

# Breaking the x86 ISA

{ domas / @xoreaxeaxeax / Black Hat 2017



& Christopher Domas  
✉ Cyber Security Researcher @  
Battelle Memorial Institute

[./bio](#)

# The x86 ISA

& 8086: 1978  
& A long, tortured history...

# x86: evolution

## \_modes:

- ☒ Real mode
  - ☒ & “unreal” mode
- ☒ Protected mode
- ☒ Virtual 8086
- ☒ System Management Mode
- ☒ Long mode
  - ☒ Compatibility mode

## & Instruction set extensions

- & X87
- & IA-32, X86-64
- & MMX, 3DNow!
- & SSE, SSE2, SSE3, SSSE3,  
SSE4, SSE4.2, SSE5
- & AES-NI, CLMUL,  
RdRand, SHA
- & MPX, SGX
- & XOP, F16C
- & ADX
- & BMI
- & FMA
- & AVX, AVX2, AVX512
- & VT-x, AMD-V
- & TSX, ASF

# x86: evolution

# x86: evolution

- ¶ Modern x86 chips are a **complex labyrinth** of new and ancient technologies.
  - ☒ Things get lost...
- ¶ 8086: 29,000 transistors
- ¶ Pentium: 3,000,000 transistors
- ¶ Broadwell: **3,200,000,000** transistors



Trust.

- ¶ We don't trust software.
  - ☒ We audit it
  - ☒ We reverse it
  - ☒ We break it
  - ☒ We sandbox it



Trust.

¶ But the processor itself?  
☒ We blindly trust

A dark background featuring a faint, light-colored circuit board pattern with various lines, nodes, and components.

Trust.

- ¶ *Why?*
- ¶ Hardware has
  - all the same problems as software
- ¶ Secret functionality?
  - ☒ Appendix H.
- ¶ Bugs?
  - ☒ FOOF, FDIV, TSX, Hyperthreading, Ryzen
- ¶ Vulnerabilities?
  - ☒ SYSRET, cache poisoning, sinkhole



Trust.

& We should stop  
blindly **trusting** our hardware.



¶ What do we need to worry about?

# Backdoors

¶ Well known from software

☒ ProFTPD

```
☒ if [strcmp(target, "ACIDBITCHEZ") == 0] {  
    setuid(0); setgid(0); system("/bin/sh;/sbin/sh");  
}
```

☒ Borland Interbase

```
☒ politically:correct
```

☒ Linux kernel

```
☒ if [(options == (__WCLONE|__WALL)) &&  
       (current->uid = 0)] retval = -EINVAL;
```

☒ Juniper Netscreen firewalls

```
☒ "<<< %s[un='%s'] = %u"
```

# Backdoors

## & Hardware

- ☒ FPGAs
  - ☒ Actel/Microsemi ProASIC3
- ☒ Hypervisors
  - ☒ mov eax, 564D5868h / mov dx, 5658h / out dx, eax
- ☒ Supply chain
  - ☒ “A2” - Single gate backdoor added during fabrication
- ☒ Microcode
  - ☒ ???



# Hidden instructions

& Could a hidden instruction  
unlock your CPU?

# Hidden instructions

- ❖ Historical examples

- ❖ ICEBP (f1)
- ❖ LOADALL (0f07)
- ❖ apicall (0ffff0)

Table A-2. One-byte Opcode Map: (00H – F7H) \*

|   | 0                                                    | 1                                                 | 2                             | 3                                                             | 4                                        | 5                                         | 6                           | 7                           |
|---|------------------------------------------------------|---------------------------------------------------|-------------------------------|---------------------------------------------------------------|------------------------------------------|-------------------------------------------|-----------------------------|-----------------------------|
| 0 | Eb, Gb                                               | Ev, Gv                                            | Gb, Eb                        | Gx, Ev                                                        | AL, Ib                                   | rAX, Iz                                   | PUSH ES <sup>64</sup>       | POP ES <sup>64</sup>        |
| 1 | Eb, Gb                                               | Ev, Gv                                            | Gb, Eb                        | Gv, Ev                                                        | AL, Ib                                   | rAX, Iz                                   | PUSH SS <sup>64</sup>       | POP SS <sup>64</sup>        |
| 2 | Eb, Gb                                               | Ev, Gv                                            | Gb, Eb                        | Gx, Ev                                                        | AL, Ib                                   | rAX, Iz                                   | SEG=ES<br>(Prefix)          | DAA <sup>64</sup>           |
| 3 | Eb, Gb                                               | Ev, Gv                                            | Gb, Eb                        | Gx, Ev                                                        | AL, Ib                                   | rAX, Iz                                   | SEG=SS<br>(Prefix)          | AAA <sup>64</sup>           |
| 4 | eAX<br>REX                                           | eCX<br>REXX                                       | eDX<br>REXX                   | eBX<br>REXXB                                                  | eBP<br>REXXR                             | eBP<br>REXXB                              | eSI<br>REXXR                | eDI<br>REXXB                |
| 5 | iAXr8                                                | iCXr9                                             | iDXr10                        | iBXr11                                                        | iSPr12                                   | iPR13                                     | iSi14                       | iDi15                       |
| 6 | PUSHA <sup>64</sup><br>PUSHAD <sup>64</sup>          | POPA <sup>64</sup><br>POPAD <sup>64</sup>         | BOUND <sup>64</sup><br>Gv, Mx | ARPL <sup>64</sup><br>Ew, Gw<br>MOVSD <sup>64</sup><br>Gx, Ev | SEG=FS<br>(Prefix)                       | SEG=DS<br>(Prefix)                        | Operand<br>Size<br>(Prefix) | Address<br>Size<br>(Prefix) |
| 7 | O                                                    | NO                                                | BNAE/C                        | NBNE/NC                                                       | ZE                                       | NZNE                                      | BE/A                        | NBE/A                       |
| 8 | Immediate Grp 1 <sup>1A</sup>                        |                                                   |                               |                                                               | TEST                                     |                                           | XCHG                        |                             |
|   | Eb, Ib                                               | Ex, Iz                                            | Eb, # <sup>64</sup>           | Ev, Ib                                                        | Eb, Gb                                   | Ev, Gv                                    | Eb, Gb                      | Ev, Gv                      |
| 9 | NDP<br>PAUSE(F3)<br>XCHG r, rAX                      | iCXr9                                             | iDXr10                        | iBXr11                                                        | iSPr12                                   | iPR13                                     | iSi14                       | iDi15                       |
| A | AL, Os                                               | rAX, Cv                                           | Gb, AL                        | Ov, rAX                                                       | MOVS/B<br>Ys, Xb                         | MOVS/W/D/Q<br>Ys, Xv                      | CMPS/B<br>Xs, Yb            | CMPS/W/D<br>Xs, Yv          |
| B | AL/RBL, Ib                                           | CURSL, Ib                                         | DUR10L, Ib                    | BUR11L, Ib                                                    | AHR12L, Ib                               | CHR13L, Ib                                | DHR14L, Ib                  | BHR15L, Ib                  |
| C | Shift Grp 2 <sup>1A</sup>                            |                                                   | near RET <sup>64</sup><br>Iw  | near RET <sup>64</sup>                                        | LES <sup>64</sup><br>Gz, Mp<br>VEX+2byte | LDS <sup>64</sup><br>Gz, Mp<br>VEX+16byte | Gp 11 <sup>1A</sup> - MOV   |                             |
|   | Eb, Ib                                               | Ex, Iz                                            |                               |                                                               |                                          |                                           | Eb, Ib                      | Ex, Iz                      |
| D | Shift Grp 2 <sup>1A</sup>                            |                                                   |                               |                                                               | AAM <sup>64</sup><br>Ib                  | AAD <sup>64</sup><br>Ib                   |                             | XLAT/<br>XLATB              |
| E | LOOPNE <sup>10</sup> /<br>LOOPNZ <sup>64</sup><br>Jb | LOOP <sup>64</sup> /<br>LOOP2 <sup>64</sup><br>Jb | LOOP <sup>64</sup><br>Jb      | JCXZ <sup>64</sup> /<br>Jb                                    | AL, Ib                                   | IN<br>rAX, Ib                             | OUT<br>Ib, AL               | Ib, eAX                     |
| F | LOCK<br>(Prefix)                                     |                                                   | REPNE<br>XACQUIRE<br>(Prefix) | REP/RELEASE<br>(Prefix)                                       | HLT                                      | CMC                                       | Unary Grp 3 <sup>1A</sup>   | Ev                          |

