Talk from BlackHat2018 by the same guy who did the talk last year on finding all the undocumented instructions in x86.
The TL:DW is there is a hidden instruction in x86 which only becomes valid when a specific bit in one of the CPUs configuration registers is set. It was found using the code developed last year for finding undocumented instructions by poking at the configuration registers and seeing if any new instructions became valid. When the instruction is used it launches a deeply embedded RISC core which can run code at a level more privileged than even the ME/PSP.
Seems like the real samsung option has been uncovered.
Cameron Rogers
Why do I get the feeling this guy will be (((suicided))) sooner or later for this?
Joseph Hall
Because he is uncovering glow-in-the-dark CIA nigger ops
James Roberts
Is this legit? I'm watching it right now and holy shit this is insane. How is this even possible? I disabled Shintel MSM on my laptop but their tech is so rotten to it's core NOTHING helps. I'll try to switch to PowerPC ISA as my daily driver
Jose Harris
Because we're sitting here not stopping them.
Jaxon King
Near the end of the video the system time of the debian (6) is 2014. So I wonder, is this stuff he has done way back, or is the timestamp in the system just way off? Anyway smart move on his part to target via and not intel. The methods are shown to work, so now it is up to the rest of the community to start replicating this with more commonly used hardware. This way he keeps the target on his back a more reasonable size.
Ryder Campbell
this is the result of consumers demanding more bloat for decades
Easton Harris
Yes because of special interests from both the private and public sector, same deal with ME and PSP.
Quite easily, the RISC core probably only has a few dozen instructions and shares the execution pipeline with one of the x86 cores so its easy to hide it given how small the transistors are on even CPUs from the 90s.
He tested Intel, whats special about the Via system at the end is the bit which enables the instruction is set by default which is why he brought it up.
It might just be a fucked system clock, notice the last login was 2013. Or it could be a system without internet access to sync the clock.
So in addition to the ME 'cpu' there is yet another 'cpu' in the cpu? Could it be any more complicated? How many more of these cpu's are inside our cpu's?
Tyler Rogers
Whelp, time to start implementing my own massive FPGA arrays.
Charles Lopez
Maybe. I don't know much about FPGAs, but I think that to program them you need software and tools that are closed. And maybe there is a layer in FPGAs that are susceptible to gay shit.
What I want is some fully open shit. Even if it means going back to 1980's tech. The best thing to do would be to start right from the beginning. And make sure that we make no mistakes along the way this time.
Leo Flores
We just need a cpu without rings beyond the bare minimum needed, which I suppose is 2 or 3 in practice. Then remove all the exploitable gay shit like speculative execution and out of order. Saves a bunch of die area as well. Who cares, or just put an extra core on the die with all that area saved.
Daniel Williams
Oh cool, this guy's still alive. I just assumed he committed suicide via 6 gunshots to the back of the head.
Nathan Murphy
- Only VIA CPUs have this feature, as far as we know - The 'hidden' instruction that he found has been in VIA's public datasheets since 2004 - According to the datasheets, only ring 0 is supposed to be able to enable the instruction - Some BIOS manufacturers fucked up and made it available to ring 3
Joshua Gonzalez
that's the whole point
Anthony Sanchez
Thanks for the facts. I hate sensationalism caused by false narratives.
Kayden Parker
Rings are execution privilege levels so in normal circumstances virus.js cannot run on ring 1 along with the kernel. I wholly agree that CPUs are Jewed to the microscopic level but rings are not evil by design.
Henry Russell
Small correction, turns out I fucked up and kernel actually runs at ring 0.
Nathaniel Barnes
Regardless of why it's there, it's interesting that it is there, or more importantly, how someone stumbled upon it. If this was just a mistake, it's useful to know how to detect these bugs BEFORE pushing to market. If this is intentional, it's still useful to know how to detect one embodiment of this pattern.
I phrased my post not entirely correct. What I meant to say was I agree they are not evil by design, and while you can be secure without, that path is largely unexplored.
Arm goes the other way, with 0 being least priviliged, and 2 and 3 being kernel and hypervisor. At least that way you avoid the negative level retardation we have now.
James Nguyen
The process for this is brilliant. How it was continually reduced and automated. The correlations between experiment results and patent descriptions.
Do you jerk yourself off on online IQ tests as well pretentious bastard? No one likes what you described, non-spergs just watch the talk and go on with their life, you on the other hand are just utterly retarded.
On a few non-Intel and non-AMD CPUs, the instruction was documented clearly as being a debug feature (but docs were hard to find bc niche hardware), and even then the real issue was the products shipping with the debug flag turned on.
because you didn't watch the video
Intentionally giving the 3 letters a 50 years tech advantage is suicidal (they have infinitely better tools and far more experience), and so is isolating your project from the general public (nobody will help or give feedback for something they won't use).
Actions speak louder than words.
Juan Brooks
why is net wearing a party hat
Gabriel Taylor
Why the fuck would they put this in their patents?
Lucas Hughes
in order to ensure those damned jews from RISC-V don't copy such vital features without any legal repercussions
People could still use current hardware in the interim. Take, as an analogy, development of a new OS. A new OS is not self-hosting right away. That is no reason to abandon the project. Even once it is self-hosting some tasks cannot be done on the OS. Still not a reason to abandon it. Debatable. Even if it were the case, governmental agencies only have as must expertise in technology as they can purchase. The experts in technology come up organically and are then conscripted by agencies. Agents are absolute mongoloids when it comes to technology, hence why they go into such jobs in the first place. I proposed no such thing. On the contrary I specifically stated the need for open hardware. The inability of the average person to fully understand an idea, in this case a hardware design, must not be conflated with an attempt to obfuscate it. The general public should not be involved in this process. Why would any project aimed at creating open hardware want to invite the general public into the development process? The general public does not have the knowledge necessary to meaningfully contribute and will only get in the way. The new trend of trying to empower the average person and invite him or her into areas he or she is not literate in is a mistake. So many projects are now trying to invite idiots into their ranks. All these new people do is slow down development by introducing more garbage code and features. Now, if a member of the general public is able to educate themselves up to the level necessary to meaningfully contribute, then by all means let them in.
