• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

CTS-Labs Responds to a TechPowerUp Technical Questionnaire

Joined
Jun 23, 2016
Messages
74 (0.02/day)
Processors have microcode. Chipsets don't. And hardcoded backdoors are very different from spectre.
Are you saying the PSP (which is a processor) can't receive microcode updates? The majority of the exploits pertain to the PSP. It was only the ASMedia chipset that was said to have a hardware backdoor. No information given indicates the PSP is unpatchable.
 
Joined
Mar 10, 2010
Messages
11,878 (2.20/day)
Location
Manchester uk
System Name RyzenGtEvo/ Asus strix scar II
Processor Amd R5 5900X/ Intel 8750H
Motherboard Crosshair hero8 impact/Asus
Cooling 360EK extreme rad+ 360$EK slim all push, cpu ek suprim Gpu full cover all EK
Memory Corsair Vengeance Rgb pro 3600cas14 16Gb in four sticks./16Gb/16GB
Video Card(s) Powercolour RX7900XT Reference/Rtx 2060
Storage Silicon power 2TB nvme/8Tb external/1Tb samsung Evo nvme 2Tb sata ssd/1Tb nvme
Display(s) Samsung UAE28"850R 4k freesync.dell shiter
Case Lianli 011 dynamic/strix scar2
Audio Device(s) Xfi creative 7.1 on board ,Yamaha dts av setup, corsair void pro headset
Power Supply corsair 1200Hxi/Asus stock
Mouse Roccat Kova/ Logitech G wireless
Keyboard Roccat Aimo 120
VR HMD Oculus rift
Software Win 10 Pro
Benchmark Scores 8726 vega 3dmark timespy/ laptop Timespy 6506
Great work getting such direct info from Cts but I prefer anandtechs interview tbh, harsher questions were asked in the right way, the issues as seen cannot possibly be Just Amds issue ,as they(Cts though veiled) admit many intel systems incorporated asmedia controllers(the right type) and they too are susceptible,

However CTS labs have not looked into this being a attack vector for intel in any way yet say it's just AMD, seams lame on a lot of fronts still.

But I would obviously like to hear Amds take , not even slightly concerned at this point, oh nose , just remembered asmedia controllers are also frequently on Amd Fx motherboards, the holes are everywhere doh.
 
Joined
Aug 20, 2007
Messages
21,539 (3.40/day)
System Name Pioneer
Processor Ryzen R9 9950X
Motherboard GIGABYTE Aorus Elite X670 AX
Cooling Noctua NH-D15 + A whole lotta Sunon and Corsair Maglev blower fans...
Memory 64GB (4x 16GB) G.Skill Flare X5 @ DDR5-6000 CL30
Video Card(s) XFX RX 7900 XTX Speedster Merc 310
Storage Intel 905p Optane 960GB boot, +2x Crucial P5 Plus 2TB PCIe 4.0 NVMe SSDs
Display(s) 55" LG 55" B9 OLED 4K Display
Case Thermaltake Core X31
Audio Device(s) TOSLINK->Schiit Modi MB->Asgard 2 DAC Amp->AKG Pro K712 Headphones or HDMI->B9 OLED
Power Supply FSP Hydro Ti Pro 850W
Mouse Logitech G305 Lightspeed Wireless
Keyboard WASD Code v3 with Cherry Green keyswitches + PBT DS keycaps
Software Gentoo Linux x64 / Windows 11 Enterprise IoT 2024
Are you saying the PSP (which is a processor) can't receive microcode updates? The majority of the exploits pertain to the PSP. It was only the ASMedia chipset that was said to have a hardware backdoor. No information given indicates the PSP is unpatchable.

The part you quoted (and I responded to) referencing the ASIC only pertains to the chipset, so I am unsure why you are bringing the PSP into this at all. The chipset is the only area in which hardcoded backdoors apply. The PSP exploits are different. The PSP can be patched and they admitted that if you read.

People need to stop blindly thanking people who clearly don't even understand what's going on here.
 
Joined
Mar 10, 2010
Messages
11,878 (2.20/day)
Location
Manchester uk
System Name RyzenGtEvo/ Asus strix scar II
Processor Amd R5 5900X/ Intel 8750H
Motherboard Crosshair hero8 impact/Asus
Cooling 360EK extreme rad+ 360$EK slim all push, cpu ek suprim Gpu full cover all EK
Memory Corsair Vengeance Rgb pro 3600cas14 16Gb in four sticks./16Gb/16GB
Video Card(s) Powercolour RX7900XT Reference/Rtx 2060
Storage Silicon power 2TB nvme/8Tb external/1Tb samsung Evo nvme 2Tb sata ssd/1Tb nvme
Display(s) Samsung UAE28"850R 4k freesync.dell shiter
Case Lianli 011 dynamic/strix scar2
Audio Device(s) Xfi creative 7.1 on board ,Yamaha dts av setup, corsair void pro headset
Power Supply corsair 1200Hxi/Asus stock
Mouse Roccat Kova/ Logitech G wireless
Keyboard Roccat Aimo 120
VR HMD Oculus rift
Software Win 10 Pro
Benchmark Scores 8726 vega 3dmark timespy/ laptop Timespy 6506
The part you quoted (and I responded to) referencing the ASIC only pertains to the chipset, so I am unsure why you are bringing the PSP into this at all. The chipset is the only area in which hardcoded backdoors apply. The PSP exploits are different. The PSP can be patched and they admitted that if you read.