Table A-2. One-byte Opcode Map: (00H – F7H) \*

|   | 0                                                      | 1                                         | 2                             | 3                                                             | 4                                        | 5                                         | 6                           | 7                           |
|---|--------------------------------------------------------|-------------------------------------------|-------------------------------|---------------------------------------------------------------|------------------------------------------|-------------------------------------------|-----------------------------|-----------------------------|
| 0 | Eb, Gb                                                 | Ev, Gv                                    | Gb, Eb                        | Gx, Ev                                                        | AL, Ib                                   | rAX, Iz                                   | PUSH ES <sup>64</sup>       | POP ES <sup>64</sup>        |
| 1 | Eb, Gb                                                 | Ev, Gv                                    | Gb, Eb                        | Gv, Ev                                                        | AL, Ib                                   | rAX, Iz                                   | PUSH SS <sup>64</sup>       | POPF SS <sup>64</sup>       |
| 2 | Eb, Gb                                                 | Ev, Gv                                    | Gb, Eb                        | Gx, Ev                                                        | AL, Ib                                   | rAX, Iz                                   | SEG=ES (Prefix)             | DAA <sup>64</sup>           |
| 3 | Eb, Gb                                                 | Ev, Gv                                    | Gb, Eb                        | Gx, Ev                                                        | AL, Ib                                   | rAX, Iz                                   | SEG=SS (Prefix)             | AAA <sup>64</sup>           |
| 4 | eAX<br>REX                                             | eCX<br>REXX                               | eDX<br>REXX                   | eBX<br>REXXB                                                  | eBP<br>REXXR                             | eBP<br>REXXB                              | eSI<br>REXXR                | eDI<br>REXXB                |
| 5 | iAXr8                                                  | iCXr9                                     | iDXr10                        | iBXr11                                                        | iSPr12                                   | iBPr13                                    | iSr14                       | iDr15                       |
| 6 | PUSHA <sup>64</sup><br>PUSHAD <sup>64</sup>            | POPA <sup>64</sup><br>POPAD <sup>64</sup> | BOUND <sup>64</sup><br>Gv, Mx | ARPL <sup>64</sup><br>Ew, Gw<br>MOVSD <sup>64</sup><br>Gx, Ev | SEG=FS<br>(Prefix)                       | SEG=DS<br>(Prefix)                        | Operand<br>Size<br>(Prefix) | Address<br>Size<br>(Prefix) |
| 7 | O                                                      | NO                                        | BNAE/C                        | NBNE/NC                                                       | ZE                                       | NZNE                                      | BE/A                        | NBE/A                       |
| 8 | Immediate Grp 1 <sup>1A</sup>                          |                                           |                               |                                                               | TEST                                     |                                           | XCHG                        |                             |
|   | Eb, Ib                                                 | Ex, Iz                                    | Eb, # <sup>64</sup>           | Ev, Ib                                                        | Eb, Gb                                   | Ev, Gv                                    | Eb, Gb                      | Ev, Gv                      |
| 9 | NDP<br>PAUSE(F3)<br>XCHG r, AX                         | iCXr9                                     | iDXr10                        | iBXr11                                                        | iSPr12                                   | iBPr13                                    | iSr14                       | iDr15                       |
| A | AL, Os                                                 | iAX, Gv                                   | Ob, AL                        | Ov, iAX                                                       | MOVS/B<br>Ys, Xb                         | MOVS/W/D/Q<br>Ys, Xv                      | CMPS/B<br>Xs, Yb            | CMPS/W/D<br>Xs, Yv          |
| B | AL/RBL, Ib                                             | CURSL, Ib                                 | DUR10L, Ib                    | BUR11L, Ib                                                    | AHR12L, Ib                               | CHR13L, Ib                                | DHR14L, Ib                  | BHR15L, Ib                  |
| C | Shift Grp 2 <sup>1A</sup>                              |                                           | near RET <sup>64</sup><br>Iw  | near RET <sup>64</sup>                                        | LES <sup>64</sup><br>Gz, Mp<br>VEX+2byte | LDS <sup>64</sup><br>Gz, Mp<br>VEX+16byte | Grp 11 <sup>1A</sup> - MOV  |                             |
|   | Eb, Ib                                                 | Ex, Iz                                    |                               |                                                               |                                          |                                           | Eb, Ib                      | Ex, Iz                      |
| D | Shift Grp 2 <sup>1A</sup>                              |                                           |                               |                                                               | AAM <sup>64</sup><br>Ib                  | AAD <sup>64</sup><br>Ib                   | XLAT/XLATB                  |                             |
| E | LOOPNE <sup>10</sup> /<br>LOOPNZ <sup>64</sup> /<br>JB | LOOP <sup>64</sup> /<br>JB                | LOOP <sup>64</sup><br>JB      | JCXZ <sup>64</sup> /<br>JB                                    | AL, Ib                                   | IN<br>rAX, Ib                             | OUT<br>Ib, AL               | Ib, eAX                     |
| F | LOCK<br>(Prefix)                                       |                                           | XACQUIRE<br>(Prefix)          | REPNE<br>XRELEASE<br>(Prefix)                                 | HLT                                      | CMC                                       | Unary Grp 3 <sup>1A</sup>   |                             |
|   |                                                        |                                           |                               |                                                               |                                          | Eb                                        | Ev                          |                             |

