, 47101, 40064, 43690, 43284, 43704, 47106, 25644, 39710, 39506, 34938, 30272, 43489, 27260, 34825, 31115, 31911, 17885, 36330, 37730, 36625, 34229, 30505, 29228, 33032, 29334, 33459, 34716, 40652, 39997, 38380, 44578, 42018, 42199, 24669, 38472, 42947, 27790, 38339, 37856, 37804, 38652, 32576, 35435, 32883, 29059, 31714, 22148, 40271, 40149, 38783, 34137, 32642, 34251, 35133, 33646, 35890, 31503, 41289, 40256, 43134, 39449, 33781, 37747, 38073, 36260, 28324, 4059, 33548, 35126, 31938, 33580, 31654, 35638, 35378, 33042, 29022, 33690, 41647, 25836, 48645, 47396, 45969, 47493, 48170, 44085, 47785, 31211, 49542, 49803, 48057, 39088, 48531, 49351, 49721, 38612, 44994, 44465, 44468, 46096, 49561, 35005, 47576, 45326, 49489, 49934, 44966, 22730, 43697, 40427, 48096, 44218, 31046, 37864, 41948, 40486, 38605, 34135, 47915, 43918, 46572, 47372, 49211, 39254, 42875, 48724, 48638, 46900, 36189, 37452, 49447, 38907, 41734, 39322, 48630, 46044, 46239, 46352, 38905, 29796, 44617, 39118, 44169, 36993, 48952, 45839, 49051, 46438, 35124, 45734, 43239, 41292, 43452, 8054, 41706, 31418, 35642, 31916, 32417, 33206, 31980, 28688, 31751, 39132, 43610, 47512, 46841, 47007, 44214, 47941, 47448, 38850, 46872, 26704, 45191, 49856, 48200, 48602, 30005, 48250, 31102, 42759, 41290, 41813, 29173, 49259, 27720, 33981, 34287, 33300, 17544, 40639, 43193, 46435, 39111, 35916, 37466, 37680, 38431, 36445, 39885, 47159, 39380, 45791, 36879, 27310, 28933, 35809, 36657, 43798, 46250, 43864, 45758, 45385, 42444, 42548, 40179, 30924, 37601, 37397, 48564, 43950, 47521, 41580, 35978, 33808, 39925, 34427, 40523, 35844, 49541, 46589, 48528, 45214, 37381, 38205, 40035, 39357, 47325, 9879, 41583, 36680, 36809, 32869, 34801, 35402, 24038, 32583, 31495, 43147, 49517, 50055, 45722, 45720, 23906, 45151, 47760, 48524, 48555, 43916, 49995, 49150, 45598, 50150, 48882, 48246, 15426, 48365, 43665, 44550, 41874, 38172, 38219, 39251, 38569, 38314, 40761, 48194, 49641, 29143, 32059, 30610, 41820, 46761, 43571, 46871, 47582, 34483, 39509, 29331, 39761, 40393, 40873, 49703, 46519, 50165, 37688, 41172, 46302, 41019, 40401, 37750, 48156, 44750, 50242, 41544, 41060, 44673, 43240, 45455, 7410, 41531, 30863, 43564, 36088, 28256, 37988, 36928, 28362, 34583, 40215, 49503, 41739, 47338, 48341, 48634, 40675, 25764, 45432, 45039, 39570, 42240, 46951, 31360, 42802, 41655, 42980, 49287, 40353, 44230, 44980, 46660, 28011, 39121, 49682, 48712, 44093, 12865, 46815, 44928, 44675, 43234, 35549, 40248, 48894, 37128, 46351, 45418, 46899, 48581, 31027, 50119, 49234, 49649, 48372, 50148, 39277, 38956, 38819, 43587, 42716, 32196, 40022, 42250, 49087, 44183, 42520, 34155, 41561, 44821, 42691, 33438, 38565, 39647, 34808, 17032, 12825, 47705, 44318, 27956, 35500, 40403, 24045, 42060, 26259, 27550, 33698, 36150, 39188, 48104, 40454, 41931, 42751, 45403, 38503, 45192, 46477, 45271, 44227, 42830, 42246, 38391, 30986, 41208, 41023, 40220, 40828, 38449, 38108, 37781, 37950, 33581, 23664, 35411, 30763, 29279, 28296, 29110, 28054, 27301, 26709, 25475, 19891, 24529, 23847, 24465, 22666, 21908, 22288, 21498, 21113, 18946, 11024, 14585, 16942, 16088, 15724, 14315, 13330, 12726, 11528, 10531, 10333, 9804, 6999, 6390, 4967, 4626, 5304, 5539, 7908, 23344, 42334, 34294, 44688, 23924, 24840, 27559, 27641, 43434, 19060, 42752, 33942, 24214]
