[–]▶ No.962863>>962920 >>962979 >>962986 >>963046 >>963201 >>963233 >>964164 [Watch Thread][Show All Posts]
https://www.youtube.com/watch?v=_eSAF_qT_FY
Talk from BlackHat2018 by the same guy who did the talk last year on finding all the undocumented instructions in x86.
The TL:DW is there is a hidden instruction in x86 which only becomes valid when a specific bit in one of the CPUs configuration registers is set. It was found using the code developed last year for finding undocumented instructions by poking at the configuration registers and seeing if any new instructions became valid. When the instruction is used it launches a deeply embedded RISC core which can run code at a level more privileged than even the ME/PSP.
▶ No.962874
Seems like the real samsung option has been uncovered.
▶ No.962890>>962912 >>963201
Why do I get the feeling this guy will be (((suicided))) sooner or later for this?
▶ No.962912
>>962890
Because he is uncovering glow-in-the-dark CIA nigger ops
▶ No.962920>>962925 >>962935 >>962940
>>962863 (OP)
Is this legit? I'm watching it right now and holy shit this is insane. How is this even possible? I disabled Shintel MSM on my laptop but their tech is so rotten to it's core NOTHING helps. I'll try to switch to PowerPC ISA as my daily driver
▶ No.962925
>>962920
>How is this even possible?
Because we're sitting here not stopping them.
▶ No.962932>>962940
Near the end of the video the system time of the debian (6) is 2014. So I wonder, is this stuff he has done way back, or is the timestamp in the system just way off?
Anyway smart move on his part to target via and not intel. The methods are shown to work, so now it is up to the rest of the community to start replicating this with more commonly used hardware.
This way he keeps the target on his back a more reasonable size.
▶ No.962935
>>962920
this is the result of consumers demanding more bloat for decades
▶ No.962940
>>962920
>Is this legit?
Yes because of special interests from both the private and public sector, same deal with ME and PSP.
>How is this even possible?
Quite easily, the RISC core probably only has a few dozen instructions and shares the execution pipeline with one of the x86 cores so its easy to hide it given how small the transistors are on even CPUs from the 90s.
>>962932
>Anyway smart move on his part to target via and not intel.
He tested Intel, whats special about the Via system at the end is the bit which enables the instruction is set by default which is why he brought it up.
>Near the end of the video the system time of the debian (6) is 2014. So I wonder, is this stuff he has done way back, or is the timestamp in the system just way off?
It might just be a fucked system clock, notice the last login was 2013. Or it could be a system without internet access to sync the clock.
▶ No.962957
▶ No.962979
>>962863 (OP)
So in addition to the ME 'cpu' there is yet another 'cpu' in the cpu? Could it be any more complicated? How many more of these cpu's are inside our cpu's?
▶ No.962986>>963008
>>962863 (OP)
Whelp, time to start implementing my own massive FPGA arrays.
▶ No.963008>>963014 >>963201 >>963939
>>962986
Maybe. I don't know much about FPGAs, but I think that to program them you need software and tools that are closed. And maybe there is a layer in FPGAs that are susceptible to gay shit.
What I want is some fully open shit. Even if it means going back to 1980's tech. The best thing to do would be to start right from the beginning. And make sure that we make no mistakes along the way this time.
▶ No.963014>>963136 >>963812
>>963008
We just need a cpu without rings beyond the bare minimum needed, which I suppose is 2 or 3 in practice.
Then remove all the exploitable gay shit like speculative execution and out of order. Saves a bunch of die area as well.
>but muh berformance
Who cares, or just put an extra core on the die with all that area saved.
▶ No.963046>>963580
>>962863 (OP)
Oh cool, this guy's still alive. I just assumed he committed suicide via 6 gunshots to the back of the head.
▶ No.963052>>963126 >>963130 >>963141 >>963683
- Only VIA CPUs have this feature, as far as we know
- The 'hidden' instruction that he found has been in VIA's public datasheets since 2004
- According to the datasheets, only ring 0 is supposed to be able to enable the instruction
- Some BIOS manufacturers fucked up and made it available to ring 3
▶ No.963126
>>963052
>as far as we know
that's the whole point
▶ No.963130>>963188
>>963052
Thanks for the facts. I hate sensationalism caused by false narratives.
▶ No.963136>>963139 >>963144
>>963014
Rings are execution privilege levels so in normal circumstances virus.js cannot run on ring 1 along with the kernel. I wholly agree that CPUs are Jewed to the microscopic level but rings are not evil by design.
▶ No.963139
>>963136
Small correction, turns out I fucked up and kernel actually runs at ring 0.
▶ No.963141
>>963052
Regardless of why it's there, it's interesting that it is there, or more importantly, how someone stumbled upon it.
If this was just a mistake, it's useful to know how to detect these bugs BEFORE pushing to market.
