DEF CON 25 - Christopher Domas - Breaking the x86 Instruction Set

Рет қаралды 19,710

DEFCONConference

Күн бұрын

Пікірлер: 22

@lightarmanov6266 7 жыл бұрын

This is the coolist thing I've seen in a long time

@saeedradmehr1976 5 жыл бұрын

Really good and simple too, I'm inclined to think this hadn't been done before because of legal obstacles rather than being hard to do. But any how it was really really nice to see this talk.

@devjock 7 жыл бұрын

I had a feeling Christopher already knew what we know now..

@derek5863 7 жыл бұрын

Agree, this is gold. I think there are many other angles from this presentation that we haven't even started to investigate.

@derek5863 7 жыл бұрын

The 'Halt and Catch Fire' instruction would be great if it triggered a processor destruction charge i.e. hardware anti-tampering method supporting FIPS 140-2 or one time use secure message device - James Bond style.

@jonharson 6 жыл бұрын

Its all fun and game until you find out that CPU controlling a nuclear power plant emergency controls.

@Awcator Жыл бұрын

That was hell lot of knowledge transfer

@RandallStephens397 7 жыл бұрын

This is terrifying.

@SupGhostly 6 жыл бұрын

Why is it terrifying?

@TheGoodChap 2 жыл бұрын

@@SupGhostly do you know about the NSA? Snowden?

@SupGhostly 2 жыл бұрын

@@TheGoodChap I do not. pretty new to security world, but would love to read more if you point me to a good article please

@5n0Wg00n5 7 жыл бұрын

Brilliant..

@xdman2956 Жыл бұрын

29:30 is the highlight for me

@anteconfig5391 6 жыл бұрын

I feel like it's dumb for me to ask but aren't the "rings" (0,1,2,3 ), SMM and other security modes designated by the operating system, so I'm thinking that if you wrote a small OS you wouldn't have those privileged modes of execution if you didn't program them in. So my question is am I right to think this or am I just wrong?

@SpookySkeleton738 6 жыл бұрын

The rings, hypervisor and SMM are all hardware features built into the CPU and chipset. What belongs in Rings 0 and 3 are designated by the kernel, everything below is firmware-level.

@TheGoodChap 2 жыл бұрын

They're a part of the cpu hardware, smm and other low level operations and modes can only be accessed by special instructions in the instruction set that can't be used for anything else. Technically your computer boots from bios thinking it's a tiny cpu from the 1970s and you have to set all kinds of special registers and things during boot up to make it realize it's a modern fully featured cpu.

@73h73373r357 6 жыл бұрын

Wait, didn't he violate responsible disclosure by telling us that the HaCF instruction exists, right after laying out the methods he used to find it?

@nullplan01 6 жыл бұрын

In theory yes. In practice you now have to find manufacturer (he was using smaller manufacturers like TransMeta and VIA, remember), and then the specific chip he found the instruction on. Happy hunting!

@dorukayhanwastaken 5 жыл бұрын

This is Intel we're talking about. Anything less than immediate full disclosure might as well be no disclosure.

@kimotroph9683 3 жыл бұрын

Haha. Yeah right. That's why its DEFCON.

@cn9630 Жыл бұрын

A CONCERN: "A VIA x86 Chip was found to have a tiny processor within it. It had it's own operating system (Minix) and bypassed ALL security at the hardware level. It's called the ARC Processor & you can bet it was developed in Israel for worldwide distribution."

@cn9630 Жыл бұрын

Timestamp 50:03 on KZbin vid: "179. James O'Keefe & The Deep State, Ukraine, Mike Gill & The..." On Brendon Lee O'Connell channel.