Real World Technologies - Forums - Thread: Opteron Exposed: Reverse Engineering AMD K8 Microcode Updates

By: _Arthur (_Arthur.delete@this.globetrotter.net), July 22, 2004 10:01 pm

...that I can pick a rarely-used opcode, say the DAA instruction, and redefine it in microcode to bypass all system protections ?

*Cool* !

I could, say, reprogram that opcode to access ES:[SI| without triggering a memory fault when I read memory outside my own memory space ?

Or, just change the protection level to Ring 0, so my program could execute all protected mode instructions without further ado ?

Of course, WRMSR is itself a protected mode instruction. But once I have managed to execute in on the proper AMD chip, the whole computer would then be insecure, because all the OS and CPU built-in safeties could then be bypassed.

One could also microcode new instructions for something useful, like to speed up (slightly) a SETI search or DiVX encoding...

Now, how long before someone hacks the Intel encoding of their processor patches ?

_Arthur

< Previous Post in Thread

Next Post in Thread >

Topic	Posted By	Date
Opteron Exposed: Reverse Engineering AMD K8 Microcode Updates	Anonymous	2004/07/22 01:39 AM
Opteron Exposed: Reverse Engineering AMD K8 Microc	Dresdenboy	2004/07/22 05:13 AM
Opteron Exposed: Reverse Engineering AMD K8 Microc	AK	2004/07/22 08:49 AM
Opteron Exposed: Reverse Engineering AMD K8 Microc	Dresdenboy	2004/07/22 10:26 AM
the former posting has no new text, continue here	Dresdenboy	2004/07/22 10:32 AM
An addition	Dresdenboy	2004/07/22 08:04 AM
An addition	Anonymous	2004/07/22 02:32 PM
An addition	Dresdenboy	2004/07/22 02:55 PM
Opteron Exposed: Reverse Engineering AMD K8 Microc	tom vier	2004/07/22 08:38 AM
Opteron Exposed: Reverse Engineering AMD K8 Microc	Wouter Tinus	2004/07/22 08:56 AM
Opteron Exposed: Reverse Engineering AMD K8 Microc	Igor	2004/07/23 10:00 PM
Opteron Exposed: Reverse Engineering AMD K8 Microc	Kronos	2004/07/24 02:04 PM
Opteron Exposed: Reverse Engineering AMD K8 Microcode Updates	Max	2004/07/22 01:01 PM
Opteron Exposed: Reverse Engineering AMD K8 Microcode Updates	Anonymous	2004/07/22 05:26 PM
Does that means...	_Arthur	2004/07/22 10:01 PM
Does that means...	Dresdenboy	2004/07/23 03:27 AM
Does that means...	Jan	2004/07/23 07:51 AM
Does that means...	Anonymous	2004/07/23 03:10 PM
Does that means...	Igor	2004/07/23 10:42 PM
Does that means...	Anonymous	2004/07/24 09:53 PM
Does that means...	Igor	2004/07/25 12:08 AM
Does that means...	Anonymous	2004/07/25 12:17 AM
Does that means...	anonymous	2004/07/25 04:31 PM
Does that means...	Igor	2004/07/26 08:42 PM
Permanent viruses	s.chauhan	2004/07/27 12:25 AM
Permanent viruses	Anonymous	2004/07/27 10:42 AM
Finding candidates to replace their microcode	Dresdenboy	2004/08/19 02:06 AM
Finding candidates to replace their microcode	Paul DeMone	2004/08/19 06:22 AM
Finding candidates to replace their microcode	David Kanter	2004/08/19 06:53 AM
Finding candidates to replace their microcode	foobar	2004/08/19 09:55 AM
Finding candidates to replace their microcode	David Kanter	2004/08/19 10:58 AM
Finding candidates to replace their microcode	Anonymous	2004/08/20 01:56 PM
Finding candidates to replace their microcode	hobold	2004/08/23 03:14 PM
Finding candidates to replace their microcode	Dresdenboy	2004/08/19 10:59 AM
Finding candidates to replace their microcode	anonymous	2004/08/19 03:35 PM
Finding candidates to replace their microcode	Anonymous	2004/08/20 02:23 PM
Finding candidates to replace their microcode	Groo	2004/08/20 09:25 PM
Finding candidates to replace their microcode	Dresdenboy	2004/08/21 05:01 AM
Finding candidates to replace their microcode	Anonymous	2004/08/21 04:45 PM
Finding candidates to replace their microcode	anonymous	2004/08/21 09:45 PM
Finding candidates to replace their microcode	Matt Craighead	2004/08/19 01:18 PM
Finding candidates to replace their microcode	Rick C. Hodgin	2004/08/21 04:58 AM
Finding candidates to replace their microcode	anonymous	2004/08/21 09:41 PM
Finding candidates to replace their microcode	Rick C. Hodgin	2004/08/22 08:31 AM
Finding candidates to replace their microcode	anonymous	2004/08/23 08:56 AM

Reply to this Topic
Name:
Email:
Topic:
Body:	No Text _Arthur (_Arthur.delete@this.globetrotter.net) on July 22, 2004 10:01 pm wrote: > ...that I can pick a rarely-used opcode, say the DAA instruction, > and redefine it in microcode to bypass all system protections ? > > Cool ! > > I could, say, reprogram that opcode to access ES:[SI\| without triggering > a memory fault when I read memory outside my own memory space ? > > Or, just change the protection level to Ring 0, so my program could > execute all protected mode instructions without further ado ? > > Of course, WRMSR is itself a protected mode instruction. But once I have managed > to execute in on the proper AMD chip, the whole computer would then be insecure, > because all the OS and CPU built-in safeties could then be bypassed. > > One could also microcode new instructions for something useful, > like to speed up (slightly) a SETI search or DiVX encoding... > > Now, how long before someone hacks the Intel encoding of their processor patches ? > > _Arthur
How do you spell green?

Does that means...

Editor’s Picks

PhysX87: Software Deficiency

The Common System Interface: Intel’s Future Interconnect

Intel’s Sandy Bridge Graphics Architecture

RWT on Twitter