::: left till the conference

Chip Red Pill: How we achieved to execute arbitrary [micro]code inside Intel Atom CPUs

45 min
Main Stage

All the modern Intel CPUs have RISC-core inside the chip. The core implements abstraction layer that interprets user-visible instruction set to invisible hardware-internal RISC instructions. RISC core has maximum privileges and it can manipulate data directly. The microcode program built-in the chip, but the S and UEFI may apply some patches – microcode updates. Unfortunately, it is encrypted and there is poor public information on its working. Due to this, has no public research about internal structure of Intel CPU microcode.

Now we found a way that you can get access to it on the public-available platform. In our talk, we are going to describe the structure of microcode for the Intel Atom platform, how our proof of concept works and hijacking user-visible x86 instruction. We will describe the approach how we did reverse engineering of microcode format and internal structure of Intel Atom.

Maxim Goryachy
Mark Ermolov
Dmitry Sklyarov
Other Reports
Main Stage
LPE in Ring -3 / Intel ME
Defensive Track
CVEhound: check Linux sources for known CVEs
Hands-on intensive web app hacking