People need to stop blindly thanking people who clearly don't even understand what's going on here.
The clarity you have provided is worthy of thanks since the debate between you has ended up clearing a point up others might be unsure of but if it erks what can I do.
 

bug

Joined
May 22, 2015
Messages
13,842 (3.95/day)
Processor Intel i5-12600k
Motherboard Asus H670 TUF
Cooling Arctic Freezer 34
Memory 2x16GB DDR4 3600 G.Skill Ripjaws V
Video Card(s) EVGA GTX 1060 SC
Storage 500GB Samsung 970 EVO, 500GB Samsung 850 EVO, 1TB Crucial MX300 and 2TB Crucial MX500
Display(s) Dell U3219Q + HP ZR24w
Case Raijintek Thetis
Audio Device(s) Audioquest Dragonfly Red :D
Power Supply Seasonic 620W M12
Mouse Logitech G502 Proteus Core
Keyboard G.Skill KM780R
Software Arch Linux + Win10
Or, as was already mentioned in some articles (TPU included - I believe I posted it here as well in one of the threads), that 3rd party verification took ToB 4-5 days. If AMD was notified on Tuesday, this would be the 4th day. I wouldn't expect anything until Monday.


I gotta say though the delivery was quite possibly the worst ever, my focus is on the vulnerabilities...regardless if they are fairly innocuous to us as end users (cloud providers on the other hand...).

Spot on. Unfortunately, so far this seems to go as badly as possible for AMD (i.e. lousy disclosure, real vulnerabilities).
 

W1zzard

Administrator
Staff member
Joined
May 14, 2004
Messages
27,960 (3.71/day)
Processor Ryzen 7 5700X
Memory 48 GB
Video Card(s) RTX 4080
Storage 2x HDD RAID 1, 3x M.2 NVMe
Display(s) 30" 2560x1600 + 19" 1280x1024
Software Windows 10 64-bit
So they don't know how processors have been patched previously? The recent industry-wide Spectre patches escaped their notice?
The chipset has certain functionality (including a backdoor) implemented in physical circuitry, which is fixed and can not be modified, so unpatchable. The other vulnerability in the chipset _firmware_ (which is software), is patchable.
 
Joined
Mar 7, 2010
Messages
993 (0.18/day)
Location
Michigan
System Name Daves
Processor AMD Ryzen 3900x
Motherboard AsRock X570 Taichi
Cooling Enermax LIQMAX III 360
Memory 32 GiG Team Group B Die 3600
Video Card(s) Powercolor 5700 xt Red Devil
Storage Crucial MX 500 SSD and Intel P660 NVME 2TB for games
Display(s) Acer 144htz 27in. 2560x1440
Case Phanteks P600S
Audio Device(s) N/A
Power Supply Corsair RM 750
Mouse EVGA
Keyboard Corsair Strafe
Software Windows 10 Pro
Acknowledged all AsMedia based USB chipsets are vulnerable, yet still targeting just one specific company. If there is any concern it should be Intel MoBo which has way higher market share and they got 0 mention. Fishy AF.

CTS can spin this whatever they want. At least this end user is not buying into their BS.

Security experts, including Linus, weighs in on the situation after thr anandtech phone call.

https://www.realworldtech.com/forum/?threadid=175139&curpostid=175169


Lets see what they say after TPU phone call

Totally agree, they pretty much have ZERO credibility with "most" people.. I guess only AMD uses AsMedia:/
 
Joined
Apr 30, 2011
Messages
2,714 (0.54/day)
Location
Greece
Processor AMD Ryzen 5 5600@80W
Motherboard MSI B550 Tomahawk
Cooling ZALMAN CNPS9X OPTIMA
Memory 2*8GB PATRIOT PVS416G400C9K@3733MT_C16
Video Card(s) Sapphire Radeon RX 6750 XT Pulse 12GB
Storage Sandisk SSD 128GB, Kingston A2000 NVMe 1TB, Samsung F1 1TB, WD Black 10TB
Display(s) AOC 27G2U/BK IPS 144Hz
Case SHARKOON M25-W 7.1 BLACK
Audio Device(s) Realtek 7.1 onboard
Power Supply Seasonic Core GC 500W
Mouse Sharkoon SHARK Force Black
Keyboard Trust GXT280
Software Win 7 Ultimate 64bit/Win 10 pro 64bit/Manjaro Linux
Since they found the AsMedia bug but ignored the effect for Intel systems running on this chipset and named the website AMDFlaws.com, there is no doubt at all for me that they just attacked AMD in purpose instead of trying to help computer security in general as any security company should do. Their motives are mystery for now but they (the guys behind that job I mean) are flawed as professionals themselves for sure...
 