Table A-2. One-byte Opcode Map: (00H – F7H) \*

|   | 0                                                  | 1                                         | 2                             | 3                                                             | 4                                          | 5                                         | 6                             | 7                                   |
|---|----------------------------------------------------|-------------------------------------------|-------------------------------|---------------------------------------------------------------|--------------------------------------------|-------------------------------------------|-------------------------------|-------------------------------------|
| 0 | Eb, Gb                                             | Ev, Gv                                    | Gb, Eb                        | Gx, Ev                                                        | AL, Ib                                     | rAX, Iz                                   | PUSH ES <sup>64</sup>         | POP ES <sup>64</sup>                |
| 1 | Eb, Gb                                             | Ev, Gv                                    | Gb, Eb                        | Gv, Ev                                                        | AL, Ib                                     | rAX, Iz                                   | PUSH SS <sup>64</sup>         | POPF SS <sup>64</sup>               |
| 2 | Eb, Gb                                             | Ev, Gv                                    | Gb, Eb                        | Gx, Ev                                                        | AL, Ib                                     | rAX, Iz                                   | SEG=ES<br>(Prefix)            | DAA <sup>64</sup>                   |
| 3 | Eb, Gb                                             | Ev, Gv                                    | Gb, Eb                        | Gx, Ev                                                        | AL, Ib                                     | rAX, Iz                                   | SEG=SS<br>(Prefix)            | DAA <sup>64</sup>                   |
| 4 | eAX<br>REX                                         | eCX<br>REXX                               | eDX<br>REXX                   | eBX<br>REXX                                                   | eBP<br>REX R                               | eBP<br>REX RB                             | eSI<br>REX RX                 | eDI<br>REX RXB                      |
| 5 | rAX/r8                                             | rCX/r9                                    | rDX/r10                       | rBX/r11                                                       | rSP/r12                                    | rDI/r13                                   | Stk4                          | DU/15                               |
| 6 | PUSHA <sup>64</sup><br>PUSHAD <sup>64</sup>        | POPA <sup>64</sup><br>POPAD <sup>64</sup> | BOUND <sup>64</sup><br>Gv, Mx | ARPL <sup>64</sup><br>Ew, Gw<br>MOVSD <sup>64</sup><br>Gx, Ev | SEG=FS<br>(Prefix)                         | EG=ES<br>(Prefix)                         | OpSize<br>(Prefix)            | Address<br>Size<br>(Prefix)         |
| 7 | O                                                  | NO                                        | BNAEC                         | NBAE/NC                                                       | Jcc <sup>64</sup>                          | Jb                                        |                               |                                     |
|   |                                                    |                                           |                               |                                                               | Jb - Short-displacement jump on condition. |                                           |                               |                                     |
| 8 | Eb, Ib                                             | Eb, Iz                                    | Eb, # <sup>64</sup>           |                                                               |                                            |                                           |                               |                                     |
| 9 | NDP<br>PAUSE(F3)<br>XCHG r8, rAX                   |                                           |                               | LOCK<br>(Prefix)                                              |                                            |                                           | REPNE<br>XACQUIRE<br>(Prefix) |                                     |
| A | AL, Ib                                             | rAX, Gv                                   | Gb, AL                        | Gv, rAX                                                       |                                            |                                           |                               |                                     |
| B | AL/RBL, Ib                                         | CURSL, Ib                                 | DUR10L, Ib                    | BL/R11L, Ib                                                   | AHR12L, Ib                                 | CHR13L, Ib                                | DHR14L, Ib                    | BHR15L, Ib                          |
| C | Eb, # <sup>64</sup>                                | Eb, Ib                                    | near RET <sup>64</sup><br>Iw  | near RET <sup>64</sup>                                        | LES <sup>64</sup><br>Gz, Mp<br>VEX+2byte   | LDS <sup>64</sup><br>Gz, Mp<br>VEX+16byte |                               | Gp 11 <sup>64</sup> - MOV<br>Eb, Ib |
| D | Eb, t                                              | Ev, 1                                     | Eb, CL                        | Ev, CL                                                        | AAM <sup>64</sup><br>Ib                    | AAD <sup>64</sup><br>Ib                   |                               | XLAT <sup>64</sup><br>XLATB         |
| E | LOOPNE <sup>64</sup><br>LOOPNZ <sup>64</sup><br>Jb | LOOP <sup>64</sup><br>Jb                  | LOOP <sup>64</sup><br>Jb      | JCXZ <sup>64</sup><br>Jb                                      | IN                                         | rAX, Ib                                   | OUT                           | Ib; rAX                             |
| F | LOCK<br>(Prefix)                                   |                                           | REPNE<br>XACQUIRE<br>(Prefix) | REPREPE<br>XRELEASE<br>(Prefix)                               | HLT                                        | CMC                                       |                               | Unary Gp 3 <sup>64</sup><br>Eb      |

So... what's this???



LOCK  
(Prefix)

REPNE  
XACQUIRE  
(Prefix)

# Hidden instructions

- ❖ Traditional approaches:
  - ❖ Leaked documentation
  - ❖ Reverse engineering software
  - ❖ NDA
- ❖ But what if it's something **stealthy**?



# Goal: Audit the Processor

↳ Find out what's really there



# The challenge

↳ How to find hidden instructions?

⌘ Instructions can be one byte ...

⌘ inc eax

⌘ 40

⌘ ... or 15 bytes ...

⌘ lock add qword cs:[eax + 4 \* eax + 07e06df23h], 0efcdab89h

⌘ 2e 67 f0 48 818480 23df067e 89abcdef

⌘ Somewhere on the order of

1,329,227,995,784,915,872,903,807,060,280,344,576

possible instructions

# The challenge

# The challenge

- ¶ The obvious approaches don't work:
  - ☒ Try them all?
    - ☒ Only works for RISC
  - ☒ Try random instructions?
    - ☒ Exceptionally poor coverage
  - ☒ Guided based on documentation?
    - ☒ Documentation can't be trusted (that's the point)
    - ☒ Poor coverage of gaps in the search space

A dark gray background featuring a faint, light gray circuit board pattern with various nodes and connections.

# The challenge

Goal:

- ⌘ Quickly skip over bytes that don't matter

- & mov rax, 0x01337COFFEECODE5
- & 48 B8 E5 0D EC FE OF 7C 33 01
- & Fuzz the whole thing?
  - ☒ Spend majority of time on meaningless constant
  - ☒ Will never be able to search the entire space
- & Fuzz just the beginning bytes?

# The challenge

- & lock lock lock lock lock lock lock lock inc dword [rax]
- & F0 F0 F0 F0 F0 F0 F0 FF 00
- & Fuzz the whole thing?
  - ☒ Spend majority of time on superfluous prefixes
  - ☒ Will never be able to search the entire space
- & How do we proceed?

# The challenge

# The challenge

## & Observation:

- ☒ The meaningful bytes of an x86 instruction impact either its length or its exception behavior



# Tunneling

• A depth-first-search algorithm



# Tunneling

& Guess an instruction:

00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00



& Execute the instruction:

00 00 00 00 00 00 00 00 00 00 00 00 00 00

Tunneling



# Tunneling

& Observe its length:

00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

A faint, grayscale circuit board pattern serves as the background for the slide.

# Tunneling

& Increment the last byte:

00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00

A dark gray background featuring a faint, light gray circuit board pattern with various lines and nodes.

& Execute the instruction:

00 01 00 00 00 00 00 00 00 00 00 00 00 00 00

Tunneling



# Tunneling

& Observe its length:

00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00

A faint, grayscale circuit board pattern serves as the background for the slide.

