Hacker Finds Hidden 'God Mode' on Old x86 CPUs

Status
Not open for further replies.

bit_user

Splendid
Herald
Jan 20, 2010
4,396
25
22,840
12

Gee, kinda important detail to bury half-way down the article, eh?
 

dudmont

Reputable
Feb 23, 2015
1,404
0
5,660
198


If he had mentioned it in the 2nd paragraph, would you have stayed for the rest? ;)
 

bit_user

Splendid
Herald
Jan 20, 2010
4,396
25
22,840
12

Yes. I read the whole thing. It's not exactly War & Peace.

Now, had it been in the headline (where it belongs, IMO), I can believe the article would've gotten fewer clicks.

I definitely respect the amount of effort that went into finding this. That part was definitely worth the read.
 

Karadjgne

Titan
Herald
There's ppl who most definitely know where the back doors are, and how to access them, exploit them etc. They know, because they put them there in the first place. Some engineer who designed the 2003 Via C3 chips is cussing up a storm right about now. It's one secret that should have been buried and gone to the grave. And up til now, it did. But now some genius has advertised how to get at it, quite simply, so all those hackers worldwide, who tried and failed to find one, now have a serious clue as to how to get in. On other chips. Meltdown and Spectre are bad enough, but when is 'backdoor fever' gonna be allowed to die out. Stuff like this is just adding fuel to the fire.
 

mapesdhs

Distinguished
Jan 22, 2007
2,507
0
21,160
111
Karadjgne, that reads way too much like, there's a problem but we shouldn't talk about it. Better to expose and deal with loopholes now, then let one's enemies exploit them later.
 

Karadjgne

Titan
Herald
Whereas I see it as more like a bank robber posting for the world to see just what tools are needed and directions on just how to rob a bank and get away with it. There's multiple ppl who wouldn't know all that normally who'd go ahead and try/do it anyways. It's a Pandoras Box.
 

shrapnel_indie

Distinguished


Indeed, it is a Pandora's Box Yes, more people know how to access and exploit now... but that doesn't mean those who you really wish to never know didn't already know and were already taking advantage of it. Espionage, or plain spying on us by those in high levels know more than we'll ever know or want to know.
 

jimmysmitty

Champion
Moderator


No but it can push this article into the realm of "clickbait". It makes it seem like a CPU you or I might use or have used has it. No consumer used a VIA x86 CPU. The headline should mention that it is a Via CPU.
 
Aug 10, 2018
2
0
10
0
This 'trail of breadcrumbs' is documented in the datasheet, Appendix A-10 (Alternate Instruction Execution)

"...For example, in the alternate instruction set, privileged functions can be used from any protection level, memory descriptor checking can be bypassed, and many x86 exceptions such as alignment check can be bypassed..."


http://datasheets.chipdb.org/VIA/Nehemiah/VIA C3 Nehemiah Datasheet R113.pdf
 
Aug 10, 2018
2
0
10
0

The VIA C3 was the northbridge and southbridge chip, dude. Not the CPU. This flaw was the result of the motherboard manufacturer and VIA thinking, "Hey. Let's add some cool features." Security was never the intention, and malware in the 00's was 1337 anarchist s***.
 
Aug 10, 2018
2
0
10
0


The VIA C3 was most definitely a (family of) CPUs. I had one, back in the day.

https://en.wikipedia.org/wiki/VIA_C3
 

bentremblay

Distinguished
Jan 2, 2012
120
0
18,680
0
This is for sure more than just #Lateral, but ...
When asked by I was so insistent about refusing commission (to become an officer) I put it this way: as a grunt I would very happily help officers in fullfilling our mission. BUT ... as a grunt I was always / continuously in a state of "Don't know" i.e. "These are facts. Those are estimates. This here is a list of predictions. So maybe if we do X and Y arises, we'll get Z ... maybe." On the other hand officers were charged in defending whatever they concluded was true and right.

