Bakwazile ukukhipha ukhiye osetshenziswe kuma-processor we-Intel ukubethela izibuyekezo

Darkcrizt

Imizuzu ye-4

i-intel-bug

Iqembu labaphenyi bezokuphepha baseRussia likhishwe Ezinsukwini ezithile ezedlule abakhiphe ngempumelelo ukhiye oyimfihlo abasebenzisa amaprosesa Intel ukubethela izibuyekezo ngosizo lokuxhaphaza okungaba nemiphumela emikhulu endleleni ama-chip asetshenziswa ngayo futhi nokuthi avikeleka kanjani.

Ubuningi goryachy nabaphenyi UDmitry Sklyarov noMark Ermolov kusuka ku-Positive Technologies, kuxhashazwe ubungozi obubucayi ukuthi u-Ermolov noGoryachy bathola kwinjini yokuphatha ye-Intel ngo-2017.

Ngakho-ke, iphutha abalisebenzisayo livumela ukufinyelela ekulungisweni kwe-microcode, okuzosetshenziswa kamuva njengezindlela zokuvuselela ama-processor uma kwenzeka kuba sengozini noma ushintsho lwezinga eliphansi ekusebenzeni.

Isihluthulelo isetshenziselwe ukubhala ngemfihlo izibuyekezo ze-microcode inikezwe i-Intel ukulungisa ukuba sengozini kwezokuphepha nezinye izinhlobo zezimbungulu.

Nokho, ube nekhophi ebhaliwe isibuyekezo ingavumela kubaduni ukuze unjiniyela obuyela emuva futhi ufunde ngokunembile ukuthi ungasisebenzisa kanjani iphutha olilungiswa yisibuyekezo.

Ukhiye futhi ingavumela abantu besithathu ngaphandle kwe-Intel, Njengomhlaseli noma umuntu onamathuluzi noma ulwazi olufanele, sicela ubuyekeze ama-chip nge-microcode yakho (yize besho ukuthi le nguqulo yangokwezifiso ngeke isinde ekuqalisweni kabusha kohlelo).

Mayelana nesinqumo

Kwakuyiminyaka emithathu edlule lapho abacwaningi uGoryachy no-Ermolov ithole ubungozi obubucayi ku-Intel Management Engine, enenkomba njenge-Intel SA-00086, ebavumela ukuthi basebenzise noma iyiphi ikhodi abayifunayo ngaphakathi kernel encike kwi-Intel CPU.

Bayasho ukuthi,ukuthi i-Intel ikhiphe isichibi ukulungisa iphutha, isengasetshenziswa, ngoba ama-CPU angabuyiselwa kunguqulo yangaphambilini ye-firmware ngaphandle kokulungiswa.

Kodwa kwaze kwaba ezinyangeni ezimbalwa ezedlule (ekuqaleni konyaka) ukuthi iqembu labacwaningi likwazile ukusebenzisa ubungozi bathole ukuvula imodi yesevisi eyakhelwe kuma-chip Intel ebizwa nge- "Red Pill Chip" onjiniyela bayo abayisebenzisayo ukulungisa i-microcode. UGoryachy, Ermolov, noSklyarov ngokuhamba kwesikhathi baqamba ithuluzi labo lokuthola i-Chip Red Pill debugger ngokubhekisa kwi-The Matrix.

Ngokuthola enye ye-Intel's Goldmont-based CPUs kumodi ye-Chip Red Pill, abacwaningi bakwazi ukukhipha indawo ekhethekile ye-ROM ebizwa nge-MSROM (ROM Microcode Sequencer).

Khona-ke, i-reverse yenze i-microcode nangemva kwezinyanga zokuhlaziywa, bakwazile ukukhipha ukhiye we-RC4 isetshenziswe yi-Intel kunqubo yokuvuselela.

Kodwa-ke, abacwaningi abakwazanga ukuthola ukhiye wokusayina osetshenziswe yi-Intel ukufakazela ngokufihla ukuthi isibuyekezo siyiqiniso noma cha.

Basho lokho:

“Inkinga echazwe ayimeleli ukuvezwa kokuphepha kwamakhasimende, futhi asithembi ekuthothweni kolwazi olungemuva kokuvula okubomvu njengendlela yokuphepha. Ngaphezu kokuncishiswa kwe-INTEL-SA-00086, ama-OEMs alandela ukuqondiswa kokukhiqizwa kwe-Intel anciphise amandla wokuvula aqondene ne-OEM adingekayo kulolu phenyo. Ukhiye oyimfihlo osetshenziselwe ukuqinisekisa i-microcode akahlali ku-silicon, futhi umhlaseli akakwazi ukulayisha isichibi esingaqinisekisiwe kusistimu ekude '.

"Kunombono oyiphutha wokuthi ama-CPU anamuhla ikakhulukazi asethelwe ifektri futhi kwesinye isikhathi azothola izibuyekezo ezinomkhawulo we-microcode zezimbungulu ezimbi kakhulu," kusho uKenn White, umqondisi wezokuphepha komkhiqizo eMongoDB. "Kodwa inqobo nje uma lokho kuyiqiniso (futhi ngezinga elikhulu akulona lokho), kunemikhawulo embalwa kakhulu esebenzayo kulokho unjiniyela angakwenza ngezikhiye zombuso zaleyo silicon."

Kanjalo, abacwaningi bayabona futhi ulwelwesi lwesiliva. ukusizakala ngaleli phutha, njengoba kungaba yindlela yalabo abafuna ukusiphula i-CPU yabo (ngendlela efanayo nabantu abaphule i-jailbroken noma abane-root amadivayisi we-iPhone noma i-hack ye-PlayStation 3 yekhonsoli) futhi ngaleyo ndlela bakwazi ukwengeza noma vula ezinye izici, ngoba ngokwesibonelo unesethenjwa sezinhlamvu ezivinjiwe zochungechunge oluthile lwamaprosesa.

Umthombo: https://arstechnica.com


Shiya umbono wakho

Ikheli lakho le ngeke ishicilelwe. Ezidingekayo ibhalwe nge *

*

*

  1. Unomthwalo wemfanelo ngedatha: AB Internet Networks 2008 SL
  2. Inhloso yedatha: Lawula Ugaxekile, ukuphathwa kwamazwana.
  3. Ukusemthethweni: Imvume yakho
  4. Ukuxhumana kwemininingwane: Imininingwane ngeke idluliselwe kubantu besithathu ngaphandle kwesibopho esisemthethweni.
  5. Isitoreji sedatha: Idatabase ebanjwe yi-Occentus Networks (EU)
  6. Amalungelo: Nganoma yisiphi isikhathi ungakhawulela, uthole futhi ususe imininingwane yakho.

  1.   UMiguel Rodriguez kusho
    kwenza iminyaka 3

    Uma lokhu kuqhubeka, i-INTEL izongena ku-tailspin ephelele… Akekho umuntu oyofuna ukuqhubeka esebenzisa amaprosesa akhe.

    Phendula uMiguel Rodríguez