& Increment the last byte:

00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00

Tunneling

A dark gray background featuring a faint, light gray circuit board pattern with various lines and nodes.

& Execute the instruction:

00 02 00 00 00 00 00 00 00 00 00 00 00 00

Tunneling



# Tunneling

& Observe its length:

00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00

A faint, grayscale circuit board pattern serves as the background for the slide.

& Increment the last byte:

00 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00

Tunneling

A dark gray background featuring a faint, light gray circuit board pattern with various lines, nodes, and components.

& Execute the instruction:

00 04 00 00 00 00 00 00 00 00 00 00 00 00

Tunneling

Tunneling

& Observe its length:

00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00

A faint, grayscale circuit board pattern serves as the background for the slide.

& Increment the last byte:

00 04 01 00 00 00 00 00 00 00 00 00 00 00 00

Tunneling

A dark gray background featuring a faint, light gray circuit board pattern with various lines and nodes.

& Execute the instruction:

00 04 01 00 00 00 00 00 00 00 00 00 00 00 00

Tunneling

Tunneling

& Observe its length:

00 04 01 00 00 00 00 00 00 00 00 00 00 00 00 00

A faint, grayscale circuit board pattern serves as the background for the slide.

& Increment the last byte:

00 04 02 00 00 00 00 00 00 00 00 00 00 00 00

Tunneling



A dark gray background featuring a faint, light gray circuit board pattern with various lines, nodes, and components.

& When the last byte is FF...

C7 04 05 00 00 00 00 00 00 FF 00 00 00 00

Tunneling



& ... roll over ...

C7 04 05 00 00 00 00 00 00 00 00 00 00 00 00 00

Tunneling

A dark gray background featuring a faint, light gray circuit board pattern with various lines, nodes, and components.

& ... and move to the previous byte

C7 04 05 00 00 00 00 00 00 00 00 00 00 00 00 00

Tunneling

A dark gray background featuring a faint, light gray circuit board pattern with various lines, nodes, and components.

& This byte becomes the marker

C7 04 05 00 00 00 00 00 00 00 00 00 00 00 00 00

Tunneling

& Increment the marker

C7 04 05 00 00 00 00 00 00 01 00 00 00 00 00

Tunneling

A dark gray background featuring a faint, light gray circuit board pattern with various lines, nodes, and components.

& Execute the instruction

C7 04 05 00 00 00 00 00 00 01 00 00 00 00 00 00

Tunneling



& Observe its length

C7 04 05 00 00 00 00 00 00 01 00 00 00 00 00

Tunneling



& If the length has not changed...

C7 04 05 00 00 00 00 00 00 01 00 00 00 00 00

Tunneling

& Increment the marker

C7 04 05 00 00 00 00 00 00 02 00 00 00 00 00

Tunneling



& And repeat.

C7 04 05 00 00 00 00 00 00 02 00 00 00 00 00

Tunneling

A dark gray background featuring a faint, light gray circuit board pattern with various lines, nodes, and components.

& Continue the process...

C7 04 05 00 00 00 00 00 FF 00 00 00 00 00

Tunneling



& ... moving back on each rollover

C7 04 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

Tunneling



& ... moving back on each rollover

C7 04 05 00 00 00 00 FF 00 00 00 00 00 00

Tunneling

A dark gray background featuring a faint, light gray circuit board pattern with various lines, nodes, and components.

& ... moving back on each rollover

C7 04 05 00 00 00 00 00 00 00 00 00 00 00 00 00

Tunneling

A dark gray background featuring a faint, light gray circuit board pattern with various lines, nodes, and components.

& ...

C7 04 05 00 00 00 00 FF 00 00 00 00 00 00 00 00

Tunneling

& ...

C7 04 05 00 00 00 00 00 00 00 00 00 00 00 00 00

Tunneling

A dark gray background featuring a faint, light gray circuit board pattern with various lines, nodes, and components.

& ...

C7 04 05 00 00 00 FF 00 00 00 00 00 00 00 00 00

Tunneling

& ...

C7 04 05 00 00 00 00 00 00 00 00 00 00 00 00 00

Tunneling

A dark gray background featuring a faint, light gray circuit board pattern with various lines, nodes, and components.

& ...

C7 04 05 00 00 FF 00 00 00 00 00 00 00 00 00 00

Tunneling

& ...

C7 04 05 00 00 00 00 00 00 00 00 00 00 00 00 00

Tunneling

A dark gray background featuring a faint, light gray circuit board pattern with various lines, nodes, and components.

& ...

C7 04 05 00 FF 00 00 00 00 00 00 00 00 00 00 00

Tunneling

A dark gray background featuring a faint, light gray circuit board pattern with various lines, nodes, and components.

& ...

C7 04 05 00 00 00 00 00 00 00 00 00 00 00 00 00

Tunneling

A dark gray background featuring a faint, light gray circuit board pattern with various lines, nodes, and components.

& ...

C7 04 05 FF 00 00 00 00 00 00 00 00 00 00 00 00

Tunneling

& ...

C7 04 05 00 00 00 00 00 00 00 00 00 00 00 00 00

Tunneling



# Tunneling

C7 04 06 00 00 00 00 00 00 00 00 00 00 00 00 00

& When you increment a marker...



& ... execute the instruction ...

C7 04 06 00 00 00 00 00 00 00 00 00 00 00 00 00

Tunneling

A dark gray background featuring a faint, light gray circuit board pattern with various lines, nodes, and components.

& ... and the length changes ...

C7 04 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

Tunneling

A dark gray background featuring a faint, light gray circuit board pattern with various lines, nodes, and components.

& ... move the marker to  
the end of the new instruction ...

C7 04 06 00 00 00 **00** 00 00 00 00 00 00 00 00

Tunneling



& ... and resume the process.

C7 04 06 00 00 00 01 00 00 00 00 00 00 00 00

Tunneling

# Tunneling

& Tunneling through the instruction space  
lets us quickly skip over the bytes  
that *don't* matter,  
and exhaustively search the bytes that do...



# Tunneling

& ... reducing the search space  
from  $1.3 \times 10^{36}$  instructions  
to ~100,000,000  
(one day of  
scanning)



# Instruction lengths

& Catch:  
requires knowing the instruction length

- ❖ Simple approach: trap flag
  - ❖ Fails to resolve the length of faulting instructions
  - ❖ Necessary to search privileged instructions:
    - ❖ ring 0 only: mov cr0, eax
    - ❖ ring -1 only: vmenter
    - ❖ ring -2 only: rsm
  - ❖ It's hard to even auto-generate a successfully executing ring 3 instruction:
    - ❖ mov eax, [random\_number]

# Instruction lengths



# Instruction lengths

& Solution: page fault analysis

- ❖ Choose a candidate instruction
  - ❖ [we don't know how long this instruction is]

OF 6A 60 6A 79 6D C6 02 6E AA D2 39 0B B7 52

# Page fault analysis

- & Configure two consecutive pages in memory
  - ¤ The first with read, write, and **execute** permissions
  - ¤ The second with read, write permissions only

# Page fault analysis

- & Place the candidate instruction in memory
  - ¤ Place the first byte at the end of the first page
  - ¤ Place the remaining bytes at the start of the second

|    |                          |
|----|--------------------------|
| OF | 6A 60 6A 79 6D C6 02 ... |
|----|--------------------------|

# Page fault analysis

& Execute (jump to) the instruction.



