• Stars
    star
    297
  • Rank 140,075 (Top 3 %)
  • Language
    Python
  • Created over 7 years ago
  • Updated about 6 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Microcode Updates for the USENIX 2017 paper: Reverse Engineering x86 Processor Microcode

x86 Microcode Framework and Example Programs

This repository contains the framework used during our work on reverse engineering the microcode of AMD K8 and K10 CPUs. It includes an assembler and disassembler as well as example programs implemented using these tools. We also provide our custom written minimal operating system that can rapidly apply and test microcode updates on AMD CPUs.

Disclaimer

The here provided files originated from research and are meant to be used for research purposes only. They are compiled with only partial knowledge about the microarchitecture's internals and may contain bugs as well as unintended behavior. All files are provided as is without any warranties and support. We assume no responsibility or liability for the use of them.

Background

The x86 instruction set is complex and contains many legacy instructions only kept for backward compatibility. Thus, rarely used or complex instructions are decoded in software, while performance critical instructions are handled by hardware decoders. Regardless of being decoded by hardware or software the instructions ultimately are translated to another instruction set named RISC86, which has a fixed instruction length and is suited for fast, superscalar processing. Besides software decoding microcode may be used to disable defective processor features and handle exceptions at the lowest level.

The content of this repository reflects the practical results of our research effort. Details are given in our papers:

Reverse Engineering x86 Processor Microcode published in the proceedings of the 26th USENIX Security Symposium

An Exploratory Analysis of Microcode as a Building Block for System Defenses published in the proceedings of the 25th ACM Conference on Computer and Communications Security

Structure

The folder Usenix17 contains the results of our Usenix 2017 paper, most importantly the updates and triggers for our proof-of-concepts as well as an update driver allowing arbitrary updates to be loaded on a Linux system. Further details are given in the corresponding readme file.

Our minimal operating system is contained in the folder angry_os. For details on how to build and use this system see the readme file in that folder.

The framework we used during our work is found in the folder ucodeapi. For examples on how this API is used see the example scripts provided in this folder. The API is only tested under Python 2.

The folder "case studies" contains the case studies presented in our CSS 18 paper in RTL form.

More Repositories

1

DroneSecurity

DroneSecurity (NDSS 2023)
Python
945
star
2

kAFL

Code for the USENIX 2017 paper: kAFL: Hardware-Assisted Feedback Fuzzing for OS Kernels
Python
550
star
3

redqueen

Python
339
star
4

OMEN

OMEN: Ordered Markov ENumerator - Password Guesser
C
313
star
5

syntia

Program synthesis based deobfuscation framework for the USENIX 2017 paper "Syntia: Synthesizing the Semantics of Obfuscated Code"
Python
296
star
6

mobile_sentinel

Python
187
star
7

nyx-net

Python
176
star
8

Nyx

USENIX 2021 - Nyx: Greybox Hypervisor Fuzzing using Fast Snapshots and Affine Types
C
169
star
9

ijon

C
164
star
10

GANDCTAnalysis

Code for the ICML 2020 paper: Leveraging Frequency Analysis for Deep Fake Image Recognition.
Python
161
star
11

nautilus

a grammar based feedback fuzzer
Rust
158
star
12

aurora

Usenix Security 2021 - AURORA: Statistical Crash Analysis for Automated Root Cause Explanation
Rust
146
star
13

grimoire

Python
125
star
14

loki

Hardening code obfuscation against automated attacks
Python
125
star
15

Password-Guessing-Framework

A Framework for Comparing Password Guessing Strategies
Python
120
star
16

Marx

Uncovering Class Hierarchies in C++ Programs
C++
114
star
17

antifuzz

AntiFuzz: Impeding Fuzzing Audits of Binary Executables
C
101
star
18

EthBMC

The code repository for the 2020 Usenix Security paper "EthBMC: A Bounded Model Checker for Smart Contracts"
Rust
91
star
19

WaveFake

Python
71
star
20

SiemensS7-Bootloader

Client utility for Siemens S7 bootloader special access feature
Python
55
star
21

NEMO

Modeling Password Guessability Using Markov Models
Python
54
star
22

gadget_synthesis

Esorics 2021 - Towards Automating Code-Reuse Attacks Using Synthesized Gadget Chains
Python
54
star
23

EvilCoder

Code for the paper EvilCoder: Automated Bug Insertion at ACSAC 2016
Java
42
star
24

JIT-Picker

Swift
34
star
25

cupid

Cupid: Automatic Fuzzer Selection for Collaborative Fuzzing
C
29
star
26

Probfuscator

An Obfuscation Approach using Probabilistic Control Flows
C#
28
star
27

Hypercube

NDSS 2020 - HYPER-CUBE: High-Dimensional Hypervisor Fuzzing
C
24
star
28

ijon-data

14
star
29

PrimGen

ACSAC 2018 paper: Towards Automated Generation of Exploitation Primitives for Web Browsers
HTML
13
star
30

adversarial-papers

TeX
12
star
31

DroneSecurity-Fuzzer

DroneSecurity Fuzzer (NDSS 2023)
11
star
32

dompteur

C++
10
star
33

we-value-your-privacy

Results and data from the paper "We Value Your Privacy ... Now Take Some Cookies: Measuring the GDPR’s Impact on Web Privacy"
9
star
34

VPS

VTable Pointer Separation
C++
7
star
35

APC

Android (Unlock) Pattern Classifier
Kotlin
6
star
36

WindowsVTV

MinGW for 32bit with Vtable pointer verification (VTV)
C++
6
star
37

nyx-net-profuzzbench

Shell
6
star
38

PriDi

Python
5
star
39

xTag-mtalloc

C
5
star
40

SUCI-artifacts

some PCAPs and logs
5
star
41

ASSS

Application-Specific Software Stacks
4
star
42

xTag

4
star
43

MiddleboxProtocolStudy

Auxiliary material for NDSS'20 paper: On Using Application-Layer Middlebox Protocols for Peeking Behind NAT Gateways
Python
4
star
44

Password-Strength-Meter-Accuracy

Measuring the Accuracy of Password Strength Meters
Python
3
star
45

uninformed-consent

Repo for material related to the CCS 2019 paper, "(Un)informed Consent: Studying GDPR Consent Notices in the Field"
3
star
46

be-the-phisher

Code related to the study presented in "Be the Phisher - Understanding Users’ Perception of Malicious Domains" @ AsiaCCS 2020
Jupyter Notebook
2
star
47

symtegrity

Code for the DIMVA 2018 paper "On the Weaknesses of Function Table Randomization"
2
star
48

MastersOfTime

2
star
49

libXSGS

Implementation of Delerablée and Pointcheval's eXtremely Short Group Signatures (XSGS)
Shell
2
star
50

xTag-llvm

C++
1
star
51

MachineCodeTimings

JavaScript
1
star
52

tropyhunter

TODO
Python
1
star
53

GDPR-fines

Supplemental Material for the PETS 2022 Paper "Investigating GDPR Fines in the Light of Data Flows"
Jupyter Notebook
1
star
54

GeneratedMediaSurvey

Jupyter Notebook
1
star