xoreaxeaxeax / rosenbridge Goto Github PK
View Code? Open in Web Editor NEWHardware backdoors in some x86 CPUs
License: MIT License
rosenbridge's People
Stargazers
Watchers
Forkers
sgnls olivierh59500 xeddmc gavz ezneh cxz cephurs baakka jwilk-forks c0dak fatgrass edrolo-paulm denisse-dev nguyendat marklofff nang01t2 howknows self20 johnjohnsp1 dothanthitiendiettiende nullart2 rholais raminfp p0prxx neichen yourmoonlight secureplanet07 niksonx ritter0715 mewbak seabreg datenwolf cryptonic01 d-ned 0x6b386f totoroha colinianking oneiroi op-bb pianomanx daliandragon intfrr superdong0 techlord-rce fingerleakers sigma-random wanghusheng marcogomex norcimo5 4144 u20024804 codeinearts hmahal security-geeks xet7 fkhadra pigletgo linecode mpujari snakewarhead f0829 infernalheaven mehrdad-shokri akpotter joncampbell123 benaryorg sharpsho0ter nanangarsyad shalekesan omensec locussam shaunstanislauslau sayers522 ikarius6 thinkreed renhua destinyd vadmus cpkt9762 larrycameron80 cheftimothyng yanbf188 taohexx r0ug3 midhlajvs gridl wlad-tk rhalp10 zenzue dstrbad webmalex tjwallas jdiazmx oxoocoffee coolboy4me sftwrngnr kevin2k16 kirilldanshin lager1 wuyohee2004rosenbridge's Issues
How was the rosenbridge coprocessor, and its instruction set, discovered?
I think this is the penultimate question on everyone's minds right now.
Okay, so sandsifter did the heavy lifting; but that just firehoses random instructions at the CPU and looks for interesting results. That sounds like it would generate a nontrivial amount of noise - not so much so as to make the whole process overly tedious or simply unviable, but enough that skill and experience would be paramount to figure out what's worth following up on and what can be safely discarded.
But sandsifter just deals in discovery, and (in this case) to a very rudimentary extent - sandsifter was designed to find oddness in x86 CPUs, not entirely new processor architectures!
I am very interested to find out how you went from "hmm, that's weird" to pinpointing/establishing the very existence of the coprocessor, to identifying 21 of its instructions - and the x86 wrappings!
Also, in the same way a fighter pilot might share how to start up and fly an F-18, would you mind sharing how work on the assembler could be furthered by anyone with a VIA C3 who's interested in playing with this beyond going "huh, it's vulnerable"?
Please tell us that research papers and/or in-depth blog posts are in the pipeline. :)
And thanks, too. This is really awesome. ME, eat your heart out.
fatal error: 'bits/libc-header-start.h' file not found - on ide.CS50.com
Hello. I learn CS50 course and have one problem with compiling some program on web-server ide.CS50.com
I think, that I'm trying to compile 32-bit program on 64-bit machine.
I'm trying every solution that I can found:
- Added -m32 in every line of make file.
- Checked tab-symbols in every line of make file.
- Tryed to install "sudo apt-get install gcc-multilib g++-multilib", "sudo apt-get install gcc-multilib" and "sudo apt install libc6-dev-i386" but saw the massage with "Failed to fetch".
Please, help.
List of affected Intel CPUs
@xoreaxeaxeax
Do you know if there is a publicly available list of affected Intel CPU's somewhere?
Would your team, consider to make one available?
check.c doesn't compile on mac
Not sure if this is something by design.
Testing on a macOS 10.13.3.
gcc: recompile with fPIC
When I run cd rosenbridge/util && make on Arch I get the following error:
mkdir -p bin
gcc check.c -o ./bin/check
/usr/bin/ld: /tmp/ccWOkfZ4.o: relocation R_X86_64_32 against `.text' can not be used when making a PIE object; recompile with -fPIC
/usr/bin/ld: final link failed: nonrepresentable section on output
collect2: error: ld returned 1 exit status
make: *** [Makefile:5: bin/check] Error 1
I tried adding -fPIC to gcc in the makefile but I get the same result.
FreeBSD support?
I wonder if we can get FreeBSD, and maybe other *BSD too.
