Old Intel processors: vulnerable to rootkits New Intel processors: shipped with rootkits

this blew me away. dude looks like Cypher from The Matrix, too.

I like the "oh btw I made a c compiler that only compiles to mov instructions". Jesus Christ......

This Guy is a Frickin God

This guy essentially started the whole Intel CPU security fiasco nowadays... Before this day, no one thought the CPU could be this vulnerable.

Of course, change that last 3 to a 4 to root that system. Every presentation this guy gives is amazing!

I've worked my way back from more recent talks to here, and every single talk by this guy is awesome, he's just amazing. Half the time I'm just sitting here in disbelief with a stupid grin on my face.

Lol! Perfect bug for sales. "All old processors are vulnerable and can't be fixed. Quick! Buy our new crap!"

27:35 validate the limit: `8026: test ax,ax; jz invalid_gdt`, validate the base: `802F: test eax,eax; jz invalid_gdt` - Can be mitigated with BIOS flash.

Brilliant find but since it requires Ring 0 access to implement the rootkit you need to work along other exploits to get to that level - or secret services modifying whole shipments prior of delivery.

lol the talk was just amazing... the selfie was the cherry on top.

"really this is unpatchable" and i believe him. this guy was talking alien to me

This guy is of a special breed... not many left like him.. to get into ring -2 with 4 BYTES of code is God like.

i do miss this guy, hope hes done some amazing things while working at intel. rosenbridge was never released, I guess what he stumbled upon was so powerful and so close to getting the concept to work.

People like this are invaluable

I had sworn the introducer walked away and came back. But then I rewinded it and saw the beard differed

This is a Beautiful thing.

"We must go deeper." Ringception?

This is probably the 1337est presentation I've watched. If you know of a crazier (or even comparable) hack please please please, let me know.

the brother hood of nod selected

There is an error at 3:25, when he typed the last `whoami` it should have said: # whoami God

On a scale of 1 - 10 how genius is this guy? Yes.

If you can't punt the ball - move the field ...

I was grinning like a maniac while watching this. An incredible finding. Bloody brilliant!

How does this not have dozens of times the views???

If Intel fixed the issue in Sandybridge, doesn't that imply that they were aware of the issue at some point prior to Sandybridge's release? Given the wide-reaching implications of this exploit (a Ring 0 breach elevating to Ring -2 potentially renders the system hardware itself untrustable from that point forwards), shouldn't Intel have immediately disclosed knowledge of this flaw so that security policies could be updated to account for the increased scope of vulnerability?

Great talk. And also very lucky that the SMM code was written in a way that helped sinkhole.

OK, trying to get my head around how you go from Ring 3 to Ring -2, _via Ring 0 which you've ALREADY cracked_ (the granting of Root to a Ring 3 process essentially just being a nice side effect and probably possible with the rootkit alone)... is the crucial thing the installation of that Rootkit, as a system driver? Thus making this actually a two-stage vulnerability: the extremely edge-case CPU attack is the second layer, and just as important is the security hole in either the operating system proper, or the user's head, allowing installation of (and thus granting of ring 0 privileges to) unsigned drivers one way or the other?

you are a beautiful creature domas!

Since the SMM code can't be highjacked at run-time, how about changing the *actual* SMM code and injecting the rootkit there? 1. If the SMM code resides in ROM (EPROM, FLASH), the game would be over. 2. However the code shown in the presentation is self-modifying so SMM code resides in RAM and it must be writeable by the CPU. Let's explore what happens when the computer starts: The system memory contents in largely unpredictable (zeroes, FFs, garbage, operating system leftovers...) and thus no usable code may run from RAM until the computer loads something in it. Therefore if SMRAM resides in normal RAM (your trusty DIMMs), the system management code must be first copied there from BIOS memory (ROM/firmware) by the BIOS. That means that BIOS code needs to be able to override (disable) the MCH SMM memory protections so that it can copy the SMM code and data into RAM whilst *not* running in SM mode. If any SMI interrupt was triggered before the code is completely copied over, it would probably reset the machine so it's very likely the SMI interrupts need to be disabled by the BIOS until SMM is safe to execute. All the keys to this must lie in the computer firmware (the BIOS): the actual SMM code, the SMM initialization, MCH protection mechanism control, etc. It's quite possible that once MCH SMM memory protections are enabled by the BIOS, the protections can no longer be disabled by anything, i.e. it would be a one way hardware latch. However, this is just a conjecture. It would be worth the effort to disassemble (possibly after decrypting) the BIOS and SMM code and see how it's actually installed in RAM. Secondly, see if it's possible to modify the SMM code in the firmware image before flashing it. It is probably encrypted and digitally signed but the signature checks might be overridden by modifying the BIOS code checking them. Not easy but not impossible either. Since it took me just a while to come up with these ideas, I'm probably not the first to do so and these possible attacks have already been dealt with. 3. What happens if the computer has no DIMMs installed? Does the SMM code still run (perhaps from BIOS ROM)? Does power management, USB keyboard emulation and other SMM features work without DIMMs? If so, then it's very likely SMRAM resides in its own dedicated physical memory integrated into the chipset and not in DIMMs. Anyway, these are just my ideas after watching this jaw-dropping presentation at 2am. :)

a gestalt vulnerability, interesting amazing talk

I wonder how is the discovery of this type of vulnerability. Such thing could be a much more valuable asset than 'here is another exploit'. How is the process of finding such labyrinth of forgotten backdoors?