bug

Joined
May 22, 2015
Messages
13,842 (3.95/day)
Processor Intel i5-12600k
Motherboard Asus H670 TUF
Cooling Arctic Freezer 34
Memory 2x16GB DDR4 3600 G.Skill Ripjaws V
Video Card(s) EVGA GTX 1060 SC
Storage 500GB Samsung 970 EVO, 500GB Samsung 850 EVO, 1TB Crucial MX300 and 2TB Crucial MX500
Display(s) Dell U3219Q + HP ZR24w
Case Raijintek Thetis
Audio Device(s) Audioquest Dragonfly Red :D
Power Supply Seasonic 620W M12
Mouse Logitech G502 Proteus Core
Keyboard G.Skill KM780R
Software Arch Linux + Win10
Totally agree, they pretty much have ZERO credibility with "most" people.. I guess only AMD uses AsMedia:/
What's with people obsession with CTS Labs' credibility? We already established they're a no-name that handled this as badly as possible. Thus, next to zero credibility.
But if a convict is telling me the person next to in me in a bus is picking my pocket, I'd be concerned about my pocket first and then with the convict's rap sheet.

So far, the news is every party they've contacted so far was able to confirm their findings. Save for AMD.
 
Joined
May 6, 2012
Messages
184 (0.04/day)
Location
Estonia
System Name Steamy
Processor Ryzen 7 2700X
Motherboard Asrock AB350M-Pro4
Cooling Wraith Prism
Memory 2x8GB HX429C15PB3AK2/16
Video Card(s) R9 290X WC
Storage 960Evo 500GB nvme
Case Fractal Design Define Mini C
Power Supply Seasonic SS-660XP2
Software Windows 10 Pro
Benchmark Scores http://hwbot.org/user/kinski/ http://valid.x86.fr/qfxqhj https://goo.gl/uWkw7n
The chipset has certain functionality (including a backdoor) implemented in physical circuitry, which is fixed and can not be modified, so unpatchable. The other vulnerability in the chipset _firmware_ (which is software), is patchable.

It's just what they are saying, though? I see no proof, just a lot of hot air from CTSlabs.

edit: also, if they want to see how AMD is "unable" to fix issues then perhaps you can point them towards latest example that i know of, which is a fix for, well-well AMD-PSP :rolleyes:
http://seclists.org/fulldisclosure/2018/Jan/12

(hmm, perhaps they even acknowledge this specific issue as known to them, as per AT interview, but they have not followed up on its fix status https://www.anandtech.com/show/12536/our-interesting-call-with-cts-labs "In fact the one vulnerability that came out with AMD that was a lower level vulnerability that came out about 3 months ago and I believe they still have not come out with a patch. And now we are talking about 13 of them." )
 
Last edited:
Joined
Apr 30, 2012
Messages
3,881 (0.84/day)
Last edited:
Joined
Apr 12, 2013
Messages
1,192 (0.28/day)
Processor 11700
Motherboard TUF z590
Memory G.Skill 32gb 3600mhz
Video Card(s) ROG Vega 56
Case Deepcool
Power Supply RM 850
"We had no past experience"

orig.gif
 
Joined
Sep 6, 2013
Messages
3,391 (0.82/day)
Location
Athens, Greece
System Name 3 desktop systems: Gaming / Internet / HTPC
Processor Ryzen 5 7600 / Ryzen 5 4600G / Ryzen 5 5500
Motherboard X670E Gaming Plus WiFi / MSI X470 Gaming Plus Max (1) / MSI X470 Gaming Plus Max (2)
Cooling Aigo ICE 400SE / Segotep T4 / Îťoctua U12S
Memory Kingston FURY Beast 32GB DDR5 6000 / 16GB JUHOR / 32GB G.Skill RIPJAWS 3600 + Aegis 3200
Video Card(s) ASRock RX 6600 + GT 710 (PhysX) / Vega 7 integrated / Radeon RX 580
Storage NVMes, ONLY NVMes / NVMes, SATA Storage / NVMe, SATA, external storage
Display(s) Philips 43PUS8857/12 UHD TV (120Hz, HDR, FreeSync Premium) / 19'' HP monitor + BlitzWolf BW-V5
Case Sharkoon Rebel 12 / CoolerMaster Elite 361 / Xigmatek Midguard
Audio Device(s) onboard
Power Supply Chieftec 850W / Silver Power 400W / Sharkoon 650W
Mouse CoolerMaster Devastator III Plus / CoolerMaster Devastator / Logitech
Keyboard CoolerMaster Devastator III Plus / CoolerMaster Devastator / Logitech
Software Windows 10 / Windows 10&Windows 11 / Windows 10
Those guys knew about ASMedia problems for 6 years? But didn't informed anybody? Maybe they where cashing out that knowledge all this time. Then probably someone came and convince them to use this information as part of a huge campaign against AMD, to make a quick and much bigger financial gain. TPU should have pressed them more in the "Why haven't you disclosed those ASMedia vulnerabilities to the public sooner, as you did with AMD? Why did you associated the ASMedia problems with AMD, considering that you confirm that the problem exists on Intel motherboards too?" part. But I guess those guys set certain parameters before accepting to answer that phone call.
 
