
Game Over We Have Obtained Fully Functional JTAG for Intel CSME via USB DCI - panny
https://mobile.twitter.com/h0t_max/status/928269320064450560
======
hoodoof
Am I right in understanding that ALL Intel based computers are now a huge
security risk?

It's really puzzling that Intel would risk the entire company to include
features like this. Even if the NSA said "we demand it", surely this is
possibly the end of Intel being a trustable computing platform?

The deeper question being, how can any cloud based program know that it is
running on a computer safe from such snooping? Is there any possible way or do
we just need to give up on that idea forever and assume that what runs on
someone elses computer might be monitored and nothing can be done about it.

~~~
brians
No. Apple, and perhaps other manufacturers, insist it not be there.

~~~
e12e
Are you saying that the only, readily available, modern x86_64 system without
this crap (or AMD equivalent - _or_ Apple equivalent) is a mac?

Any sources for IME being completely disabled / not present on macs?

~~~
comex
It's not disabled.

------
spchampion2
My experience with JTAG (and it's been a little while since I've used it) is
that the device clock must be stopped before you can read the instrumented
flip-flops. This is because they're serialized together, meaning you shift
them out of the device one at a time using a special JTAG clock signal. You
can use JTAG to essentially get a view of the device's state at the moment you
stop the clock, but if you keep the clock running you get a trashed device
state as you shift the flop values through the serialized chain. (You can also
shift values back in and restart the clock, but this may or may not work
depending on how many flops you can access via the JTAG chain.)

In other words, I'm not sure how you can use this to modify running devices
without being able to stop the clock first. Is this something that JTAG
supports now?

~~~
ericseppanen
It's common to be able to run a remote debugger via JTAG, allowing the system
to run normally, set breakpoints, examine memory, etc.

Even though it's run over the same wires, it's a separate protocol from the
hardware JTAG probe you describe.

------
vermaden
I expect a message from Intel that it was bad idea to place ME in the CPU and
that in the future Intel would not do such things ... but that would be only a
PR bullshit.

First thing Intel would do is to implement/create new ME-like thing, maybe on
other arch like ARK before and hide it little more.

Then finally someone would find it anyway in a few years and let others know
about it ...

"History does not repeat itself, but it rhymes."

------
tux1968
Found this older article informative as background :

[https://www.digitaltrends.com/computing/intel-kaby-lake-
skyl...](https://www.digitaltrends.com/computing/intel-kaby-lake-skylake-pcs-
hackable-usb-jtag/)

~~~
anitil
Because it took a while to find - here is the actual talk they are referring
to :
[https://media.ccc.de/v/33c3-8069-tapping_into_the_core](https://media.ccc.de/v/33c3-8069-tapping_into_the_core)

------
hoodoof
Can anyone explain what this means?

~~~
tty7
JTAG is used as a debug interface, so the implication is that full access to
intels AMT (where minix3 is said to be running) has been achieved

~~~
hoodoof
Can you explain what _this_ means?

~~~
SAI_Peregrinus
Full control over the Intel backdoor / remote administration engine that's on
all their modern CPUs. (It may not be an intentional backdoor, but it's
certainly looking as if it's been usable as one by intelligence agencies.)

~~~
hoodoof
OK so the implication being that with this thing found, someone could make a
USB device that when plugged into an intel machine immediately gets control?

~~~
Someone
Reading
[http://www2.lauterbach.com/pdf/dci_intel_user.pdf](http://www2.lauterbach.com/pdf/dci_intel_user.pdf),
there are two ways to debug over that connector; one using the USB protocol
and the other using a proprietary protocol. If this uses the latter, that
device, technically, wouldn’t have to be a USB device (but of course, it could
still masquerade as one)

That PDF also says your BIOS must support this kind of debugging, and, for the
‘OOB’ protocol, your hardware must support it. So, your BIOS may be
configurable to make this attack impossible, and your hardware may already be
protected against it.

~~~
baybal2
Then you simply have to replace the bios with one that has USB debugging
enabled. Or change registers on a working machine

~~~
Someone
‘Simply’ may mean entering, possibly cracking, the BIOS password (hm, are
there BIOSes that use two-factor authentication?). It also means you can’t
simply plug in a USB device.

~~~
baybal2
i mean to resolder the flash chip that holds it

------
kbart
I hope somebody dumps all the code from CSME and reverse engineers it to a
higher level language next. I'm sure few more surprises can be expected to be
found.

------
m0d0nne11
A single screenshot with no accompanying explanation? Is there a clearer
indicaton of contempt for the readers?

