by Curtis Franklin Jr / 8/13/2018

“At Black Hat USA and DEF CON, researcher Christopher Domas showed how he found backdoors that may exist in many different CPUs. “When a room filled with hundreds of security professionals erupts into applause, it’s notable. When that happens less than five minutes into a presentation, it’s remarkable. But that’s what transpired when security researcher Christopher Domas last week showed a room at Black Hat USA how to break the so-called ring-privilege model of modern CPU security.

In the hardware, different types of accounts are assigned to different “rings of privilege,” with users at ring three and the system administrator at ring 0. Domas in his research hacked the ring with a string consisting of four hexadecimal characters. Such an attack could allow a program from a “regular” user to assume kernel-level control, executing at a higher privilege than most security software – and bypassing the vast majority of techniques used by anti-malware and hardware control systems today.

Domas, well-known in the security research community for his dissections of the X86 instruction set, titled his presentation “God Mode Unlocked: Hardware Backdoors in X86 CPUs.” In talks at both Black Hat USA and DEF CON in Las Vegas, he not only proved that he had done just that, but he also shared the “how” with the world. There are, luckily for the global IT security community, limitations to the research. The target was an older processor, with the C2 Mehemiah core, generally used in the embedded systems market. As a proof-of-concept, though, the research has profound implications for IT security.

The secret, Domas found, was making use of model-specific-registers (MSRs) – special CPU registers used in addition to the normal registers used in programming – to instruct the CPU to do things that its designers don’t want it to do. And the secret isn’t in the existence of MSRs — those are known. It’s in the existence of so many MSRs, including many that the system designers and vendors don’t include in any documentation. Domas’ research computer farm and methodology included multiple computers running specific instructions and reporting which ones returned fault conditions. On the target CPUs, Domas found 1,300 MSRs. He said exploring all of those would have taken far too long, so he developed a method for understanding which were unique – and therefore not functional duplicates of one the other, more commonly used registers – based on how long it took to send and instruction and return a value.

Justification for this (and later) effort came from a series of patent filings Domas analyzed which hinted at a mysterious core to the x86 core in modern Intel-architecture CPUs. This DEC – a term Domas invented to describe a secondary core not generally known to software developers that is designed to enable functions also generally unknown to developers – shares portions of the instruction pipeline with the x86. But it’s also its own entity with its own architecture.

Getting access to the DEC, Domas speculated, would require a global configuration register and a launch instruction — neither of which is documented. And there, his research got very real. Domas reverse-engineered both the architecture and instruction set of the DEC. The latter, he said, involved 4,000 hours of compute time which generated 15 gigabytes of logs. When analyzed, the logs yielded the instruction for launching the DEC, completing tasks, and completely bypassing all of the protections of the ring-privilege model. So a limited user account could execute code as the system administrator without being known or challenged. This would break virtually every anti-malware and device security system in use.

This very specific CPU vulnerability is unlikely to be used in widespread attacks against an enterprise because of the age and limited application of the CPUs involved. As Domas says, though, this is a proof-of-concept that may lead other researchers to seek similar vulnerabilities in more modern and widely used CPUs. Domas has released his toolset in Project Rosenbridge on GitHub, and is actively seeking other researchers to add to and continue the work.”

Off-brand ‘military-grade’ x86 processors root-granting ‘backdoor’
by Thomas Claburn / 10 Aug 2018

“A forgotten family of x86-compatible processors still used in specialist hardware, and touted for “military-grade security features,” has a backdoor that malware and rogue users can exploit to completely hijack systems. The vulnerability is hardwired into the silicon of Via Technologies’ C3 processors, which hit the market in the early to mid-2000s. Specifically, the chip-level backdoor, when activated, allows software to feed instructions to a hidden coprocessor that has total control over the computer’s hardware. This access can be exploited by normal programs and logged-in users to alter the operating system kernel’s memory, gain root, or administrator-level, permissions, and cause other mischief.

This weird and wonderful piece of semiconductor history was uncovered by Christopher Domas, an adjunct instructor at Ohio State University in the US, who presented his findings on Thursday at the 2018 Black Hat USA security conference in Las Vegas. He offered further in-depth details in a companion GitHub repository that also contains code for detecting and closing the backdoor if found. “The backdoor allows ring 3 (userland) code to circumvent processor protections to freely read and write ring 0 (kernel) data,” according to Domas. “While the backdoor is typically disabled (requiring ring 0 execution to enable it), we have found that it is enabled by default on some systems.”

Here’s a demonstration of an exploit executing a special sequence of instructions to make the coprocessor alter kernel memory and escalate a program’s privileges to root on a Linux-flavored vulnerable machine:

If the backdoor is enabled, when the x86 CPU encounters two particular bytes, it passes a payload of non-x86 instructions, pointed to in the eaxregister, to the coprocessor to execute. This code reaches into kernel memory and upgrades the running program’s access rights to superuser status. Domas codenamed the backdoor “Rosenbridge,” and described the coprocessor as a non-x86 RISC-like CPU core embedded alongside the x86 core in the processor package. He differentiates it from other coprocessors where vulnerabilities have been identified, such as Intel’s Management Engine, by noting that it is more deeply embedded. It has access to not just the CPU’s main memory, but also to the register file and execution pipeline, he said. In theory, backdoor access should require kernel-level privileges, but according to Domas, it is available by default on some systems, which means userland code can use the feature to tamper with the operating system.

Not everyone agrees “backdoor” is the right term. Thilo Schumann, an electrical engineer based in Germany, in a tweet argued the exceptional access is a documented feature of the Via C3 in that it allows non-x86 software instructions to be executed alongside x86 code. In other words, it is used to extend the x86 core’s instruction set with bonus instructions, which are executed by the coprocessor. Bit 0 in the C3’s Feature Control Register (FCR) can be set to enable an alternate instruction set, according to the C3 Nehemiah data sheet. The default setting uses the x86 instruction set; setting the bit to 1 enables the alternate instruction set (ALTINST). “This alternate instruction set includes an extended set of integer, MMX, floating-point, and 3DNow! instructions along with additional registers and some more powerful instruction forms over the x86 instruction architecture,” the data sheet explained. “For example, in the alternate instruction set, privileged functions can be used from any protection level, memory descriptor checking can be bypassed, and many x86 exceptions such as alignment check can be bypassed.”

The data sheet stated this is intended for testing, debugging, and special applications. It advises customers who need access to contact Via, because the coprocessor’s instruction set appears not to be publicly documented. Therefore, while you can enable the hidden CPU yourself, you’ll need help writing code for it. Enabling it also means programs can bypass the x86 core’s security mechanisms, so it’s not ideal for general-purpose systems. The access technique described by Domas works with Via C3 Nehemiah chips, which were made in 2003. The C3 line was aimed at industrial hardware, healthcare equipment, ATMs, sales terminals, and the like, yet also powered some consumer desktop and mobile computers.

The data sheet, however, says special access is available in all C3 processors, not just the Nehemiah family. “While all VIA C3 processor processors contain this alternate instruction feature, the invocation details (e.g., the 0x8D8400 ‘prefix’) may be different between processors,” the docs explain. Domas downplayed the impact of his findings, noting that subsequent generations of the fifteen-year-old chip don’t have the backdoor. He considers the work primarily of interest to researchers. But for those who happen to know where a cash machine running a 15-year-old C3 might be found, the flaw might merit more than academic interest.”