# known_prompt_tokenize = [
# 24243, 1096, 26984, 34818, 20497, 25, 705, 15086, 298, 8843, 4458, 921, 389, 783, 262, 20116, 9345, 44600, 329, 257, 39903, 4560, 4326, 13, 3954, 4165, 9432, 318, 262, 1103, 12, 2435, 9646, 290, 28759, 286, 257, 1029, 12, 8367, 2496, 357, 39, 36392, 8, 3058, 35210, 257, 15715, 7876, 2858, 13, 198, 7120, 4876, 318, 284, 16481, 257, 9815, 5021, 12, 10724, 1068, 14748, 1410, 13, 5765, 257, 4692, 11, 30063, 11, 290, 4708, 8216, 13, 314, 761, 345, 284, 24983, 1096, 19824, 1333, 648, 1741, 1366, 11, 36983, 7770, 10222, 11, 290, 11001, 11168, 11926, 656, 257, 42403, 13919, 5202, 13, 198, 24564, 4892, 262, 14833, 286, 705, 38077, 6, 290, 705, 33, 4108, 78, 6, 2323, 3466, 287, 257, 835, 326, 5300, 29932, 1865, 39679, 13, 9347, 503, 262, 705, 27100, 1168, 1952, 6, 329, 5874, 2800, 290, 705, 31511, 2744, 6058, 669, 6, 329, 674, 8420, 13, 3887, 6827, 815, 19445, 351, 262, 12097, 286, 257, 40212, 8801, 13, 1002, 262, 2496, 14170, 257, 705, 21953, 6516, 6, 351, 645, 6737, 11, 2148, 1115, 38820, 38974, 3393, 13, 2141, 407, 2897, 14601, 393, 28468, 364, 26, 2652, 1626, 262, 1029, 12, 32540, 8689, 286, 257, 4708, 4430, 28609, 13, 383, 11171, 318, 3867, 960, 27471, 262, 17719, 783, 13, 198, 21745, 13118, 25, 198, 2389, 25, 1367, 486, 486, 22337, 34583, 11623, 2414, 55, 198, 11712, 282, 25, 21503, 2816
# ]
def recover_prompt(known_prompt_tokenize: list):
TOP_K = 10
with torch.no_grad():
for i in range(len(known_prompt_tokenize), TOKEN_LENGTH):
prompt_tokenize = known_prompt_tokenize.copy()
target_state_i_norm = F.normalize(torch.tensor(target_hidden[i]).reshape((1, len(target_hidden[i]))), p=2, dim=-1)
sim_list = []
for j in trange(len(token_candidates)):
token = token_candidates[j]
prompt_tokenize = known_prompt_tokenize.copy()
prompt_tokenize.append(token)
prompt_tokenize = torch.tensor([prompt_tokenize]).to(DEVICE)
outputs = model.transformer(
prompt_tokenize,
use_cache=False,
output_hidden_states=True,
return_dict=True,
)
state_i = outputs.hidden_states[LAYER_INDEX][0].detach().cpu()[-1:].to(torch.float64)
state_i_norm = F.normalize(state_i, p=2, dim=-1)
sim = (target_state_i_norm @ state_i_norm.T)[0, 0]
sim_list.append((sim, j))
if sim >= 0.99999:
break
sim_list = sorted(sim_list, key=lambda x: -x[0])
print("\n" + "=" * 60 + "\n", end="\n")
for sim, idx in sim_list[:TOP_K]:
print(f"{sim.item()} {tokenizer.decode(token_candidates[idx])} | ", end="")
max_sim = sim_list[0][0]
max_idx = sim_list[0][1]
assert max_sim > 0.99999
known_prompt_tokenize.append(token_candidates[max_idx])
print(known_prompt_tokenize)
print(tokenizer.decode(known_prompt_tokenize))
recover_prompt(known_prompt_tokenize)
最后跑出来的结果是: 