What I mean, and I'm drawing on my experience of the intelligence community (SigInt, thanks for asking!): the most misleading thing is what you're very sure is true.

Kinda like how Putin's mafia does 10 tonnes of sloppy work ... which yuppie-types follow like dogs follow puke.
Then 1 tonne of pretty clever hacking.
And way down deep? 2 or maybe 3 exploits that are like uber-important.

Like how magicians use indirection. Some is obvious. Some is clever. Throw in a double-dash of "clever" and you can get away with almost anything.

"Perfect answer becomes donkey's hitching post." --old Japanes saying

We caught this one. After we had for so long missed it.
Soooo ... what have we not caught? heh

^5
 

aries1470

Distinguished
Jun 26, 2008
37
0
18,530
0


I would say that a huge amount of consumers used it, and still do.
Let's see, ATM's, cars, info kiosks... should I go on?

Just because YOU haven't used it, doesn't mean other people haven't used it :)

It was a good enough chip/ cpu for embedded systems and cheap enough too, just not good enough for most people that loved gaming, but for big corporations, it was rolled out for web-browser based and thin clients, think call centres. So, this did have the potential to be a huge problem, now for today, it is limited by the banking sector that still uses it.

Also, it was used in some laptops of the era, cheap and low powered / low end, aka perfect for bean counters that just needed to do spreadsheets, word documents and some number crunching.

Ok, rant mode off, but I hope you get a better understanding that you and many other people may have used this processor without even knowing that they did, and how even today, it can still be an issue.
Just saying.
 

BorgOvermind

Distinguished
Oct 4, 2011
46
0
18,540
1
Intel has remote self-destruct capabilities in all i-series CPUs.
Seagate was caught with backdoors in the firmware.
And the list goes on...
 

Karadjgne

Titan
Herald
There's back doors in just about all software/firmware, there has to be. It's how engineers bypass all the bs and restrictions to fix/tweak/update stuff while still in alpha/beta testing. What sucks is when that backdoor becomes part of the software/firmware and requires a major overhaul to remove it. So it gets left there and buried until some enterprising jerk with too much time on his hands decides to go find it. Then it becomes a matter of damage control.

What Microsoft should do is hire all these ppl, give them a beta copy of Windows 12 and tell them to do their worst.
 

bit_user

Splendid
Herald
Jan 20, 2010
4,396
25
22,840
12

The whoami command would ask the kernel for the user's credentials. So, there should be nothing they can spoof in userspace that can have that effect.

Of course, the video could be forged. But, they supposedly released all of the details. So, if this is a fake that should quickly surface when others aren't able to reproduce the exploit.
 

bit_user

Splendid
Herald
Jan 20, 2010
4,396
25
22,840
12

A lot of companies (including MS, I'm sure) already have bug bounties. There are also competitions where hackers are given a limited amount of time to find exploits, and given quite substantial monetary rewards.
 

jimmysmitty

Champion
Moderator


Or take it as a no consumer ever used this processor knowingly. No one did. Very very few except niche people actually bought this for anything.

It is still a very click bait title. It should have specified it was a VIA C3 Nehemiah and not x86 specific as it is not an x86 specific issues, its a VIA C3 Nehemiah specific issue.
 
Aug 16, 2018
1
0
10
0
From the VIA PDF linked in the comments: "f you have a justified need for access to these instructions, contact your VIA representative."

Did they mean "CIA representative" XD or should I say NSA?
It reminds me of the 2014 Snowden leaks where the operations involved using employees of tech companies to knowingly degrade technologies for the purpose of backdooring it... but probably the easier answer is someone effed up, the PDF states that: "While setting this FCR bit is a privileged operation, executing the alternate instructions can be done from any protection level."

So it was meant to be root enabled, to allow the jump from 3 to 0 but looks like someone messed up... or did they?!?! <shrug> Give up now on "total freedom" already folks.
 
Status
Not open for further replies.

ASK THE COMMUNITY

TRENDING THREADS