If this is intentional, it's still useful to know how to detect one embodiment of this pattern.
▶ No.963144
>>963136
I phrased my post not entirely correct. What I meant to say was
>no ring beyond the minimum _amount_ needed, which is 2 or 3 I guess.
I agree they are not evil by design, and while you can be secure without, that path is largely unexplored.
Arm goes the other way, with 0 being least priviliged, and 2 and 3 being kernel and hypervisor. At least that way you avoid the negative level retardation we have now.
▶ No.963153
The process for this is brilliant. How it was continually reduced and automated. The correlations between experiment results and patent descriptions.
▶ No.963188>>963201
>>963130
Do you jerk yourself off on online IQ tests as well pretentious bastard? No one likes what you described, non-spergs just watch the talk and go on with their life, you on the other hand are just utterly retarded.
▶ No.963201>>963261
>>962863 (OP)
On a few non-Intel and non-AMD CPUs, the instruction was documented clearly as being a debug feature (but docs were hard to find bc niche hardware), and even then the real issue was the products shipping with the debug flag turned on.
>>962890
because you didn't watch the video
>>963008
>The best thing to do would be to start right from the beginning.
Intentionally giving the 3 letters a 50 years tech advantage is suicidal (they have infinitely better tools and far more experience), and so is isolating your project from the general public (nobody will help or give feedback for something they won't use).
>>963188
>No one likes what you described
Actions speak louder than words.
▶ No.963205
>>962872
why is net wearing a party hat
▶ No.963233>>963240
>>962863 (OP)
>patent
Why the fuck would they put this in their patents?
▶ No.963240
>>963233
in order to ensure those damned jews from RISC-V don't copy such vital features without any legal repercussions
▶ No.963261
>>963201
>Intentionally giving the 3 letters a 50 years tech advantage is suicidal
People could still use current hardware in the interim. Take, as an analogy, development of a new OS. A new OS is not self-hosting right away. That is no reason to abandon the project. Even once it is self-hosting some tasks cannot be done on the OS. Still not a reason to abandon it.
>they have infinitely better tools and far more experience
Debatable. Even if it were the case, governmental agencies only have as must expertise in technology as they can purchase. The experts in technology come up organically and are then conscripted by agencies. Agents are absolute mongoloids when it comes to technology, hence why they go into such jobs in the first place.
>isolating your project from the general public
I proposed no such thing. On the contrary I specifically stated the need for open hardware. The inability of the average person to fully understand an idea, in this case a hardware design, must not be conflated with an attempt to obfuscate it.
>nobody will help or give feedback for something they won't use
The general public should not be involved in this process. Why would any project aimed at creating open hardware want to invite the general public into the development process? The general public does not have the knowledge necessary to meaningfully contribute and will only get in the way. The new trend of trying to empower the average person and invite him or her into areas he or she is not literate in is a mistake. So many projects are now trying to invite idiots into their ranks. All these new people do is slow down development by introducing more garbage code and features. Now, if a member of the general public is able to educate themselves up to the level necessary to meaningfully contribute, then by all means let them in.
▶ No.963535
▶ No.963580>>963978 >>963987
▶ No.963683
>>963052
>as far as we know
The really damning thing about this talk is the tools and techniques described will almost certainly be applied to more conventional PCs, and I won't at all be surprised if it turns out there's something similar for Intel ME, or Intel in general.
▶ No.963812>>963848
>>963014
but muh amdahl's law
▶ No.963848>>963860
>>963812
meh, the stuff that requires the most performance is also the stuff that they focus on making parallel.
95% Percent of computer use hasn't really changed for the past two decades, meaning that we should be able to get by with (single thread) performance from a decade ago.
Now I you want gaymen, you just have to put physics, ai, sound on the other cores.
Well, the only thing older pc's suffer with is jewtube of course, despite the fact that they can play 1080p without breaking a sweat using mpv.
▶ No.963860>>964356 >>964499
>>963848
I was using a desktop from a decade ago as my main machine until recently. Everything worked fine but YouTube vids at 1080p or 720p60. But with mkv I could play everything but 4k. Idk what Jew shit yt does to cause this.
▶ No.963939
>>963008
>What I want is some fully open shit. Even if it means going back to 1980's tech. The best thing to do would be to start right from the beginning. And make sure that we make no mistakes along the way this time.
The PDP-11 should suffice...
<older UNIBUS models are 100% TTL, down to the CPU
<all schematics, microcode (some don't even need this), and ISA are completely open and documented
<compatible with 2.9 and 2.11BSD (depends on the model), so you have access to C and UNIX tools.
<compatible with early UNIX and C compilers, which were written in assembly (see Reflections on Trusting Trust)
With this, you could have a fully auditable, spook-free and unpozzed development environment. If you wanted, you could use this as a base on which to develop and cross-compile for later systems which are old enough not to be backdoored in hardware (386, 68000, etc), or you could modify/ extend/create your own architecture to include somewhat modern advancements.
