Dude's a legend... and every year his talks become more dystopian if you think about the implications.

Since 1995 we (software engineers) had a common mindset - if you allow to execute someones code on your machine - it's not your machine anymore ... 24 years later - still very valid.

The positive thing about this is that there are very few people in the world with the tenacity, intellect and mental discipline like Chris and go through the challenging and tedious process to uncover the backdoor. This is not something you can just stumble onto by luck. Awesome talk as always Chris, this was more interesting than most thriller movies. Just couldn't stop until the end.

The first 3:30 of this are the most razor-sharp demo of an editor-to-root exploit I have ever seen, but the most important thing in this talk is his research methodology. This guy is scary fast.

This guy. Just a phenomenal understanding. What an amazing SOB. Just genius.

"Probably a useful feature for their customers" :D Hmmm... What kind of customers and what kind of use they had in mind, I wonder :D

Domas is The Ring Master!!

I used this information to program hello world in html

This guy was hired by Intel last year, hasn't made a lot of noise since. Everyone has their price I guess.

Your a wizard Harry! Nicely done, all of your instruction research is awesome AF.

The sad thing is all the effort companies spend trying to keep control of these products could instead be used to make them faster and cheaper.

I use this video as an ASMR to put me to sleep every single day

This guy is not a mere mortal but a God

Damn this is interesting.

Cypher sees through The Matrix

Wow Chris, you're god mode!

How's this for a knocking sequence? Poke bit 14 of MSR 26381 to 1. Poke bit 17 of MSR 1378 to 1. Poke bit 14 in MSR 26381 to 0. Poke bit 17 of MSR 1378 to zero. Load the magical value 495352414542020 into rax. Run clear decimal op three times followed by 18 nops followed by set decimal and a final clear decimal. Then you get access to two new opcodes, one is a SAVEALL instruction the other is a LOADALL. The point here is they can hide these things where we will simply never ever find them without taking the chip apart transistor for transistor. And at the same time once they have access to the instruction stream they own that box.

Not too many humans like this on the planet.

Amazing.. no other words for it

Why do all the videos of Chris Domas have such horrendous audio quality? I would love to listen to them but i get a cluster headache 5 minutes in.

This presentation was spectacular. Of course our computer systems aren't 100% secure. So if I know about the gbit, I tend to think that I could soft trap for instruction attempting to access it. Nah

Epic!!

Rosenbridge :) clever!

thats some alice in wonderland shit

Simple:you need 2752 computers and you finish in 1 day

But you do need root to set the bit ... *or do you?* _vsauce music_

lets jus t go back to the drawing board with risc-v

WHAT UP CHRISTOPHER

It's obviously not an additional core, "deeply embedded" or otherwise. Instructions get executed right in the same context as surrounding x86 insns (in the ooo core, no less!). Looks like additional logic in the instruction decoder which decodes BOUND (opcode 0x62) differently (possibly only one specific form of it, with SIB byte, maybe even only with fixed values for MODRM and SIB bytes). In his example, opcode in binary is: 62 04 05 xx xx xx xx. When additional logic is enabled, this encoding no longer does the BOUND thing, instead it executes whatever is encoded in those 32 bits of xx's.

So there could be malware running on a secret architecture build into your cpu... Well done Intel, well done.

Should be sufficient to detect that a risc instruction has been executed. Yep.

Just had a joint and that first demonstration he did made absolute no sense whatsoever.

He is God

Can someone please tell me if this guy gave a talk in 2019?

I'm an old ASM programmer from late last century; are we also stating that the architecture is of alien origin?

I have no idea what im talking about, but isnt it possible to spot a deeply embedded core by slicing the processor open and having a look at the Hardware?

Defcon; blackhat for happy people!

I supposed all these should not exists in AMD, anyone experienced before?

I thought via was dead.

How come everyone in these comments seems to know what he’s talking about while it might as well be an alien language to me.

So is anyone used the open source stuff he published...??? Wanna write an actual payload in metaspoit where I can send it to other damn ...that will be cool

skin in the game

The only vulnerability/problem Intel/Israel has with this is that someone was able to detect it. Its not like they put this in their chips by accident ffs.

Too many secrets

'so i build a tool' .. 'so i've written >name

It means that the NSA can write software to hack you - they must have forced Intel do it - that's nasty.

Only 64k views LOL

uncle ted was right

This guy is a living osrs bot

Okkkk....f***...has it been patched? It's red flag kind of thing here.Escalation to root by HW.....same as giving him the root password....only shorter.

This exact talk with the same slides were released at Black Hat 2 months ago.. Disappointing, thought this was new stuff. At least this has comments enabled.

IME