Jump to content
Please Use CODE Tags

Breaking the x86 instruction set - Probing for hidden instructions

Unimportant
 Share
Posted

I just wanted to share this incredibly interesting video I stumbled across.

A presentation by Christopher Domas about the search for undocumented, and thus purposely hidden, instructions in x86 CPU's.

 

Not only the fact that there seems to be lots of hidden stuff on your average x86 is interesting, the clever ways of probing for those instructions are entertaining. (Well, at least I think so)

 

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

The exact same video was posted in general less than a hour ago lol 

AMD Ryzen R7 1700 (3.8ghz) w/ NH-D14, EVGA RTX 2080 XC (stock), 4*4GB DDR4 3000MT/s RAM, Gigabyte AB350-Gaming-3 MB, CX750M PSU, 1.5TB SDD + 7TB HDD, Phanteks enthoo pro case

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

And this is why I chuckle anytime I see some "completely open source" computer system or some FOSS diehard going off. Because the hardware itself often times isn't really open source and is just as bad as the proprietary software they want us to get away from.

I have a blogAnd a list of guides I've posted

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

I recall some years back there was a debugging mode in some Intel or AMD processors which required multiple successive opcodes to enable. The method detailed in this video would not work to uncover such modes.

Additionally, he mentions in the video that there are some opcodes which might (or might not) trap upon error. In terms of undocumented stuff, once you trigger it, there's no going back, it could be harmful and you won't necessarily know you've triggered it...

Nonetheless, I saw this and enjoyed it :)

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

Haven't had the chance to watch it all, so hopefully this isn't brought up later in the talk, but in a similar vein, even the designers themselves are also assuming (hoping?) that the hardware that's fabricated is the same as what was sent to the fab :)

 

There was a really interesting paper out of the University of Michigan last year that demonstrated an attack by which a malicious actor adds as little as one gate to a design at fabrication time and uses analog properties of the design along with a sequence of innocuous commands to modify the system state (like the ability to flip a privileged execution bit). The end result was basically undetectable with existing techniques (and so pretty sure they're working on those now).

 

A summary is given from the first paper on this page. Wired has a more in depth article but this gets to the point faster

http://eecs.umich.edu/eecs/about/articles/2016/IEEE-Security-Privacy-papers.html

The actual paper itself

http://eecs.umich.edu/eecs/about/articles/2016/A2_SP_2016.pdf

Link to comment
Share on other sites
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing Programming

×