~~~
nolok
It's a very common way for such "hacking" events. Finally getting through
PlayStation X, iPhone Y or whatever security is often shown through a screen
shot like this. Proper explanation and details come later.

------
snake_plissken
Regarding Intel ME/AMT: how does it work when the computer is powered off? On
a wired network, I imagine some system which stores the nearest switch's port
connected to that machine, and you could send some sort of signal which powers
things up. But even that seems, impossible? I guess it's not unlike hitting
the power button; you're just sending an electrical signal to the computer
which makes it start. The path of that signal is unimportant.

~~~
dfox
Regardless of AMT there is standard protocol to remotely wake computers over
ethernet (since mid-90's or so). NIC that supports it can be powered from 5Vsb
and in that mode listens for specially formatted ethernet frame (format is
somewhat configurable, but by default it consists of several repetitions of
NIC's MAC in payload, actual destination MAC is unimportant as long as the
frame passes through configured receive filters) which causes it to pull down
wire going into motherboard's power management logic (and thus causing the
same thing as pressing power button). This usually has to be enabled by BIOS
and thus does not work in S0 (as is the case for almost all wakeup sources
except physical power button, which is usually wired such that it
unconditionally shorts PSU's PS_ON wire to ground and does not need any
software configuration to cause wakeup). Probably all onboard NICs support
this and for PCI cards this requires additional cable between NIC and
motherboard, PCIe includes required wires as pins B10 and B11 (with 3.3V
instead of 5V and with active detection that inserted card is actually capable
of generating wakeup events).

If I correctly understand how AMT works then it implements it's own mechanism
with similar purpose inside ME firmware, which with AMT enabled remains active
even in S5.

------
codedokode
If anyone is interested, there is an article about this in russian (Google-
translated):
[https://translate.google.com/translate?sl=ru&tl=en&js=y&prev...](https://translate.google.com/translate?sl=ru&tl=en&js=y&prev=_t&hl=ru&ie=UTF-8&u=https%3A%2F%2Fm.habrahabr.ru%2Fcompany%2Fpt%2Fblog%2F341946%2F&edit-
text=)

The article doesn't have many details though.

------
pedro84
blog post with more details from the tweet's author:
[http://blog.ptsecurity.com/2017/10/how-to-obtaining-full-
sys...](http://blog.ptsecurity.com/2017/10/how-to-obtaining-full-system-
access-via.html)

------
frabbit
This should be good for the TalosII workstation orders:
[https://secure.raptorcs.com/content/TL2WK2/purchase.html](https://secure.raptorcs.com/content/TL2WK2/purchase.html)

------
vsviridov
I wonder if it'll work over WebUSB...

~~~
exikyut
No, that's the host side of the equation, and I don't think WebUSB will ever
do Gadget emulation.

I can see use-cases for it, but good luck convincing the W3C.

------
mkempe
Worse than rooting the computer. A JTAG debugger has chipset-level access to a
system. Likely that nothing is detected in the operating system.

Intel has put CSME and DCI in all (?) their chips since 2015. Skylake was
announced in 2014, launched in 2015.

------
monochromatic
Good. Maybe results like this will increase the pressure on Intel to make this
garbage disableable.

------
gcb0
which acces does it have? is it a tty to minix with root login? or did intel
at least protected it for whichever is the agency that requested that with a
"zero day" local privileged escalation? ;)

~~~
rurban
We see full read access to the hidden and protected 0xf008 pages, so you can
dump the kernel and all running minix processes. The kernel is not
interesting, but the processes are.

