Sandsifter software finds hidden instructions inside processors.
skybuck2000 at hotmail.com
skybuck2000 at hotmail.com
Mon Oct 23 19:22:15 EDT 2017
Idea of this software is basically:
Generate random bytes and feed them to processor.
Observe result of processor if good or bad (error codes).
If good check docs.
If bad adjust and retry.
Somebody wrote a nice short explanation of what SandSifter does to give you an idea (it's a new algorithm to find undocumented instructions fast !):
It's guessing possible X86 instructions by exploiting the Instruction Decoder via the (PF) Page Fault result code. Effectively splitting an instruction across two pages and only having one page of it executable. When the decoder fetches the instruction it notices that it's incomplete, attempts to fetch the next part that is on a new non-executable page. The decoder then throws a page fault since it's not executable. So it moves the entire instruction one to the left and tries again with various combinations until it doesn't get a page fault at which point it executes it.
And thus it attempts to 'tunnel' through every possible instruction. That's the general very simplified explanation.
Bye,
Skybuck.
More information about the Python-list
mailing list