Undocumented X86 Instructions Allow Microcode Access

For an old CPU, finding all the valid instructions wasn’t very hard. You simply tried them all. Sure, really old CPUs might make it hard to tell what the instruction did, but once CPUs got illegal instruction traps, you could quickly just scan possible op codes and see what didn’t throw an exception. Modern processors, though, are quite another thing. For example, you might run a random instruction that locks up the machine or miss an instruction that would have been valid but the CPU is in the wrong mode. [Can Bölük] has a novel solution: By speculatively executing the target instruction and then monitoring the microcode sequencer, he can determine if the CPU is decoding an instruction even if it refuses to execute it.

Some unknown instructions may have power for good or evil, such as the recently announced undocumented instructions that can apparently rewrite the microcode. We expect to see a post soon on how to reprogram your Intel processor to run as a 6502 natively.

Continue reading “Undocumented X86 Instructions Allow Microcode Access”

Find Instructions Hidden In Your CPU


There was a time when owning a computer meant you probably knew most or all of the instructions it could execute. Your modern PC, though, has a lot of instructions, many of them meant for specialized operating system, encryption, or digital signal processing features.

There are known undocumented instructions in a lot of x86-class CPUs, too. What’s more, these days your x86 CPU might really be a virtual machine running on a different processor, or your CPU could have a defect or a bug. Maybe you want to run sandsifter–a program that searches for erroneous or undocumented instructions. Who knows what is lurking in your CPU?

Continue reading “Find Instructions Hidden In Your CPU”