Tyler Edwards
JUST
Isaiah Howard
Barnaby Jack
Jaxson Allen
The really damning thing about this talk is the tools and techniques described will almost certainly be applied to more conventional PCs, and I won't at all be surprised if it turns out there's something similar for Intel ME, or Intel in general.
Kevin Hill
but muh amdahl's law
Michael Phillips
meh, the stuff that requires the most performance is also the stuff that they focus on making parallel. 95% Percent of computer use hasn't really changed for the past two decades, meaning that we should be able to get by with (single thread) performance from a decade ago. Now I you want gaymen, you just have to put physics, ai, sound on the other cores.
Well, the only thing older pc's suffer with is jewtube of course, despite the fact that they can play 1080p without breaking a sweat using mpv.
Michael Williams
I was using a desktop from a decade ago as my main machine until recently. Everything worked fine but YouTube vids at 1080p or 720p60. But with mkv I could play everything but 4k. Idk what Jew shit yt does to cause this.
Ryan Lewis
The PDP-11 should suffice...
Michael Bennett
Nothing to see here, it's just a pure coincidence my friend.
Dylan Scott
The source code he published is pretty cool CPU fuzzing stuff. That alone is a decent framework for detecting similar systems in other CPUs.
Leo Stewart
100% Cohencidence
Blake Reyes
What if CPU speeds haven't plateaued, but instead all the extra clock was being used to help the intelligence agencies fully monitor our computers?
This would be a copy of how power plants underreport their capacity and use the excess to rapidly evaporate steam to create the weather.
Jack Hernandez
I am beginning to think all the other CPU security flaws over the years were red herrings to throw us off of this one.
We need to be scanning all our executable code for instructions that turn on and enable the deep core. Or at least the eggheads who know how to do that should do that.
Chase Baker
No, there is a hidden instruction in A VERY SPECIFIC LINE OF X86 PROCESSORS FROM A SINGLE COMPANY MOST OF YOU HAVE NEVER HEARD OF WHICH THE AVERAGE USER IS VERY UNLIKELY TO BE ON.
Jesus fucking christ you niggers make searching for security information extremely difficult. BE ACCURATE!
you know he's completely uninformed on the subject and just going in with a hammer?
there are tools to debug and reverse engineer cpus study guide: silicon compiler verilog VHDL DARPA microscope blackboxed electronics osciliscope
stop being stupid there's no reason for this where he is
William Kelly
That started happening around sandy bridge with the intel ME you faggot. It's like javascript bitcoin miners but for the A.I by using your CPU. If you disable the ME your battery life skyrockets with all the idle time you get on a optimized software system like lubuntu or gentoo. Like I got 5+w of idle savings just by disabling ME.
Brody Roberts
Believe that Intel emulates x86 behind 128 synchronized instructions that must be carefully chosen to also create a valid cryptographic hash when salted with the current system timestamp and a hardcoded secret prime instead of toggling this mode with one undocumented instruction. Have faith. Pray.
The better question is what the fuck is actually under the x86 emulation layer.
Daniel Thomas
CPU speeds started rolling back when engineers worked out that pipelines with 30 stages aren't actually that good. Its better from a performance standpoint to have a shorter pipeline which runs at a slightly lower clock than the opposite.
Ian Anderson
It's about the fact that it is implemented in something in the first place. Which makes it more likely that it exists in other products as well. It's like a world in which ebola only existed in theory. But then in some nigger village you find a nigger with ebola. You now know that both ebola exists, and that some other villagers are likely infected as well.
Anthony Walker
it's several megabytes of javacsript running in the background + poorly optimized html5 media players
Oliver Gray
Good to know that I still got my Z80 board ready. I only have got to unwrap it from all those layers of aluminum foil.
Anthony Ramirez
web video is dog shit. they don't care about performance. it's literally as shit as it was ~15 years ago with flash. seeking never remotely worked (inb4 XDDD this is a hard engineeering problem XDDDDDDDDDDDDDDDDDD)
and literally all the firefux browsers still grey out the picture and show the loading wheel while the video is playing. even if that was because the stream is choppy or about to pause, you don't have to grey out the entire fucking image. but i often watch entire videos and it doesn't stutter once yet it's still greyed out with the loading wheel
also the UI is fucktarded. why is it like i'm clicking a hyperlink when i click any part of the video????? why can't it just be a normal GUI like VLC where you can click on shit and it responds? there's no evidence that a single thought went into any of the design of the web video player shit
Wyatt Anderson
"Something" being VIA C3 processors. No fucking shit you can backdoor whatever you want if you design the chip. That doesn't equate to a hardware back door in all of X86, as that retard in the OP is claiming.
How does causality work in your universe user? Over in mine, something being done covertly by one company does not impact the possibility of that thing being done covertly by a different company.
Austin Price
you are right. no one should lose sleep over this
Cameron Miller
You know you have a good argument when the only response are weak strawmen that misrepresent the point you were making.
Luke Lewis
VIA demonstrated what's possible, and this man has also provided a framework for people to try doing similar things on other computers. Plus, we already have unauditable trash like Intel ME, it really wouldn't surprise me if it turns out there's something similar to the VIA chips in their CPUs.
