18 thoughts on “Breaking the x86 Instruction Set”

  1. read this then close your eyes and listen carefully: this man is a Jedi Knight of the Microsoft universe. He is SO OP that even darth vader choking him can't stop him from revealing Intel's flaws

  2. Oh boy. And now it's been revealed that Intel chips created in the past decade have a kernel memory leak "bug"/backdoor. Well, at least the Intel CEO sold as many shares as he could during Q4…

  3. Have you considered searching for executables/dlls/drivers that use these undocumented instruction opcodes, and attempting to figure out from the context of how they're used what they're attempting to accomplish? e.g. is there anything in the Windows OS that uses them? What would be the best way of doing this… some kind of antivirus scanning engine that contains the undocumented opcodes as signatures?

  4. I was wondering if someone could help me with this. How do we observe that the length of the instruction has changed? Is the CPU generating some exception/fault that reveals that the length is incorrect?

  5. I've been under attack for over a year… blindly burning through equipment I thought it was DMA attack… but definitely APIC remapping. Also my samsung AMD Quad-Core A6-3420M stopped in mid function and never came back. Rootkit in the SMM ram explains everything.. all of the 0xFFFFFFFF bytes. Though I am late to the party I will secure my network one day.

  6. Given the recent car emissions scandal, I wonder whether we will see chip manufacturers incorporate similar 'test scenario detection' algorithms to prevent this kind of scanning in future? It would only mean throwing an undefined opcode exception for undocumented instructions if the processor thinks it's being probed, so there would be no problems for normal execution.

  7. I wonder how often you stumbled upon "software dialing some Russian website", since Russian VPSVDS are still ridiculously expensive comparing to the rest of the world. If you just want people in the auditory immediately shit bricks why not to mention some Redmond website or, I dunno, Chinese?

  8. Awesome. Excellent presentation. Am unable in late October, 2017 to yet find disclosure on the new HCF bug.

  9. What about responsibility to the general public. 40:17 sounds serious. Must know which processor this is to prevent house burn down ! 😉 Want to buy new PC… don't want to buy that processor that locks up. Could be anything… Intel or AMD.

Leave a Reply