![[H]ard|Forum](/styles/hardforum/xenforo/logo_dark.png){kind=logo}
- Joined
- Aug 20, 2006
- Messages
- 13,000
At this week’s Black Hat conference, security researcher Christopher Domas demonstrated a so-called “God Mode” affecting certain x86 CPUs – namely, VIA’s C3 Nehemiah chips, an off-brand “military-grade” processor made in 2003. To achieve root access and the innermost ring, all the user needs to do is enter the command “.byte 0x0f, 0x3f” in Linux. Domas believes the same backdoors exist on other chipsets.
The backdoor completely breaks the protection-ring model of operating-system security, in which the OS kernel runs in ring 0, device drivers run in rings 1 and 2, and user applications and interfaces ("userland") run in ring 3, furthest from the kernel and with the least privileges. To put it simply, Domas' God Mode takes you from the outermost to the innermost ring in four bytes. "We have direct ring 3 to ring 0 hardware privilege escalation," Domas said. "This has never been done."
The backdoor completely breaks the protection-ring model of operating-system security, in which the OS kernel runs in ring 0, device drivers run in rings 1 and 2, and user applications and interfaces ("userland") run in ring 3, furthest from the kernel and with the least privileges. To put it simply, Domas' God Mode takes you from the outermost to the innermost ring in four bytes. "We have direct ring 3 to ring 0 hardware privilege escalation," Domas said. "This has never been done."
