[Chugalug] x86 "god mode" hack

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

[Chugalug] x86 "god mode" hack

David White-2
Anyone using a VIA C3 chipset from 2003?

Fascinating stuff...

_______________________________________________
Chugalug mailing list
[hidden email]
http://chugalug.org/cgi-bin/mailman/listinfo/chugalug
Reply | Threaded
Open this post in threaded view
|

Re: [Chugalug] x86 "god mode" hack

Billy
Wow. That’s scary. Scary how smart this dude is to find it. Scary that he found it. Scary that it exists  Scary that VIA thought this was a good idea. Scary we don’t know what other chips have this.

I viewed his GitHub.

He brute forced the secret “turn on” instruction.

Then he disassembled a subset of the RISC instruction set of this core. He wrote his own assembler wrapper for it.

Then he wrote a sample exploit, checker, and finally fixer (disabler).

He made a cluster of old workstations to do this, set them up as worker nodes, and created a job controller to manage it and collect the logs, and reset the power state (when things crashed as they did often).

Then he wrote a parser to analyze the logs and perform heuristics to determine instruction patterns, then created his own symbol table to label them. That’s what he based his exploit on.

Wow.

Smart dude.

--b

On Aug 10, 2018, at 2:12 PM, David White <[hidden email]> wrote:

Anyone using a VIA C3 chipset from 2003?

Fascinating stuff...
_______________________________________________
Chugalug mailing list
[hidden email]
http://chugalug.org/cgi-bin/mailman/listinfo/chugalug

_______________________________________________
Chugalug mailing list
[hidden email]
http://chugalug.org/cgi-bin/mailman/listinfo/chugalug
wes
Reply | Threaded
Open this post in threaded view
|

Re: [Chugalug] x86 "god mode" hack

wes
This kind of stuff is exactly why I say that running a software firewall on the same box as your sensitive data is pointless. They need to be separated at the hardware level.

-wes

On Fri, Aug 10, 2018 at 8:46 PM, Billy <[hidden email]> wrote:
Wow. That’s scary. Scary how smart this dude is to find it. Scary that he found it. Scary that it exists  Scary that VIA thought this was a good idea. Scary we don’t know what other chips have this.

I viewed his GitHub.

He brute forced the secret “turn on” instruction.

Then he disassembled a subset of the RISC instruction set of this core. He wrote his own assembler wrapper for it.

Then he wrote a sample exploit, checker, and finally fixer (disabler).

He made a cluster of old workstations to do this, set them up as worker nodes, and created a job controller to manage it and collect the logs, and reset the power state (when things crashed as they did often).

Then he wrote a parser to analyze the logs and perform heuristics to determine instruction patterns, then created his own symbol table to label them. That’s what he based his exploit on.

Wow.

Smart dude.

--b

On Aug 10, 2018, at 2:12 PM, David White <[hidden email]> wrote:

Anyone using a VIA C3 chipset from 2003?

Fascinating stuff...
_______________________________________________
Chugalug mailing list
[hidden email]
http://chugalug.org/cgi-bin/mailman/listinfo/chugalug

_______________________________________________
Chugalug mailing list
[hidden email]
http://chugalug.org/cgi-bin/mailman/listinfo/chugalug



_______________________________________________
Chugalug mailing list
[hidden email]
http://chugalug.org/cgi-bin/mailman/listinfo/chugalug