OF 6A 60 6A 79 6D C6 02 ...

# Page fault analysis

A dark background featuring a faint, light-grey circuit board pattern with various lines and nodes.

The processor's instruction decoder checks the first byte of the instruction.

OF

6A 60 6A 79 6D C6 02 ...

# Page fault analysis

A dark background featuring a faint, light gray circuit board pattern with various lines and nodes.

If the decoder determines that another byte is necessary, it attempts to fetch it.

|    |    |    |    |    |    |    |    |     |
|----|----|----|----|----|----|----|----|-----|
| OF | 6A | 60 | 6A | 79 | 6D | C6 | 02 | ... |
|----|----|----|----|----|----|----|----|-----|

# Page fault analysis

A dark background featuring a faint, light gray circuit board pattern with various lines and nodes.

This byte is on a non-executable page,  
so the processor generates a **page fault**.

|    |    |    |    |    |    |    |    |     |
|----|----|----|----|----|----|----|----|-----|
| OF | 6A | 60 | 6A | 79 | 6D | C6 | 02 | ... |
|----|----|----|----|----|----|----|----|-----|

# Page fault analysis

The #PF exception provides a **fault** address in the CR2 register.



A memory dump visualization showing a page fault at address OF6A60. The dump shows memory starting at address OF followed by several bytes: 6A, 60, 6A, 79, 6D, C6, 02, and then ellipses. The byte 6A is highlighted in red, indicating it is the fault address.

|    |    |    |    |    |    |    |    |     |
|----|----|----|----|----|----|----|----|-----|
| OF | 6A | 60 | 6A | 79 | 6D | C6 | 02 | ... |
|----|----|----|----|----|----|----|----|-----|

# Page fault analysis

& If we receive a #PF, with CR2 set to the address of the **second** page, we know the instruction continues.



OF 6A 60 6A 79 6D C6 02 ...

# Page fault analysis

& Move the instruction back one byte.

|       |                       |
|-------|-----------------------|
| OF 6A | 60 6A 79 6D C6 02 ... |
|-------|-----------------------|

# Page fault analysis

& Execute the instruction.



OF 6A 60 6A 79 6D C6 02 ...

# Page fault analysis

A dark background featuring a faint, light gray circuit board pattern with various lines and nodes.

The processor's instruction decoder checks the first byte of the instruction.

|       |                       |
|-------|-----------------------|
| OF 6A | 60 6A 79 6D C6 02 ... |
|-------|-----------------------|

# Page fault analysis

A dark background featuring a faint, light-grey circuit board pattern with various lines and nodes.

- If the decoder determines that another byte is necessary, it attempts to fetch it.

|       |                       |
|-------|-----------------------|
| OF 6A | 60 6A 79 6D C6 02 ... |
|-------|-----------------------|

# Page fault analysis

Since this byte is in an executable page,  
decoding continues.

OF 6A 60 6A 79 6D C6 02 ...

# Page fault analysis

A dark background featuring a faint, light gray circuit board pattern with various lines and nodes.

- If the decoder determines that another byte is necessary, it attempts to fetch it.

|       |                       |
|-------|-----------------------|
| OF 6A | 60 6A 79 6D C6 02 ... |
|-------|-----------------------|

# Page fault analysis

This byte is on a non-executable page,  
so the processor generates a **page fault**.



OF 6A **60** 6A 79 6D C6 02 ...

# Page fault analysis

& Move the instruction back one byte.

|          |                    |
|----------|--------------------|
| OF 6A 60 | 6A 79 6D C6 02 ... |
|----------|--------------------|

# Page fault analysis

& Execute the instruction.



OF 6A 60 6A 79 6D C6 02 ...

# Page fault analysis

& Continue the process while  
we receive #**PF** exceptions  
with **CR2** = second page address



OF 6A 60 | **6A** 79 6D C6 02 ...

# Page fault analysis

& Move the instruction back one byte.

```
OF 6A 60 6A 79 6D C6 02 ...
```

# Page fault analysis

& Execute.

OF 6A 60 6A | 79 6D C6 02 ...

Page fault analysis

A dark slide with a faint, light-grey circuit board pattern in the background, featuring various lines, nodes, and a central rectangular frame.

Eventually, the entire instruction  
will reside in the executable page.

OF 6A 60 6A 79 6D C6 02 ...

# Page fault analysis

- The instruction could run.
- The instruction could throw a different fault.
- The instruction could throw a #PF,  
but with a different CR2.



OF 6A 60 6A 79 6D C6 02 ...

# Page fault analysis

& In all cases, we know the instruction has been successfully decoded, so must reside entirely in the executable page.



OF 6A 60 6A 79 6D C6 02 ...

# Page fault analysis

& With this, we know the instruction's length.



OF 6A 60 6A 79 6D C6 02 ...

# Page fault analysis

- & We now know how many bytes the instruction decoder consumed
- & But just because the bytes were *decoded* does not mean the instruction *exists*
- & If the instruction does not exist, the processor generates the #UD exception after the instruction decode (invalid opcode exception)

## Page fault analysis

# Page fault analysis

¶ If we don't receive a #**UD**, the instruction exists.

# Page fault analysis

& Resolves lengths for:

- ☒ Successfully executing instructions
- ☒ Faulting instructions
- ☒ Privileged instructions:
  - ☒ ring 0 only: mov cr0, eax
  - ☒ ring -1 only: vmenter
  - ☒ ring -2 only: rsm

# Page fault analysis

& We can even resolve  
the lengths of instructions that *don't exist.*

|   | pfx | 8                | 9                 | A          |
|---|-----|------------------|-------------------|------------|
|   |     | INVD             | WBINVD            |            |
| 7 | --  | Vx, Hx, Wx       | Vx, Hx, Wx        | Vx, Hx, Wx |
|   | F3  |                  |                   |            |
|   |     | VMREAD<br>Ey, Gy | VMWRITE<br>Gy, Ey |            |
|   | 66  |                  |                   |            |
|   | F3  |                  |                   |            |
|   | F2  |                  |                   |            |

- ❖ Example:
  - ❖ Of 7a ac cb 8b 97 e4 4d
  - ❖ Group Of 7a does not exist  
(receive #UD for this entire group)
  - ❖ But the decoder fetched 8 bytes to decode it
- ❖ Provides insight into the pipelining architecture
- ❖ Allows exploration of future instructions

# Page fault analysis

# The Injector

- The “injector” process performs the page fault analysis and tunneling instruction generation

# Surviving

- ¶ We're fuzzing the same device that we're running on
- ¶ How do we make sure we don't crash?

