Unlocking God Mode on x86 Processors

We missed this Blackhat talk back in August, but it’s so good we’re glad to find out about it now. [Christopher Domas] details his obsession with hidden processor instructions, and how he discovered an intentional backdoor in certain x86 processors. These processors have a secondary RISC core, and an undocumented procedure to run code on that core, bypassing the normal user/kernel separation mechanisms.

The result is that these specific processors have an intentional mechanism that allows any unprivileged user to jump directly to root level access. The most fascinating part of the talk is the methodical approach [Domas] took to discover the details of this undocumented feature. Once he had an idea of what he was looking for, he automated the process of checking every possible x86 instruction, looking for the one instruction that allowed running code on that extra core. The whole talk is entertaining and instructional, check it out after the break!

There’s a ton of research poking at the instruction level of complication processors. One of our favorites, also by [Domas], is sandsifter which searches for undocumented instructions.

Continue reading “Unlocking God Mode on x86 Processors”

Pipelining Digital Logic in FPGAs

When you first learn about digital logic, it probably seems like it is easy. You learn about AND and OR gates and figure that’s not very hard. However, going from a few basic gates to something like a CPU or another complex system is a whole different story. It is like going from “Hello World!” to writing an operating system. There’s a lot to understand before you can make that leap. In this set of articles, I want to talk about a way to organize more complex FPGA designs like CPUs using a technique called pipelining.

These days a complex digital logic system is likely to be on an FPGA. And part of the reason we can get fooled into thinking digital is simple is because of the modern FPGA tools. They hide a lot of complexity from you, which is great until they can’t do what you want and then you are stuck. A good example of that is where you are trying to hit a certain clock frequency. If you aren’t careful, you’ll get a complaint from the tool that you can’t meet timing constraints.

Continue reading “Pipelining Digital Logic in FPGAs”

8-Bit Breadboard Computer is up to 8 Hours

[Ben Eater] posted some videos of an 8-bit computer with no CPU chip that he built completely on a breadboard a few years ago. After being asked for schematics, he finally admitted that he didn’t have any. So, instead, he decided to rebuild it and keep a video log of each step in the process. You can see his kickoff video, below, but you can also find 30 more recent videos covering topics from the ALU design and troubleshooting to the decimal LED display. He even uses an Arduino to program a EEPROM that he uses to replace a lot of logic.

You probably want to wait until you have some free time as there are around eight hours of videos so far. The videos start off with a simple 555 timer and work up from there. Each piece gets a test separate from the whole, so with luck you won’t have an impossible job trying to troubleshoot the whole thing at the end.

Continue reading “8-Bit Breadboard Computer is up to 8 Hours”

Crawl, Walk, Run: Planning Your First CPU Design

I’ve worked with a lot of students who want to program computers. In particular, a lot of them want to program games. However, when they find out that after a few weeks of work they won’t be able to create the next version of Skyrim or Halo, they often get disillusioned and move on to other things. When I was a kid, if you could get a text-based Hi-Lo game running, you were a wizard, but clearly the bar is a lot higher than it used to be. Think of the “Karate Kid”–he had to do “wax on, wax off” before he could get to the cool stuff. Same goes for a lot of technical projects, programming or otherwise.

I talk to a lot of people who are interested in CPU design, and I think there’s quite a bit of the same problem here, as well. Today’s commercial CPUs are huge beasts, with sophisticated memory subsystems, instruction interpreters, and superscalar execution. That’s the Skyrim of CPU design. Maybe you should start with something simpler. Sure, you probably want to start learning Verilog or VHDL with even simpler projects. But the gulf between an FPGA PWM generator and a full-blown CPU is pretty daunting.

Continue reading “Crawl, Walk, Run: Planning Your First CPU Design”

Reverse Engineering the ARM ALU

[Dave] wanted to learn more about the ARM architecture, so he started with an image of the ARMV1 die. If you’ve had some experience looking at CPU die, you can make some pretty good guesses at what parts of the chip have certain functions. [Dave], however, went further. He reverse engineered the entire ALU–about 2,200 transistors worth.

Continue reading “Reverse Engineering the ARM ALU”

400 Transistors and 1800 Resistors Form This 1967 Personal Computer

What kind of computer could you build in 1967? Well, if you were reading Wireless World (a UK magazine) and had a good bit of spare cash, you could build [Brian Crank’s] Wireless World Computer. You only needed 400 germanium transistors, 1800 resistors, and an odd number of capacitors, switches, diodes, and neon bulbs. You also needed a good bit of patience, we suspect.

In 1967, the computer cost about 50 pounds to build (perhaps $125 at 1967 exchange rates which would now be about $900 in today’s money). To save parts (and thus money and build complexity), the computer used a trick: it processed data one bit at a time. Many older computers did this, including another UK computer named EDSAC.

Continue reading “400 Transistors and 1800 Resistors Form This 1967 Personal Computer”

Hacking a Universal Assembler

I have always laughed at people who keep multitools–those modern Swiss army knives–in their toolbox. To me, the whole premise of a multitool is that they keep me from going to the toolbox. If I’ve got time to go to the garage, I’m going to get the right tool for the job.

Not that I don’t like a good multitool. They are expedient and great to get a job done. That’s kind of the way I feel about axasm — a universal assembler I’ve been hacking together. To call it a cross assembler hack doesn’t do it justice. It is a huge and ugly hack, but it does get the job done. If I needed something serious, I’d go to the tool box and get a real assembler, but sometimes you just want to use what’s in your pocket.

Continue reading “Hacking a Universal Assembler”