HomeAboutMailing ListList Chatter /0/0

x86 "god mode" hack

2018-08-10 by: David White
From: David White 
Anyone using a VIA C3 chipset from 2003?

Fascinating stuff...

=============================================================== From: Billy ------------------------------------------------------ Wow. That=E2=80=99s scary. Scary how smart this dude is to find it. Scary th= at he found it. Scary that it exists Scary that VIA thought this was a good= idea. Scary we don=E2=80=99t know what other chips have this. I viewed his GitHub. He brute forced the secret =E2=80=9Cturn on=E2=80=9D instruction. Then he disassembled a subset of the RISC instruction set of this core. He w= rote his own assembler wrapper for it. Then he wrote a sample exploit, checker, and finally fixer (disabler). He made a cluster of old workstations to do this, set them up as worker node= s, and created a job controller to manage it and collect the logs, and reset= the power state (when things crashed as they did often). Then he wrote a parser to analyze the logs and perform heuristics to determi= ne instruction patterns, then created his own symbol table to label them. Th= at=E2=80=99s what he based his exploit on. Wow. Smart dude. --b

=============================================================== From: wes ------------------------------------------------------ This kind of stuff is exactly why I say that running a software firewall on the same box as your sensitive data is pointless. They need to be separated at the hardware level. -wes that he e d l