uCodeDisasm
By chip-red-pill
IntelTXE-PoC
Intel Management Engine JTAG Proof of Concept (by chip-red-pill)
uCodeDisasm | IntelTXE-PoC | |
---|---|---|
7 | 2 | |
338 | 136 | |
- | - | |
3.4 | 10.0 | |
4 months ago | almost 4 years ago | |
Python | Python | |
- | - |
The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
uCodeDisasm
Posts with mentions or reviews of uCodeDisasm.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2022-07-19.
- GitHub – chip-red-pill/uCodeDisasm
-
Intel Microcode Decrpyor
These researched managed to do this! (PoC). Modifying microcode is possible thanks to their previous work. By exploiting bugs in the BUP module (responsible for hardware bring-up/initialization) in the TXE firmware (Trusted Execution Engine, the Atom analogue of the Management Engine on Core/Xeon), they were able to eventually enable Intel's internal JTAG interface, also known as red unlock. This is normally disabled on production systems and requires keys from Intel to unlock it. However, a design flaw in BUP combined with code execution allowed red unlock to be enabled without Intel's keys. Red unlock is extremely powerful - not only does it let you debug the CPU core, it also lets you debug other devices and IP blocks (including TXE/ME). You can even use it to access internal microarchitectural state, including the microcode sequencer ROM. This allowed them to dump the (decrypted) microcode from a Goldmont CPU. They eventually managed to reverse engineer the micro-op format and released a microcode disassembler.
- MicrocodeDecryptor
-
Simulating the IBM 360/50 mainframe from its microcode
They're wider, but reverse engineering efforts suggest that they're actually "vertical". They only "appear" wider because, instead of multiple bytes to specify the operands, they're all encoded in the one micro-op. https://github.com/chip-red-pill/uCodeDisasm
- GitHub - chip-red-pill/uCodeDisasm - Intel Atom Goldmont microcode disassembler
- UCodeDisasm: Intel Atom Disassembler
- Microcode disassembler tool for Intel Atom Goldmont core
IntelTXE-PoC
Posts with mentions or reviews of IntelTXE-PoC.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2022-07-19.
-
Intel Microcode Decrpyor
These researched managed to do this! (PoC). Modifying microcode is possible thanks to their previous work. By exploiting bugs in the BUP module (responsible for hardware bring-up/initialization) in the TXE firmware (Trusted Execution Engine, the Atom analogue of the Management Engine on Core/Xeon), they were able to eventually enable Intel's internal JTAG interface, also known as red unlock. This is normally disabled on production systems and requires keys from Intel to unlock it. However, a design flaw in BUP combined with code execution allowed red unlock to be enabled without Intel's keys. Red unlock is extremely powerful - not only does it let you debug the CPU core, it also lets you debug other devices and IP blocks (including TXE/ME). You can even use it to access internal microarchitectural state, including the microcode sequencer ROM. This allowed them to dump the (decrypted) microcode from a Goldmont CPU. They eventually managed to reverse engineer the micro-op format and released a microcode disassembler.
- Undocumented x86 instructions to read/ write microcode
What are some alternatives?
When comparing uCodeDisasm and IntelTXE-PoC you can also consider the following projects:
Microcode - Microcode Updates for the USENIX 2017 paper: Reverse Engineering x86 Processor Microcode
crbus_scripts - IPC scripts for access to Intel CRBUS
MicrocodeDecryptor