Intel Microcode Decryptor

One year ago on HN, also involving Maxim Goryachy (@h0t_max), as well as Dmitry Sklyarov (of DMCA &#x27;violation&#x27; renown) and Mark Ermolov:<p><i>Two Hidden Instructions Discovered in Intel CPUs Enable Microcode Modification</i><p><a href="https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=27427096" rel="nofollow">https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=27427096</a>

Which machine language is the microcode written in?<p>Is it even possible to fully decode that language with publicly available information&#x2F;tools?<p>Given that microcode is an internal mechanism of CPUs, I would expect its language to be impossible to decode for regular people because there is zero knowledge on how it works?<p>And even if there is some knowledge on it, won&#x27;t Intel change the machine language around a lot among CPU generations because the lack of public usage means it <i>can</i> be changed constantly, thus rendering the existing knowledge useless quickly?

Naive question about getting “dumps of microcode”<p>Getting a dump means getting access to a memory controller of sorts and asking it to read you back the contents of addresses, right?<p>But you’re really getting what the memory controller decides to give you. There could be more indirection or sneakiness, right? Ie. I could design a memory controller with landmines, as in “if you ask for 0x1234 I will go into a mode where I send back garbage for all future reads until power is cycled.”<p>Is this a thing?

Can someone more educated on this than me please ELI5 the significance of this?<p>If I&#x27;m understanding correctly, this allows us to view (previously obfuscated) code that runs on certain (recent-ish) Intel processors?<p>What are the consequences of this?

Cool, I’m into cheap auditable hardware! This could maybe turn out like when they discovered Linksys was breaking the GPL which ended up opening up an entire class of hardware to hack on.

This is quite literally, hacker news.

As someone who just makes Crud apps can someone please ELI5 this. Why is this a big deal and why are people freaking out about intel chips becoming obsolete overnight ?

Is there any chance to get the RSA keys to be able to make your own code?

Has someone tried to write own microcode and load it? Sounds like it should be much faster to run your own code this way than having the official microcode run an interpreter for your x86 instructions.

I would not be surprised if this will end up being the highest upvoted post of HN for all time depending on the outcome.

Judgement is nigh. I&#x27;d love to get my hands on one of the decrypted binaries but I expect there are much more capable reverse engineers are already carrying the torch :^)

How far are we from getting rid of IME now?

It&#x27;s all cool and certainly a breakthrough, but Atoms, Pentiums and Celerons.. Wake me up when this thing decrypts mainstream Core i7 microcode!

Can someone ELI5 this?

Brazilian Electronic Voting Machines use Intel Atom CPUs. Any backdoor found in microcode for these is going to be a big event.

&gt; Also, we recovered a format of microcode updates, algorithm and the encryption key used to protect the microcode (see RC4).<p>RC4 had already been busted wide open when the two generations of CPUs (Gemini Lake and Apollo Lake) this affects were released.<p>Why would they use a known insecure cipher?

My guess is that the next discovery will be quite significant, but for the time being, this feature is read-only and restricted to Atom processors only.

<a href="https:&#x2F;&#x2F;github.com&#x2F;chip-red-pill&#x2F;uCodeDisasm" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;chip-red-pill&#x2F;uCodeDisasm</a>

Does the disclaimer at the top have any legal merit? If they didn’t include that disclaimer, would they actually be liable for damage or loss caused by its use?

If they are sane, Intel didn&#x27;t rely on this staying secret in their threat model.

Can you use this to build an intel machine under say arm?

Curious, if an attacker has the key and access to the code, is there anything to stop an attacker from updating the microcode to contain an exploit?

Wow that is really cool. Here&#x27;s the GitHub link without Twitter tracking, BTW: <a href="https:&#x2F;&#x2F;github.com&#x2F;chip-red-pill&#x2F;MicrocodeDecryptor" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;chip-red-pill&#x2F;MicrocodeDecryptor</a><p>Especially considering how they gained this knowledge:<p>&quot;Using vulnerabilities in Intel TXE we had activated undocumented debugging mode called red unlock and extracted dumps of microcode directly from the CPU. We found the keys and algorithm inside.&quot;<p>And looking further down, some X86 instructions (that people would usually call low-level) actually trigger execution of an entire ELF binary inside the CPU (implemented in XuCode). Just wow.

Alternative front-end version:<p><a href="https:&#x2F;&#x2F;nitter.net&#x2F;h0t_max&#x2F;status&#x2F;1549155542786080774" rel="nofollow">https:&#x2F;&#x2F;nitter.net&#x2F;h0t_max&#x2F;status&#x2F;1549155542786080774</a>

That&#x27;s pretty weird, this article was here already earlier, had 600+ upvotes and now it is back with new upvotes but the old comments.

Discussion here: <a href="https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=32148318" rel="nofollow">https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=32148318</a>

So after analysis from the community and experts we will finally get rid of the whole backdoor-conspiracy bandwagon? Or will they just move on to another aspect or even simply wave it off as an orchestrated and constructed fake? I mean those people come up with a lot weirder things to advocate for their beliefs.