# Surviving

## ¶ Step 1:

- ☒ Limit ourselves to ring 3
- ☒ We can still resolve instructions living in deeper rings
- ☒ This prevents accidental total system failure (except in the case of serious processor bugs)

# Surviving

## ¶ Step 2:

- ☒ Hook all exceptions the instruction might generate
- ☒ In Linux:
  - ☒ SIGSEGV
  - ☒ SIGILL
  - ☒ SIGFPE
  - ☒ SIGBUS
  - ☒ SIGTRAP
- ☒ Process will clean up after itself when possible

# Surviving

## ↳ Step 3:

- ↗ Initialize general purpose registers to 0
- ↗ Arbitrary memory write instructions like  
add [eax + 4 \* ecx], 0x9102  
will not hit the injecting process's address space
- ↗ Map address 0 into the injector's address space
  - ↘ Requires su in Linux
  - ↘ Not strictly necessary,  
but allows finer grain fault resolution

# Surviving

## ¶ Step 3 (continued):

- Memory calculations using an offset:  
add [eax + 4 \* ecx + 0xf98102cd6], 0x9102  
would still result in non-zero accesses
- Could lead to process corruption  
if the offset falls into the injector's address space



## ¶ Step 3 (continued):

- ✖ The tunneling approach ensures offsets are constrained
  - ✖ 0x0000002F
  - ✖ 0x0000A900
  - ✖ 0x00420000
  - ✖ 0x1E000000
- ✖ The tunneled offsets will not fall into the injector's address space
- ✖ They will seg fault, but seg faults are caught
- ✖ The process still won't corrupt itself

# Surviving

# Surviving

- ¶ We've handled faulting instructions
- ¶ What about non-faulting instructions?
  - ❖ The analysis needs to continue after an instruction executes
  - ❖ E.g. `jmp $-0x39`

# Surviving

- ¶ Set the trap flag prior to executing the candidate instruction
  - ☒ Allows us to catch branches, etc.
  - ☒ Allows determining execution results
    - ☒ If we receive a #DB (trap) exception, we know the instruction successfully executed
- ¶ Reload the registers to a known state

# Surviving

- ¶ With these...
  - ☒ Ring 3
  - ☒ Exception handling
  - ☒ Register initialization
  - ☒ Register maintenance
  - ☒ Execution trapping
- ¶ ... the injector survives.

# Analysis

- ¶ So we now have a way to *search* the instructions space.
  - ❖ How do we make *sense* of the instructions we execute?

# The Sifter

¶ The “sifter” process parses  
the executions from the injector,  
and pulls out the anomalies

# Sifting

- ❖ We need a “ground truth”
- ❖ Use a disassembler
  - ❖ It was written based on the documentation
  - ❖ Capstone

A faint, grayscale circuit board pattern serves as the background for the slide.

# Sifting

## Compare:

- ❖ Observed length of instruction vs. disassembled length of instruction
- ❖ Signal generated by instruction vs. expected signal

# Sifting

- ¶ Undocumented instruction:
  - ☒ Disassembler doesn't recognize byte sequence and ...
  - ☒ Instruction generates anything but a #UD
- ¶ Software bug:
  - ☒ Disassembler recognizes instruction but ...
  - ☒ Processor says the length is different
- ¶ Hardware bug:
  - ☒ ???
  - ☒ No consistent heuristic, investigate when something fails

sandsifter - demo

```
164 r      shl ebx, 0x6b  
s       (unk)  
a       and edx, esi  
n       imul edx, dword ptr [rbx], 0x58112d43  
d       movabs dword ptr [0x82d917b0fbbleb5b], eax  
v: 1      push rsp  
l: 2      (unk)  
s: 5      or eax, 0x13753778  
c: 2      ftst  
i: 1      jbe 0xfffffffffffffb9  
t: 2      jle 0xfffffffffffffd9b  
e: 3      and esi, esp  
r: 4      and byte ptr [rax], al  
      push -0x33da2f5b  
      in eax, dx  
      mov esi, 0xe44908d6  
      pop rsp  
      mov eax, dword ptr [rdi + rax*4 - 0x2f5561f1]  
      (unk)  
      and dword.ptr [rdx], edx
```

```
# 2,259,724
```

```
39800/s
```

```
# 112
```

```
dbe11023eeb94b7a436193c6c73b60be  
dbe06ea350976600eb93210563a5f39b  
0f1bd311bb6376398c8cc1ab20ccdafd  
dfc0a1de21248565a6838e8f5ce435f4  
dfc37eff85e9ca82c485c523ba4b201e  
dbe1f2552633814af7441c7cfcff0dce  
dfc0abd37538a7f3035f10e704311891  
0f1ae471537e81fea974e61c20ae0c91  
0f0d97a9c3f2542c1047a092b1fdb66f  
dfc207323fc7c7e8b88320fc2587b18
```

```
c1e36b540033859ca18b2158b8ac93f3 0  
9a8c42843b3e09ee955b8d47d3669fd7 0  
23d6c9de7736d4e05487c87b901e38ee :  
6913432d1158e0d5caa58f154f85d650 0  
a35bebb1fbb017d982b12eb7c7f5d833 1  
54be5dbd4c5560fefbbc26fad2ebcf32 :  
1ecf2d0ec243bac1cb16d3116caf847b 1  
0d783775132a0249a46ab9f0182f2d2e 1  
d9e47e167779df867a13a56b342ebf10 .  
76b7b83510eeef886efd644375bf4daf 4  
7ed998f203cdbddedb2b165df18fc05f 3  
21e6f610380470d0d183b9db8855dfb3  
20009eae60ce7f8448f3857ecb9301d0  
68a5d025cc8fe073716ae07966c82896  
ed631809325030733742dfffa080c6a50  
bed60849e4abbe0392a277481434afa7  
26445cfba6a6fad744f67f6d94c9aae7  
8b84870f9eaad06fd081b5c4470bb590  
d94ae5791c35580523b6f8c694870240  
21124b12f1f59d65adff800c0e8162c3
```

(sandsifter)

VIA Nano U3500@1000MHz

arch: 32 / processor: 0 / vendor: CentaurHauls / family: 6 / model: n/a / stepping: 8 / ucode: n/a

```
> .... .....
> 0f.... .....
> 0f0d.. .....
> 0f18..
> 0fla..
> 0f1b..
> 0f1c..
> 0f1d..
> 0f1e..
> 0f1f..
> 0fa7..
  0fa7c1
0fa7c2
  0fa7c3
  0fa7c4
  0fa7c5
  0fa7c6
  0fa7c7
> 0fae..
> c4.... .....
> c5.... .....
> db..
  dbe0
  dbel
> df..
  dfc0
  dfc1
  dfc2
```

**instruction:**  
0fa7c2

prefixes: ( )  
valids: (1)  
lengths: (3)  
signums: (5)  
signals: (sigtrap)  
sicodes: (2)

**analysis:**  
capstone: (unk)  
n/a

ndisasm: (unknown)  
n/a

objdump: (unknown)  
n/a

j: down, J: DOWN  
k: up, K: UP  
l: expand L: all  
h: collapse H: all  
g: start G: end  
{: previous }: next  
q: quit and print

(summarizer)



# Scanning

¶ We now have a way to  
systematically scan our processor  
for secrets and bugs



# Scanning

& I scanned eight systems in my test library.

# Results

- Hidden instructions
- Ubiquitous software bugs
- Hypervisor flaws
- Hardware bugs



# Hidden instructions

A faint, grayscale circuit board pattern serves as the background for the slide.