Heh, unreal mode. 32-bit addressing without memory protection of any kind. Pretty much the backbone of XMS memory.

It takes a lot of dedication, intelligent, and craziness to test this out

Absolutely brilliant presentation. Stunning!

Great talk. Great speaker

Mind boggling. And terrifying.

Outstanding work

This i by far the most insane exploit i've seen so far

This guy...

This really reminds me of arbitrary code execution in console games.

Really good talk!

And here we have Kane, before he gets involved with the Nod

Amazing work. Also somewhat terrifying.

3:01 magic

ty chris domas - this & the hidden risc core in x85; such awesome research. lol so d0pe!

"design flaw" is a funny way of saying backdoor .-.

soon there will be Ring -9999

Wouldn't it help to add a few checks into the SMM interrupt routine? Are the numbers returned within a certain range? Maybe add some changing (as in stack protection) magic numbers where the APIC doesn't have its writable registers?

Does it affect my abacus?

Wow, that was beautiful. But seriously, Lord of the Rings, i.e. Intel, how many rings do we need? In 10 years there'll be ring -10.

fantastic talk

awe :( I was hoping to get ring -2 access to my pc

Did you highlight the wrong entry in the GDTs? You have the null entry and then entry 0x8, and then 0x10 as the third entry. You have two between it...

HIs first attempt reminds me of Commodore 64 code, where you also sometimes make the processor execute code in IO registers... Not for the same purpose of course... just to save some cycles

For a malicious virus, you could make a fake driver that installs the Ring -2 rootkit. Drivers run in Ring 0 (or ring 1 or ring 2 on really old OSes).

Going beyond the 68k instruction set was a mistake

Any suggestion for hardware/software tools for hack/reversing?

But can you do it in 0x A Presses?

isn't ring 0 like the most root ring? negative rings for vm's and positive for normal apps?

pure sorcery.

How does one even go about making a mov instruction compiler...? Is there some sort of BNF notation on how it interprets stuff?

At a time of writing this comment, there were 30 high-positioned intel employees watched this video.

Beastmode.

By design

So you can install a rootkit that's quite literally _impossible_ to detect, because the processor architecture has been designed for that code to be impossible to access by anything, no matter what you do. And this isn't supposed to sound scary?

24:40 What is ropping? I don't understand the phrase "APIC-ropping"

AMD's backdoor is finally coming into the spotlight.

I thought it was fixed back in the 90'th, the flaw was well documented in a 3x86-architecture guide book to be check by the basic operarating system (build386 this time). There where even an special interrupt and jump gate for this type of security problem.

He kinda slides by the fact that you must have Ring 0 before you can Take over Ring -2. His first demo shows what you can do AFTER you have compromised the system. Overall scary great talk, but the misdirection in the first 10 minutes was a cheap coin trick.

What is ropping?

Cipher himself.

Around the 21 minute mark - I'd be curious to know if he got any inspiration from the Super Mario World speedrun glitch where they used game state to code an overflow. kzbin.info/www/bejne/fqmpmWR5f7Slirc edit nevermind this was 2 years ago

Impressive !!

kind of nevermind reading the rest of this. The attack is based on the Intel template EFI code. Just mung that in some way that breaks the SMM exploit but is otherwise harmless. You know, the same way practically all ring0 code is obfuscated. Do that. It seems just mitigate it by just ensuring that the only place ring0 code can be executed by the SMM doesn't contain malicious code. Just make sure that that segment always contains a specific piece of non-malicious data, and if it ever doesn't contain that, reset the system. It would make it close to impossible time-wise to ever _not_ reset the system by trying this exploit. You'd also have to leave most of the SMM code intact if you wanted an invisible backdoor, so just alter other parts of the SMM code to integrity-check the SMM code.

My computer just became a doorstop.

Mind = blown

Lets just start all over and make ring 4 and everything goes there

Hail Domas!

I just found out what I want to do with my life.

why do all the speakers at black hat conferences use windows? when clearly a lot of their work in done on linux / in unix environments?

this is some fascinating shit

Def a wizard, the different hats, this magic it all makes sense now.

Next level

my mind is blown

Cool! This will make my crypto mining malware so much better!

Boss lvl 99 ?!

I'm scared to like this. Hello CIA. I am not using this for any evil, it's for research purposes ONLY. Quit stalking me

what a god.

I must've missed how he wrote to address 0 from Ring 3? Anyone catch that?

I saw this guy eating steak with Agent Smith in the Matrix.

0.75x obviously

How the hell does he know all of this stuff?

How Does The Ve Keep The Hat Going On Industrial Encroachment Of The Growth Sector ?

Descriptor descriptor

What keeps me working is nes roms and their memory locs.

Whaaat the fuuuuck

I'm not sure I understand the point of this. You start in Ring 0 which means you already control the system.

I've been watching "Hydraulic Press Channel" - crushing things for fun. But this guy can press much harder. I'm imPRESSed! So, moving things is Touring Complete? Kind of obvious, reality is "moving things", and nothing more. I presume that reality is Touring Complete :) And now we have "Reality" compiler, nice...

Dome Ass XD