
God Mode Unlocked – Hardware Backdoors in Via C3 CPUs (2018) [video] - MagicPropmaker
https://www.youtube.com/watch?v=_eSAF_qT_FY
======
oil25
This is about ancient VIA C3 CPUs processors - not your modern Intel/AMD. This
isn't to say backdoors are implausible on modern processors (vulnerabilities
in Intel ME/AMD PSP come to mind), but I would like to see some hard evidence
before we panic and freak out. For now, "God Mode on x86 Processors" isn't
something I will be losing sleep over, but I will cry about it into my beer
...

[https://en.wikipedia.org/wiki/VIA_C3](https://en.wikipedia.org/wiki/VIA_C3)

~~~
RachelF
and Wikipedia has an article on this VIA "Alternate Instruction Set", too:
[https://en.wikipedia.org/wiki/Alternate_Instruction_Set](https://en.wikipedia.org/wiki/Alternate_Instruction_Set)

It's still great hacking and fuzzing to find the privilege escalation
instruction.

~~~
h0l0cube
It seems the wiki article was created after the Blackhat Conference:

> 15:22, 10 August 2018‎ Sladen (talk | contribs)‎ . . (2,003 bytes) +2,003‎ .
> . (initially populate based on news reports)

[https://en.wikipedia.org/w/index.php?title=Alternate_Instruc...](https://en.wikipedia.org/w/index.php?title=Alternate_Instruction_Set&action=history)

------
PinguTS
It is a great story to tell. But actually it is a documented feature like this
datasheet from 2004 describe:
[http://datasheets.chipdb.org/VIA/Samuel2/VIA%20C3%20Samuel%2...](http://datasheets.chipdb.org/VIA/Samuel2/VIA%20C3%20Samuel%202%20Datasheet%20V1.12.pdf)

ALTINST is well known among C3 processors.

------
Karliss
Previous discussions:

[https://news.ycombinator.com/item?id=17727140](https://news.ycombinator.com/item?id=17727140)

[https://news.ycombinator.com/item?id=17735830](https://news.ycombinator.com/item?id=17735830)

------
j16sdiz
This chip is 18 years ago. It was not uncommon to ship with debug feature on
back in those days when microcode is innovative

------
dang
Url changed from [https://hackaday.com/2019/02/03/unlocking-god-mode-
on-x86-pr...](https://hackaday.com/2019/02/03/unlocking-god-mode-
on-x86-processors/), which points to this.

------
cbhl
Article is new, but the linked YouTube video dates back to Aug 28, 2018.

------
MASM32_COM
I see someone found this. kudos op. The most important takeaway from this is
the practice of instruction set walking. The method has wide utility. All
digital devices on the mobo can be probed with similar methods, this includes
but is not limited to memory controllers bus controllers harddrive
controllers, basically any embedded or integrated device. This is all about
showing you how to get your foot in the door for a wild ride into low level
hardware reversing. my favorite sport.

------
ngcc_hk
Is the minix - intel has similar hack?

------
alextooter
I guess,it's maybe because VIA's CPU is translate x86 instruction to RISC.So
there is not hide RISC core,the core is RISC core,it can be configure to x86
mode,and this guy find the hidden op code to switch the two.

------
beautifulfreak
What motivates a person to give a talk like this at Blackhat? A method to
compromise cpus by feeding them secret instructions seems like trouble the
world doesn't need. Sure, he's only focused on an outdated system, but he's
shown how to do it, and even gives away the tool. Is it like making smallpox
virus available, so it can be studied? But how can hardware designers make any
system safe from such tenacious probing? Imagine how different the world would
be if there was no threat of exploitation.

~~~
mverwijs

        > Is it like making smallpox virus available, so it can be studied? 
    

You do realize that small pox was eradicated by introducing a malign version
of small pox as a vaccine? Kinda like 'black hat medicine'.

~~~
jacobush
Did you mean chickenpox?

~~~
mverwijs
[https://en.wikipedia.org/wiki/Smallpox_vaccine](https://en.wikipedia.org/wiki/Smallpox_vaccine)

