STRAP IN Positive Technologies researchers Maxim Goryachy and Mark Ermolov have discovered a vulnerability that allows running unsigned code. The vulnerability can be used to activate JTAG debugging for the Intel Management Engine processor core. When combined with DCI, this allows debugging ME via USB.
Intel Management Engine is a proprietary technology that consists of a microcontroller integrated into the Platform Controller Hub (PCH) microchip with a set of built-in peripherals. The PCH carries communication between the processor and external devices; therefore, Intel ME has access to some critical data on the computer, and the ability to execute third-party code allows compromising the platform completely. Researchers have been long interested in such capabilities, but recently we have seen a surge of interest in Intel ME. Intel provides its engineers with the ability to perform ME debugging via JTAG, in addition to allowing third-party developers to debug ISH via DCI (as previously discussed by us at 33c3). Anyone could use the vulnerability we have found to activate JTAG debugging for ME. In our presentation, we will describe the built-in ME debugging mechanism and how to activate it with the help of this vulnerability.
Literally when someone gets it to run faster than microcontrolers in toasters
Parker Harris
...
Charles Murphy
>Not running old as fuck first gen i7s or AMD hardware instead.
Austin Murphy
>implying that's safe Pretty sure ME is all the way back to the Core2 era and AMD has had it for awhile now.
Jonathan Gomez
Is my Phenom safe?
Jeremiah Myers
Uhhhhhhh.... Uhhhhhhh.... Uhhhhhhh....
Julian Hall
If do you want a showman go to youtube watch some e-celebs.
Xavier Torres
>watching this on Libreboot X200
Xavier Perry
>The virgin compsec wizard vs the Chad linus tech tips.
Jason Brooks
Yes. Modern amd hardware also have the same problem though, through their psp engine (equivalent to intel me).
Jordan Nguyen
terrible speaker i can't watch this
Zachary Torres
They really should have found someone else to give this talk. He doesn't need to be a showman. He just needs to be able to talk somewhat coherently. This is really hard to follow.
Daniel Cooper
I want that cat to masterbate my tiny dick.
Mason Rogers
It's annoying to listen to, almost as much as that voice of woman which reverse-engineered tamagotchis. It isn't hard to prepare what you want to say in advance, like youtube.com/watch?v=lhbSD1Jba0Q for example.
Adrian Long
mfw trying to listen to this guy
Aiden Lee
/who/ participating in the ctf this year
Christian Collins
Too busy masturbating to milf futa doujins and shitposting on Sup Forums, but I'm watching it nonetheless. Take my energy and good luck.
Angel King
>intel system debugger is this free?
Ryan Nelson
Only if you're a manufacturer or the NSA or find it on the internet.
Owen Phillips
Video does not load famalam Chrome here
Grayson Jackson
>tfw intel killed the stream.
Jack Reed
literally watching it right now you fags use mpv or go home
Adrian Carter
>signal angel LMAO
Joshua Price
Yes. 1100T (AM3) or FX-8150 (AM3+) are pretty much the best you can get if you want pre-PSP CPU.
Joshua Cook
Was instslling libreboot hard to do on the x200? Considering buying an x200 and librebooting it during winter break. Also did you upgrade the monitor? If so I need recommendations on replacement monitors. Thanks for the reply in advance.
Ryan Bailey
what went wrong?
Thomas Morales
>exploit does not persist through restart >hackerman tries to hack your intel ME >just flip the power off then on ez
Nicholas Baker
Atleast they're good in somethings.
Nicholas Robinson
> 1100T (AM3) or FX-8150 (AM3+) are pretty much the best you can get if you want pre-PSP CPU. Or dual/quad opteron 6xxx.
Oliver Phillips
>you don't notice >hackerman steals all your loli folders >restart the PC >never notice Perfect crime
James Fisher
Jesus christ what a mouthbreather listening him to breathe out is really annoying
He should step away from the mike to breathe in
Blake Brooks
>it is feature it is not bug
Cooper Long
>it is a feature
Dylan Cooper
He can work for ubisoft now.
Carter Turner
>hurr durr java sux0rs XD
Elijah Jenkins
It was pretty easy. Used a Raspberry Pi 1 Model B and a Pomona 5252 clip to flash. The only problem I ran into was not using the correct GPIO pins on the Pi but an user helped me out.
Jason Rodriguez
>that poo in loo voice. They invaded even this conference.
>It does, you just don't have the Winshit interfacing driver. If you're connected to ethernet you're fucked. wrong no hardware installed, nor drivers missing
Isaiah Campbell
>claiming to defend AMD while not knowing what a fucking opteron is you should be ashamed
Liam Taylor
for linux
Owen Bailey
What CPU do you have?
Caleb Mitchell
>iOS kernel exploitation archaeology Do will anyone watch this one?
Lucas Young
>What CPU do you have? implying I only have one
Nathaniel Cook
Sure, but you have two of the same model, right?
Daniel Wright
BIG BOOBS
Samuel Collins
Xeon, then? You have Intel ME. If your device is newer than 2006-ish, and you don't have an Atom, it has the ME engine on the motherboard.
>Sure, but you have two of the same model, right? of course 2x E5-2699v4 ES
>Xeon, then? You have Intel ME. If your device is newer than 2006-ish, and you don't have an Atom, it has the ME engine on the motherboard. not according to the intel tool you've made me paranoid enough to email support about this
Aaron Lee
>Lets break modern binary code obfuscation
I recommend this one next.
Eli Collins
Oh shit nigga I forgot about this year's CCC
Mason Diaz
FX-8350 then
Landon Reed
It was indeed, and the question session was really embarrassing too
Levi Campbell
How about the WPA2 attack later ?
Blake Barnes
I'll be watching.
Ryder Taylor
Also recommended. It will be given by the guy that found the flaw.
Austin Sanchez
MOMMY
Luke Davis
Is he an English speaker ? don't want to feel as bad as during the IME talk :(
Jason Cox
He is dutch afaik, so his english should be gud.
Jonathan Reed
what the fuck is this
Robert Hernandez
>Not watching the godzilla shirt autist talking about code obfuscation instead.
Jayden Lee
fuck off NSA
Levi Lopez
>Knowing how to speak shouldn't be a requirement when speaking in public. It's computer virgins like you that give the field a bad rep. Whats the point in being good at something and completely deficient in literally everything else, including basic human functioning?
Connor Smith
So why is that guy wearing a girl top?
Asher Ortiz
this faggot just ruined a great presentation
Zachary Morales
...
Jonathan Hall
He's german, they are all weird dude, specially after WWII.
Michael Roberts
>you've made me paranoid enough to email support about this Did they answer? What did they tell?
Parker Nelson
...
Benjamin Thompson
i wanna lick this faggot's little anus ;-;
Nicholas Collins
That chubby german with the girl hair and top making constant weird mouth sounds like he's munching on some food. I want to hurt him.
Daniel Young
>Using trannyboot. Embarrassing.
Parker Morgan
>I want to hurt him. Hurt his ass with your penis?
Easton Reed
Only if he loses some weight and cosplays as felix. But his shoulders are too wide so he would be a hon.
Elijah Butler
GODZILLA BOY IS BACK
Dylan Cook
>girl top >washed jeans >combat boots what the fuck dude
Oliver Edwards
wtf does this mean for shitposters who just shitpost til banned on this dumb fucking board.
Lincoln Peterson
Have you already considered ceasing your mental activities?
Ian Jenkins
So can this be exploited remotely or does it have to be done locally? Also does the i7 nehalem have ME?
