All the modern Intel CPUs have RISC-core inside the chip. The core implements abstraction layer that interprets user-visible instruction set to invisible hardware-internal RISC instructions. RISC core has maximum privileges accessing the data. The microcode program is built into chip, but the OS and UEFI may apply some patches – microcode updates. Unfortunately, they are encrypted and there is poor public information on how it is working. Due to this, there are no public researchers about internal structure of Intel CPU microcode. Now we found the way that you can use to get an access to it on public-available platform. In our talk, we are going to describe the structure of microcode for the Intel Atom platform, how our proof of concept works and hijacking user-visible x86 instruction. We will describe the approach how we did reverse engineering of microcode format and internal microarchitecture of Intel Atom.
↳ How we Achieved the Arbitrary [micro]Code Execution inside Intel Atom CPUs