Alternate instruction set is a known VIA C3 feature
It was pointed out on Hacker News that alternate instruction execution is a known feature of VIA C3 processors:
http://datasheets.chipdb.org/VIA/Nehemiah/VIA%20C3%20Nehemiah%20Datasheet%20R113.pdf, page 82
Assembler message on Ubuntu 18.04
I get the error after this gcc demo.c -o demo
demo.c:11: Error: `bound' is not supported in 64-bit mode
project nightshyft link at end of white paper is down
link to whitepaper got from there https://www.blackhat.com/us-18/briefings/schedule/#god-mode-unlocked---hardware-backdoors-in-x86-cpus-10194 , last page reference #11 is down
Build fail
Build fails with:
> make
mkdir -p bin
gcc check.c -o ./bin/check
/usr/bin/x86_64-linux-gnu-ld: /tmp/ccceCtgC.o: relocation R_X86_64_32 against `.text' can not be used when making a PIE object; recompile with -fPIC
/usr/bin/x86_64-linux-gnu-ld: final link failed: Nonrepresentable section on output
collect2: error: ld returned 1 exit status
Makefile:4: recipe for target 'bin/check' failed
make: *** [bin/check] Error 1
Environment details:
> lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 18.04.1 LTS
Release: 18.04
Codename: bionic
> uname -a
Linux antrix.scaleninja.com 4.15.0-34-generic #37-Ubuntu SMP Mon Aug 27 15:21:48 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
> cpuinfo:
processor : 0
vendor_id : GenuineIntel
cpu family : 6
model : 94
model name : Intel(R) Xeon(R) CPU E3-1505M v5 @ 2.80GHz
stepping : 3
microcode : 0xc6
cpu MHz : 800.042
cache size : 8192 KB
physical id : 0
siblings : 8
core id : 0
cpu cores : 4
apicid : 0
initial apicid : 0
fpu : yes
fpu_exception : yes
cpuid level : 22
wp : yes
flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx pdpe1gb rdtscp lm constant_tsc art arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc cpuid aperfmperf tsc_known_freq pni pclmulqdq dtes64 monitor ds_cpl vmx smx est tm2 ssse3 sdbg fma cx16 xtpr pdcm pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand lahf_lm abm 3dnowprefetch cpuid_fault epb invpcid_single pti ssbd ibrs ibpb stibp tpr_shadow vnmi flexpriority ept vpid fsgsbase tsc_adjust bmi1 hle avx2 smep bmi2 erms invpcid rtm mpx rdseed adx smap clflushopt intel_pt xsaveopt xsavec xgetbv1 xsaves dtherm ida arat pln pts hwp hwp_notify hwp_act_window hwp_epp flush_l1d
bugs : cpu_meltdown spectre_v1 spectre_v2 spec_store_bypass l1tf
bogomips : 5616.00
clflush size : 64
cache_alignment : 64
address sizes : 39 bits physical, 48 bits virtual
power management:
Fails to compile on GCC 7.3.0 (Ubuntu)
There's some issues trying to compile:
$ LC_ALL=C gcc -O0 -fPIC --save-temps check.c -o bin/check
/usr/bin/x86_64-linux-gnu-ld: check.o: relocation R_X86_64_32 against `.text' can not be used when making a PIE object; recompile with -fPIC
/usr/bin/x86_64-linux-gnu-ld: final link failed: Nonrepresentable section on output
collect2: error: ld returned 1 exit status
Compiler used.
$ LC_ALL=C gcc --version
gcc (Ubuntu 7.3.0-16ubuntu3) 7.3.0
Copyright (C) 2017 Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Linker fails on Ubuntu 18.04
mkdir -p bin
gcc check.c -o ./bin/check
/usr/bin/x86_64-linux-gnu-ld: /tmp/ccvtUcwF.o: relocation R_X86_64_32 against `.text' can not be used when making a PIE object; recompile with -fPIC
/usr/bin/x86_64-linux-gnu-ld: final link failed: Nonrepresentable section on output
collect2: error: ld returned 1 exit status
Makefile:4: recipe for target 'bin/check' failed
make: *** [bin/check] Error 1
Confirm doesn't work on VIA C7 CPU
I tested the backdoor and I can confirm that it doesn't work on VIA C7 CPU:
PS: Sorry for the picture with my smartphone, I can't install a screenrecorder because the space on the flash memory is limited.
Do any of your projects compile?
doug@doug-dt:~/code/cpufuzz/rosenbridge/util$ make CFLAGS=-mcmodel=small\ -fno-pic\ -fno-PIC\ -fno-pie\ -fno-PIE
mkdir -p bin
gcc check.c -o ./bin/check
/usr/bin/x86_64-linux-gnu-ld: /tmp/cc3CVzsx.o: relocation R_X86_64_32 against `.text' can not be used when making a PIE object; recompile with -fPIC
/usr/bin/x86_64-linux-gnu-ld: final link failed: Nonrepresentable section on output
collect2: error: ld returned 1 exit status
Makefile:4: recipe for target 'bin/check' failed
make: *** [bin/check] Error 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.