# Intel hidden instructions

& Scanned: Intel Core i7-4650U CPU

# Intel hidden instructions

- ❖ Of0dxx
  - ❖ Undocumented for non-/1 reg fields
- ❖ Of18xx, Of{1a-1f}xx
  - ❖ Undocumented until December 2016
- ❖ Ofae{e9-ef, f1-f7, f9-ff}
  - ❖ Undocumented for non-0 r/m fields until June 2014

# Intel hidden instructions

- & dbe0, dbe1
- & df{c0-c7}
- & f1
- & {c0-c1}{30-37, 70-77, b0-b7, f0-f7}
- & {d0-d1}{30-37, 70-77, b0-b7, f0-f7}
- & {d2-d3}{30-37, 70-77, b0-b7, f0-f7}
- & f6 /1, f7 /1

A faint, grayscale circuit board pattern serves as the background for the slide, featuring various lines, nodes, and small circles.

AMD hidden instructions

& Scanned: AMD Athlon (Geode NX1500)

# AMD hidden instructions

- $\text{OfOf}\{40\text{-}7f\}\{80\text{-}ff\}\{xx\}$ 
  - undocumented for range of xx
- dbe0, dbe1
- df{c0-c7}



# VIA hidden instructions

& Scanned: VIA Nano U3500, VIA C7-M

- Of0dxx
  - Undocumented by Intel for non-/1 reg fields
- Of18xx, Of{1a-1f}xx
  - Undocumented by Intel until December 2016
- Ofa7{c1-c7}
- Ofae{e9-ef, f1-f7, f9-ff}
  - Undocumented by Intel for non-0 r/m fields until June 2014
- dbe0, dbē1
- df{c0-c7}

# VIA hidden instructions

# Hidden instructions

- ¶ There are actually more than this
  - ☒ But our disassembler recognizes many undocumented instructions
  - ☒ If recognized by the disassembler, sandsifter cannot identify them as anomalies

# Hidden instructions

↳ What do these *do*?

- ☒ Some have been reverse engineered
- ☒ Some have no record at all.



# Software bugs

# Software bugs

## Issue:

- ✗ The sifter is forced to use a disassembler as its “ground truth”
- ✗ Every disassembler we tried as the “ground truth” was littered with bugs.

# Software bugs

- ¶ Most bugs only appear in a few tools,  
and are not especially interesting
- ¶ Some bugs appeared in *all*/tools
  - ☒ These can be used to an attacker's advantage.

# Software bugs

& 66e9xxxxxxxx [jmp]  
& 66e8xxxxxxxx [call]

# Software bugs

- ¶ 66e9xxxxxxxx [jmp]
- ¶ 66e8xxxxxxxx [call]
  
- ¶ In x86\_64
- ¶ Theoretically, a jmp (e9) or call (e8),  
with a data size override prefix (66)
  - ☒ Changes operand size from default of 32
    - ☒ Does that mean 16 bit or 64 bit?
    - ☒ Neither. 66 is ignored by the processor here.



# Software bugs

& Everyone parses this wrong.

# Software bugs

& Demo:

- ❖ IDA
- ❖ Visual Studio

```
; -----  
; align_140018EE9:                                ; DATA XREF: .pdata:00000001400256B4↓o  
cc cc cc cc+          align 10h  
  
; ===== S U B R O U T I N E =====  
  
start  
proc near  
    jmp    small $+4  
; DATA XREF: .rdata:000000014001AA4C↓o  
; .pdata:00000001400256C0↓o  
  
66 E9 00 00  
00 00 90 90 dword_140018EF4 dd 90900000h ; CODE XREF: start↑j  
90  
;  
48 83 C4 28      add    rsp, 28h  
E9 06 00 00+     jmp    sub_140018F08  
00      start      endp  
  
;
```

# Software bugs (IDA)

Disassembly

Address: 00007ff7b9ef8ef00

Viewing Options

| Address            | OpCode               | Instruction | Comments                |
|--------------------|----------------------|-------------|-------------------------|
| 00007FF7B9EF8EE4   | 48 83 C4 38          | add         | rsp,38h                 |
| 00007FF7B9EF8EE8   | C3                   | ret         |                         |
| 00007FF7B9EF8EE9   | CC                   | int         | 3                       |
| 00007FF7B9EF8EEA   | CC                   | int         | 3                       |
| 00007FF7B9EF8EEB   | CC                   | int         | 3                       |
| 00007FF7B9EF8EEC   | CC                   | int         | 3                       |
| 00007FF7B9EF8EED   | CC                   | int         | 3                       |
| 00007FF7B9EF8EEE   | CC                   | int         | 3                       |
| 00007FF7B9EF8EEF   | CC                   | int         | 3                       |
| * 00007FF7B9EF8EF0 | 66 E9 00 00 00 00    | jmp         | 0000000000008EF6        |
| 00007FF7B9EF8EF8   | 90                   | nop         |                         |
| 00007FF7B9EF8EF7   | 90                   | nop         |                         |
| 00007FF7B9EF8EF8   | 90                   | nop         |                         |
| 00007FF7B9EF8EF9   | 48 83 C4 28          | add         | rsp,28h                 |
| 00007FF7B9EF8EFD   | E9 06 00 00 00       | jmp         | 00007FF7B9EF8F08        |
| 00007FF7B9EF8F02   | CC                   | int         | 3                       |
| 00007FF7B9EF8F03   | CC                   | int         | 3                       |
| 00007FF7B9EF8F04   | CC                   | int         | 3                       |
| 00007FF7B9EF8F05   | CC                   | int         | 3                       |
| 00007FF7B9EF8F06   | CC                   | int         | 3                       |
| 00007FF7B9EF8F07   | CC                   | int         | 3                       |
| 00007FF7B9EF8F08   | 48 8B C4             | mov         | rax,rsp                 |
| 00007FF7B9EF8F0B   | 48 89 58 08          | mov         | qword ptr [rax+8],rbx   |
| 00007FF7B9EF8F0F   | 48 89 70 10          | mov         | qword ptr [rax+10h],rsi |
| 00007FF7B9EF8F13   | 48 89 78 18          | mov         | qword ptr [rax+18h],rdi |
| 00007FF7B9EF8F17   | 41 57                | push        | r15                     |
| 00007FF7B9EF8F19   | 48 81 EC B0 00 00 00 | sub         | rsp,0B0h                |

Activate Windows  
Go to Settings to activate Windows.

