[Cryptography] God Mode backdoors

Henry Baker hbaker1 at pipeline.com
Sat Sep 1 16:59:37 EDT 2018 

At 07:09 AM 8/15/2018, Henry Baker wrote:
>At 07:52 AM 8/14/2018, Henry Baker wrote:
>>https://www.tomshardware.com/news/x86-hidden-god-mode,37582.html
>>
>>Hacker Finds Hidden 'God Mode' on Old x86 CPUs
>>by Paul Wagenseil August 9, 2018 at 5:06 PM
>>
>>---
>>Why do we even bother encrypting, when our chips are so corrupt?
>>
>>I believe that these VIA chips ended up in some military hardware,
>>and possibly in some ATM machines.
>>
>>This article strengthens my belief that *all* of our current chips
>>have hidden backdoors thanks to Uncle Sam.  No wonder China wants
>>to design & build their own chips!
>
>I think it may be *impossible* to build a large modern chip w/o
>backdoors.
>
>In order to properly *test* a large & complicated chip after it
>comes out of the fab, there needs to be various kinds of extra
>datapaths and control circuitry.
>
>For example, a large chip with a *true random number generator*
>needs to have the ability to *route data around the TRNG* to be
>able to test the various registers and datapaths.  It may also
>need to have a fair amount of *hidden state* to aid in running
>these tests.
>
>Ditto for the hardware used in *encryption instructions*.  These
>instructions are too complex to be simply tested end-to-end;
>they need to be broken down into smaller components which can
>be individually tested.  Of course, an encryption instruction
>which can be broken down into smaller components can also be
>*interrupted*, *modified*, or otherwise *hacked*.
>
>Manufacturers can claim to use irreversible techniques such
>as *fusible links* in order to *turn off* these "inadvertent
>backdoors" after successful testing, but how can we trust
>that these backdoors have been sealed, when so many existing
>vulnerabilities in shipping products (Cisco, cough, cough)
>have their testing backdoors still enabled?
>
>Far better to ship the chip to the *end user*, who can then
>run through *the same set of open sourced exhaustive tests*
>to assure himself/herself that the chip is working correctly,
>followed by a sealing of this testing backdoor himself/herself.

------------
The coolest 50-minute video talk you'll ever see!

Here's the Black Hat 2018 talk about how the God Mode backdoor
was found.  He describes searching the *entire* x86 instruction
set "space" looking for *one* new instruction!  He then reverse
engineers an entirely new 32-bit RISC architecture, which didn't
match *any* of the 30 common RISC architectures that he tried.
Luckily, it shared some registers with the x86 registers.

https://www.youtube.com/watch?v=_eSAF_qT_FY 

GOD MODE UNLOCKED - Hardware Backdoors in x86 CPUs

More information about the cryptography mailing list