x86 Wizardry

5 days ago Chris Domas presentation for Black Hat USA 2017 was released. He has developed a toolkit called Sandsifter which allows the discovery of undocumented processor instructions which can be used for new research into hardware bugs, new exploit and privilege escalation methods just to scratch the surface.

Chris came onto my radar a couple of years ago when I came across his talk on the “M/o/Vfuscator”. He had come across a white paper describing the x86 Mov opcode as turing complete. From this white paper, he developed a compiler which could compile C to a series of Mov instructions, with the goal of frustrating reverse-engineering efforts.

In the same year as the M/o/Vfuscator talk, Chris also presented on the REpsych framework for using psychological warfare inspired methods to discourage reverse engineers and on a Memory Sinkhole attack to achieve System Firmware/Ring -2 System Management Mode code execution on the x86 platform.

Chris has an easy presentation style and his talks are some of the clearest I have had the opportunity to watch regarding assembly level vulnerabilities.

For those not familiar with x86 assembly, some other learning may be advisable as a primer before tackling these videos. Justin Steven’s dostackbufferoverflowgood tutorial at https://github.com/justinsteven/dostackbufferoverflowgood is a good source for anyone who has not delved into the world of machine code or stack based buffer overflows.