▶ No.963978>>963987
>>963580
Nothing to see here, it's just a pure coincidence my friend.
▶ No.963985
The source code he published is pretty cool CPU fuzzing stuff. That alone is a decent framework for detecting similar systems in other CPUs.
▶ No.963987
>>963580
>>963978
100% Cohencidence
▶ No.964112>>964188 >>964312
What if CPU speeds haven't plateaued, but instead all the extra clock was being used to help the intelligence agencies fully monitor our computers?
This would be a copy of how power plants underreport their capacity and use the excess to rapidly evaporate steam to create the weather.
▶ No.964143
I am beginning to think all the other CPU security flaws over the years were red herrings to throw us off of this one.
We need to be scanning all our executable code for instructions that turn on and enable the deep core. Or at least the eggheads who know how to do that should do that.
▶ No.964164>>964192 >>964342
>>962863 (OP)
>The TL:DW is there is a hidden instruction in x86
No, there is a hidden instruction in A VERY SPECIFIC LINE OF X86 PROCESSORS FROM A SINGLE COMPANY MOST OF YOU HAVE NEVER HEARD OF WHICH THE AVERAGE USER IS VERY UNLIKELY TO BE ON.
Jesus fucking christ you niggers make searching for security information extremely difficult. BE ACCURATE!
▶ No.964184
you know he's completely uninformed on the subject and just going in with a hammer?
there are tools to debug and reverse engineer cpus
study guide:
silicon compiler
verilog
VHDL
DARPA
microscope
blackboxed electronics
osciliscope
stop being stupid there's no reason for this where he is
▶ No.964188
>>964112
That started happening around sandy bridge with the intel ME you faggot. It's like javascript bitcoin miners but for the A.I by using your CPU. If you disable the ME your battery life skyrockets with all the idle time you get on a optimized software system like lubuntu or gentoo. Like I got 5+w of idle savings just by disabling ME.
▶ No.964192>>964197
>>964164
Believe that Intel emulates x86 behind 128 synchronized instructions that must be carefully chosen to also create a valid cryptographic hash when salted with the current system timestamp and a hardcoded secret prime instead of toggling this mode with one undocumented instruction. Have faith. Pray.
▶ No.964197
>>964192
The better question is what the fuck is actually under the x86 emulation layer.
▶ No.964312
>>964112
>What if CPU speeds haven't plateaued
CPU speeds started rolling back when engineers worked out that pipelines with 30 stages aren't actually that good. Its better from a performance standpoint to have a shorter pipeline which runs at a slightly lower clock than the opposite.
▶ No.964342>>964537
>>964164
>Missing the point this hard
It's about the fact that it is implemented in something in the first place.
Which makes it more likely that it exists in other products as well.
It's like a world in which ebola only existed in theory. But then in some nigger village you find a nigger with ebola.
You now know that both ebola exists, and that some other villagers are likely infected as well.
▶ No.964356
>>963860
it's several megabytes of javacsript running in the background + poorly optimized html5 media players
▶ No.964358
Good to know that I still got my Z80 board ready.
I only have got to unwrap it from all those layers of aluminum foil.
▶ No.964499
>>963860
web video is dog shit. they don't care about performance. it's literally as shit as it was ~15 years ago with flash. seeking never remotely worked (inb4 XDDD this is a hard engineeering problem XDDDDDDDDDDDDDDDDDD)
and literally all the firefux browsers still grey out the picture and show the loading wheel while the video is playing. even if that was because the stream is choppy or about to pause, you don't have to grey out the entire fucking image. but i often watch entire videos and it doesn't stutter once yet it's still greyed out with the loading wheel
also the UI is fucktarded. why is it like i'm clicking a hyperlink when i click any part of the video????? why can't it just be a normal GUI like VLC where you can click on shit and it responds? there's no evidence that a single thought went into any of the design of the web video player shit
▶ No.964537>>964553 >>964779
>>964342
>It's about the fact that it is implemented in something in the first place.
"Something" being VIA C3 processors. No fucking shit you can backdoor whatever you want if you design the chip. That doesn't equate to a hardware back door in all of X86, as that retard in the OP is claiming.
>Which makes it more likely that it exists in other products as well.
How does causality work in your universe anon? Over in mine, something being done covertly by one company does not impact the possibility of that thing being done covertly by a different company.
▶ No.964553>>964555
>>964537
you are right. no one should lose sleep over this
▶ No.964555
>>964553
You know you have a good argument when the only response are weak strawmen that misrepresent the point you were making.
▶ No.964779
>>964537
VIA demonstrated what's possible, and this man has also provided a framework for people to try doing similar things on other computers. Plus, we already have unauditable trash like Intel ME, it really wouldn't surprise me if it turns out there's something similar to the VIA chips in their CPUs.