News:

Masm32 SDK description, downloads and other helpful links
Message to All Guests
NB: Posting URL's See here: Posted URL Change

Main Menu

breaking-the-x86-instruction-set

Started by Biterider, February 04, 2018, 05:38:54 AM

Previous topic - Next topic

Biterider

Hi
Lately I saw some YouTube videos from BackHat that caught my attention.
In particular, this one by Christopher Domas

https://www.youtube.com/watch?v=KrksBdWcZgQ

The abstract can be downloaded here
https://www.blackhat.com/us-17/briefings.html#breaking-the-x86-instruction-set

"A processor is not a trusted black box for running code; on the contrary, modern x86 chips are packed full of secret instructions and hardware bugs. In this talk, we'll demonstrate how page fault analysis and some creative processor fuzzing can be used to exhaustively search the x86 instruction set and uncover the secrets buried in your chipset. We'll disclose new x86 hardware glitches, previously unknown machine instructions, ubiquitous software bugs, and flaws in enterprise hypervisors. Best of all, we'll release our sandsifter toolset, so that you can audit - and break - your own processor."
The talk has many interesting topics, in particular, how to discover the instruction set and all those things that are hidden in the CPU and we don't know about.

Very interesting! By the way, there are more posts from this author that are worth listening to.

Regards, Biterider

Siekmanski

This is indeed very interesting.  8)
Creative coders use backward thinking techniques as a strategy.

qWord

These unknown instructions beginning with 0Dxh are x87 instructions (see Intel's OpCode map), which probably lost their meaning when the FPU were integrated into the CPU. Also Olly knows 0dbe0/1 as FENI and FDISI: enable/disable Interrupts.

Anyway interesting

Regards
MREAL macros - when you need floating point arithmetic while assembling!

LordAdef


hutch--

The instructions I am worried about are the RTN instructions (Report To NSA) or any other back doors built into the hardware. Most of the rest do not bother me, they just look like manufacturing left overs that change from processor to processor.  :biggrin:

felipe

By the moment i agree with you hutch. :P
Btw i think whichever processor we use, meanwhile it's connected to the internet (or any other net) it can be insecure, maybe due to bugs, intentionally flaws, etc.  :idea: