Tapping into the core

Presented at 33C3 (2016), Dec. 28, 2016, 1 p.m. (30 minutes)

Engaging universally available deep debug functionality of modern Intel cores, with zero software or hardware modifications required on the target side. Our research team at Positive Technologies has discovered a way to engage the advanced debug machinery on modern Intel cores. This advanced machinery can be employed to exercise deep control of the running system across all execution modes using merely a USB port connection, with zero software or hardware modifications required on the target side. It goes without saying that such functionality carries profound security implications.

Presenters:

  • Mark Ermolov
    I'am a system programmer that is intrested in security aspects of hardware, firmware, and low-level system sofware (bare-metal hypervisors, OSes cores, device drivers). I'am working in company Positive Technologies in Moscow at mentioned position. I've had talks at russian security conferences PHDays and ZeroNigths. One of the my previouse researches was about internal structure of Microsoft PathGuard and ways to compromise it. Another my most recent reserach was about how to disable Intel Management Engine. My professional intrestings also include virtualization technologies, low level GPU programming, reverse engineering of firmwares and device drivers. With Maxim Goryachy I have prepared to talk about Intel DCI - most recent and intriguing technology to organize low cost hardware JTAG debuging of latest Intel processors.
  • Maxim Goryachy

Links: