Fully functional JTAG for Intel CSME via USB DCI

Intel's AMT got pwned, baby.

mobile.twitter.com/h0t_max/status/928269320064450560

Other urls found in this thread:

ptsecurity.com/upload/corporate/ww-en/analytics/Where-theres-a-JTAG-theres-a-way.pdf
blog.ptsecurity.com/2017/08/disabling-intel-me.html
en.wikipedia.org/wiki/Microcode
twitter.com/NSFWRedditGif

Wait until they found remote exploits that work on PC that are off.

They tried to tell me that I couldn't remove ME.

He's going to get assassinated.

Looking forward to running TempleOS at Ring -3

Good job. It's only a matter of time before it's fully broken.

Does that mean thet people will do the same for PSP too? All this discussion about IME but PSP gets left behind

Could someone explain this to us brainlets, please?

see

Intel (and AMD) has a tiny little thing in almost every recent processor that acts like a remote administration tool. Some sysadmins/Intel corporate/shills claim it's a great feature to monitor, upgrade and repair devices. Others claim that it's key security concern since it allows almost irrestricted access to the system and that AMT possibly was already used to sniif encryption keys and spy on user activity. This breakthrough could allow us to disable the AMT completely or at least provide us with a way to replace with a option that we can fully understand what it's doing.

Anyway, it's a good thing in general. Let's hope some bright mind does the same to the AMD's equivalent: PSP.

Sorry for my poor English.

Thank you, and your English was excellent.

>Sorry for my poor english
>Speaks better then 90% of Sup Forums - consumerisim

Cam anybody explain what it means? What's JTAG and Intel CSME?

CSME is another acronym for the Management Engine. Intel can't make up their mind what they want to call it.

>Speaks better then 90% of Sup Forums - consumerisim
>consumerisim

Funny, but I'm not a yuropoor

>better then
Then what?

one that isn't a blatant backdoor for the fbi and israel

Can Intel even do anything to fix an exploit like this?

Holy shit we could literally be seeing tens of millions of computers botnetted by malware which can't be removed except by buying entirely new hardware because Intel thought they'd be cute and clever putting a network-connected backdoors in every single one of their CPU's/Motherboards.

It could literally bankrupt them

intel powered pc's all over the world with amt enabled. banks, governments, utilities, hospitals etc

All the progress is being made on the IME, but I think once it's thoroughly penetrated and exploited, everyone's going to jump over and do the same thing to PSP.

I wonder if AMD execs are yet realizing that adding PSP was a huge mistake and they are retards for doing it.

And nobody will really care.

Now imagine if some group(s) has had access to this. Espionage nightmare. Every major corporation out there - all their internal and 'secret' data potentially available and for a decade now.

Corporations connected to these espionage groups could outright buy every secret their competitors have - business transactions, marketing, future research and development, employee poaching, etc. etc.

It's no wonder Russia is developing their own semiconductor industry. They must have realized a few years ago what was happening. Meanwhile the EU wants to ban encryption because their leaders are clueless retards. Christ, EU companies are going to end up being fleeced by literally everyone else in the world via remote corporate espionage.

based malware authors protecting our privacy.

stupid question: since the minix os in the management engine that emulates x86 can be changed now would it be possible to emulate other instruction sets like a sony playstation to improve speed in emulated games? of course linux would need to be ported to the playstation set.

Go back to your enterprise java job pajeet.

i'm not a programmer, just a tard from Sup Forums

>emulates x86
>would it be possible to emulate other instruction sets like a sony playstation
Holy fucking shit you are mentally ill.

Interesting. I think I could write a novel about this.

>stupid question:
Yeah, that is a stupid question

You dumb fucks said you wanted access.. now you got it. Enjoy what happens when you open up a hardware security platform

Actually both sides are correct.
For big corporations and shit, you can use the ME to remotely operate PCs, install upgrades, all those sheep computer shits, but as you can't fully control it, it's a NSA backdoor from hell.

The ideal scenario would be allowing the user to freely install and remove modules from the chip, and even write their own third party modules, like a hardware firewall module, or a torrent module.

where did you read that they're software emulating x86 on the ARC/SPARC ME core?
not that it matters, whether it did or not wouldn't change how easy it would be to repurpose for console emulation purposes, the existence of an unrelated cpu emulator doesn't in any way assist in making a completely different cpu emulator
the core the ME runs on is probably pretty slow compared to the main user cpu cores anyway, not much to be gained from using it at all
>of course linux would need to be ported to the playstation set.
why?
also, linux has already been ported to every playstation. heck, it was officially supported by both the ps2 and ps3

Correct ! Which will eventually come as a result.

HYPE

I think user meant to say that you mispelled than.

So will Intel have to issue a recall for all processors since the C2D or were they smart enough to hide a flag in ucode to kill the ME completely?

someone show me proof that the ME has ever been used

Does anyone know specifically which CPUs are affected by this? I heard it's any CPU after 2015.

...

>Every CPU with ME

>mfw I have AMD Ryzen which is open source and no hardware backdoor

Except the part dealing with encryption. That legally can't be open sourced. Stay delusional AMD fags, there is no escaping this.

>Except the part dealing with encryption.
esplain for brainlets

For those who are interested.
>ptsecurity.com/upload/corporate/ww-en/analytics/Where-theres-a-JTAG-theres-a-way.pdf

Your hardware still comtains an encrypted payload executed on another processor at boot. It's actually even more advanced than Intel's ME!

>It's no wonder Russia is developing their own semiconductor industry. They must have realized a few years ago what was happening.
I think they want to replace the NSA/CIA/FBI backdoors with FSO/SVR/FSB backdoors.

Ditto for the Chinese.

Well, it would be best for us to be backdoor'd by a government that has no interest in us over our own citizens.

It's worse, every Intel CPU since ~2009, AMD since ~2013.

Is the Intel i7 7500U bot netted also?

If you can get past their firewalls. Unlikely situation.

All you have to do is read the post literally right above yours, you brainlet.

The same type of back doors already exist in the firmware of commercial grade routers. Cisco just had a really big one exposed not too long ago.

Apparently the ME has a kill switch made for the NSA, because only the government has a right to privacy :^)
blog.ptsecurity.com/2017/08/disabling-intel-me.html

Bump

>implying they willingly did it
>implying they weren't gaged and forced

I can't even imagine what's going on behind the scenes in government tech agencies and corporations across the world.

The US intelligence agencies are getting tons of their work stolen and dumped online, US chip manufacturers are getting their backdoor processors cracked, every superpower is working on getting their own fabs and chips up and running.

The physical devices running the worlds infrastructure have been proven to be vulnerable to software attacks. Is someone gonna pull a trigger and cause chaos?

Chaos is a ladder.

oh user.

honestly he's not wrong

if you're just a regular joe in america you've got more reason to be afraid of your "friendly" government spying on you, than you do russians spying on you.

russians won't blackbag you in the night, won't take you in for questions, won't - etc. but your local/federal government can.

can you rewrite cpu bios through this? unlocking a i5 to a i7?

Enterprise-grade firewalls are all backdoored

Tracer Tong was right.

>Security researchers use this low-level mechanism to obtain privileged access to hardware, in order to search for malware and study undocumented hardware and driver features.

They don't come right out and say it, but it seems like a step in that direction. Especially the undocumented hardware features part.

AMT runs minix.

Sorry, I didn't read it anywhere. I had confused the mangement engine with handling processor microcode which emulates x86 according to wikipedia. I was wrong to bring it up as it is a different system to what was hacked in the thread.
en.wikipedia.org/wiki/Microcode

you were way off
it'd be pretty hardcore if someone replaced the internal risc-like x86 interpreter microcode, but i haven't heard of anyone trying to do that

Microcode is stored on a ROM, you can't rewrite it permanently. There is a small piece of SRAM that stores patches, basically diffs between the original microcode and the newest version. When you start up the computer the BIOS or OS loads the microcode patch onto the SRAM and the chip applies the patches. I don't think Intel or AMD would provide enough space to completely overwrite the original microcode though, there would be little need for that. Plus microcode patches are signed and encrypted I believe.

sounds about right

speaking of though, there does exist people doing the next best thing: emulators implemented on FPGA's

Does this mean that newer intel systems can be librebooted soon?