# Software bugs (VS)

# Software bugs

- ¶ Everyone misinterprets either:
  - ☒ The target of the jump
    - ☒ Truncates the instruction pointer to 16 bits
  - ☒ The size of the operand
    - ☒ Reading the instruction as 4 bytes instead of 6
  - ☒ Or (often) both of these

# Software bugs

- ❖ An attacker can use this to mask malicious behavior
- ❖ Throw off disassembly and jump targets to cause analysis tools to miss the real behavior

# Software bugs

↳ Demo:

- ☒ objdump/gdb
- ☒ QEMU

```
000000000004004ed <main>:
```

```
4004ed:    55
4004ee:    48 89 e5
4004f1:    66 e9 00 00
4004f5:    05 00 00 00 00
4004fa:    05 00 00 00 00
4004ff:    48 b8 b8 11 22 33 44 ff e0 90
400509:    48 b8 b8 11 22 33 44 ff e0 90
400513:    48 b8 b8 11 22 33 44 ff e0 90
40051d:    48 b8 b8 11 22 33 44 ff e0 90
400527:    48 b8 b8 11 22 33 44 ff e0 90
400531:    48 b8 b8 11 22 33 44 ff e0 90
40053b:    48 b8 b8 11 22 33 44 ff e0 90
```

```
push    %rbp
mov    %rsp,%rbp
jmpw   4f5 <_init-0x3ffeb3>
add    $0x0,%eax
add    $0x0,%eax
movabs $0x90e0ff44332211b8,%rax
```

# Software bugs (objdump)

root@delta-vm:~# █

Software bugs (QEMU)

# Software bugs

- ¶ 66 jmp
- ¶ Why does everyone get this wrong?
  - ☒ AMD designed the 64 bit architecture,
  - ☒ Intel adopted... most of it.
- ¶ AMD: override changes operand to 16 bits,  
instruction pointer truncated
- ¶ Intel: override ignored.

# Software bugs

- ❖ Issues when we can't agree on a standard
  - ❖ sysret bugs
- ❖ Either Intel or AMD is going to be vulnerable when there is a difference
- ❖ Impractically complex architecture
  - ❖ Tools cannot parse a jump instruction

## & Opcode 82

- ☒ Disassemblers don't recognize this instruction
  - ☒ (objdump, Capstone, GDB, ndisasm, etc.)
- ☒ ... even though it's documented by both Intel and AMD
- ☒ Synonym for opcode 80
  - ☒ add, or, and, xor, cmp, sub, ...
- ☒ Opcode 82 lets us do computation  
*invisible* to a disassembler.

# Software bugs



# Hypervisor bugs

# Azure hypervisor bugs

- ❖ In an Azure instance,  
the **trap flag** is missed  
on the cpuid instruction
- ❖ (cpuid causes a vmexit,  
and the hypervisor forgets  
to emulate the trap)

```
deltaop:~/research/sandsifter$  
>>> █
```

I

# Azure hypervisor bugs



# Hardware bugs

# Hardware bugs

- ¶ Hardware bugs are troubling
  - ☒ A bug in hardware means you now have the same bug in all of your software.
  - ☒ Difficult to find
  - ☒ Difficult to fix

A faint, light gray watermark of a printed circuit board (PCB) is visible across the entire slide, showing various tracks, vias, and component pads.

# Intel hardware bugs

& Scanned:  
❖ Quark, Pentium, Core i7



# Intel hardware bugs

↳ f00f bug on Pentium (anti-climactic)

# AMD hardware bugs

Scanned:  
Geode NX1500, C-50

# AMD hardware bugs

- f00f20c0 / f00f22c0
  - ✖ lock mov cr0, eax / lock mov eax, cr0
  - ✖ Looks like a bug  
(lock shouldn't execute on non-mem instruction)
  - ✖ Found buried in cpuid enumerations in AMD docs:  
“LOCK MOV CR0 means MOV CR8”

# AMD hardware bugs

- ¶ On several systems,  
receive a #UD exception  
prior to complete instruction fetch
- ¶ Per AMD specifications, this is incorrect.
  - ¶ #PF during instruction fetch takes priority
- ¶ ... until ...

Table 8-8. Simultaneous Interrupt Priorities

| Interrupt Priority | Interrupt Condition                                  | Interrupt Vector |
|--------------------|------------------------------------------------------|------------------|
| (High)<br>0        | Processor Reset                                      | —                |
|                    | Machine-Check Exception                              | 18               |
| 1                  | External Processor Initialization (INIT)             | —                |
|                    | SMI Interrupt                                        |                  |
|                    | External Clock Stop (Spclock)                        |                  |
| 2                  | Data, and I/O Breakpoint (Debug Register)            | 1                |
|                    | Single-Step Execution Instruction Trap (RFLAGS.TF=1) |                  |
| 3                  | Non-Maskable Interrupt                               | 2                |
| 4                  | Maskable External Interrupt (INTR)                   | 32–255           |
| 5                  | Instruction Breakpoint (Debug Register)              | 1                |
|                    | Code-Segment-Limit Violation <sup>1</sup>            | 13               |
|                    | Instruction-Fetch Page Fault <sup>1</sup>            | 14               |
| 6                  | Invalid Opcode Exception <sup>1</sup>                | 6                |
|                    | Device-Not-Available Exception                       | 7                |
|                    | Instruction-Length Violation (> 15 Bytes)            | 13               |

**Note:**

1. This reflects the relative priority for faults encountered when fetching the first byte of an instruction. In the fetching and decoding of subsequent bytes of an instruction, an Invalid Opcode exception may be detected and raised before a fetch-related fault would be seen on a later byte. This behavior is model-dependent.

# Transmeta hardware bugs

& Scanned:  
☒ TM5700

- ❖ Instructions:  $0f\{71,72,73\}xxxx$
- ❖ Can receive #**MF** exception during fetch
- ❖ Example:
  - ❖ Pending x87 FPU exception
  - ❖ psrad mm4, -0x50 (0f72e4b0)
  - ❖ #**MF** received after 0f72e4 fetched
  - ❖ Correct behavior: #**PF** on fetch,  
last byte is still on invalid page

# Transmeta hardware bugs

- ¶ Found on one processor...
- ¶ An apparent “halt and catch fire” instruction
  - ¤ Single malformed instruction in ring 3  
locks the processor
  - ¤ Tested on 2 Windows kernels, 3 Linux kernels
  - ¤ Kernel debugging, serial I/O,  
interrupt analysis seem to confirm
- ¶ Unfortunately,  
not finished with responsible disclosure
- ¶ No details available  
on chip, vendor, or instructions



hardware bugs

# ring 3 processor DOS demo



A dark background featuring a faint, light-grey circuit board pattern with various nodes and connections.

• First such attack found in 20 years  
(since Pentium f00f)

hardware bugs



& Significant security concern:  
processor DoS from unprivileged user

hardware bugs



& Details (hopefully) released within the next month  
(stay tuned)

# hardware bugs

# Conclusions

& Open sourced:

- ❖ The sandsifter scanning tool
- ❖ [github.com/xoreaxeaxeax/sandsifter](https://github.com/xoreaxeaxeax/sandsifter)

& Audit your processor,

break disassemblers/emulators/hypervisors,  
halt and catch fire, etc.

# Conclusions

- I've only scanned a few systems
- This is a fraction of what I found on mine
- Who knows what exists on yours

# Conclusions

- ❖ Check your system
- ❖ Send us results if you can

# Conclusions

& Don't **blindly** trust the specifications.

# Conclusions

& Sandsifter lets us introspect  
the **black box** at the heart of our systems.

&github.com/xoreaxeaxeax

✗sandsifter

✗M/oNfuscator

✗REpsych

✗x86 0-day PoC

✗Etc.

&Feedback? Ideas?

&domas

✗@xoreaxeaxeax

✗xoreaxeaxeax@gmail.com