Joined
May 6, 2012
Messages
184 (0.04/day)
Location
Estonia
System Name Steamy
Processor Ryzen 7 2700X
Motherboard Asrock AB350M-Pro4
Cooling Wraith Prism
Memory 2x8GB HX429C15PB3AK2/16
Video Card(s) R9 290X WC
Storage 960Evo 500GB nvme
Case Fractal Design Define Mini C
Power Supply Seasonic SS-660XP2
Software Windows 10 Pro
Benchmark Scores http://hwbot.org/user/kinski/ http://valid.x86.fr/qfxqhj https://goo.gl/uWkw7n
If i were to hazard a guess then these guys have inside info from previous employer, who wont be very happy with them going after a quick buck.

Unit 8200, i mean.
 

Aquinus

Resident Wat-man
Joined
Jan 28, 2012
Messages
13,171 (2.80/day)
Location
Concord, NH, USA
System Name Apollo
Processor Intel Core i9 9880H
Motherboard Some proprietary Apple thing.
Memory 64GB DDR4-2667
Video Card(s) AMD Radeon Pro 5600M, 8GB HBM2
Storage 1TB Apple NVMe, 4TB External
Display(s) Laptop @ 3072x1920 + 2x LG 5k Ultrafine TB3 displays
Case MacBook Pro (16", 2019)
Audio Device(s) AirPods Pro, Sennheiser HD 380s w/ FIIO Alpen 2, or Logitech 2.1 Speakers
Power Supply 96w Power Adapter
Mouse Logitech MX Master 3
Keyboard Logitech G915, GL Clicky
Software MacOS 12.1
TPU: How do you respond to people saying that once an attacker has administrative access, you are f'd anyway? How are the attacks you uncovered more severe?
CTS: This is misleading and incorrect. Attackers think of machines not as individual nodes but as part of a network. Gaining local administrative access on a compromised computer inside an organization is easy for attackers. The challenge is moving laterally from there to other machines, and maintaining access for the future. That is exactly what these vulnerabilities provide.
I'm confused by this answer. If you have admin access on a box, you already have access to the network through that box but, these vulnerabilities don't get you access to other boxes. It's more like digging your feet into the box you've already compromised. This sounds like a non-answer. If anything it can keep a machine infected but, it doesn't help you get into other machines on a network.
 
Joined
May 6, 2012
Messages
184 (0.04/day)
Location
Estonia
System Name Steamy
Processor Ryzen 7 2700X
Motherboard Asrock AB350M-Pro4
Cooling Wraith Prism
Memory 2x8GB HX429C15PB3AK2/16
Video Card(s) R9 290X WC
Storage 960Evo 500GB nvme
Case Fractal Design Define Mini C
Power Supply Seasonic SS-660XP2
Software Windows 10 Pro
Benchmark Scores http://hwbot.org/user/kinski/ http://valid.x86.fr/qfxqhj https://goo.gl/uWkw7n
Joined
Sep 6, 2013
Messages
3,391 (0.82/day)
Location
Athens, Greece
System Name 3 desktop systems: Gaming / Internet / HTPC
Processor Ryzen 5 7600 / Ryzen 5 4600G / Ryzen 5 5500
Motherboard X670E Gaming Plus WiFi / MSI X470 Gaming Plus Max (1) / MSI X470 Gaming Plus Max (2)
Cooling Aigo ICE 400SE / Segotep T4 / Îťoctua U12S
Memory Kingston FURY Beast 32GB DDR5 6000 / 16GB JUHOR / 32GB G.Skill RIPJAWS 3600 + Aegis 3200
Video Card(s) ASRock RX 6600 + GT 710 (PhysX) / Vega 7 integrated / Radeon RX 580
Storage NVMes, ONLY NVMes / NVMes, SATA Storage / NVMe, SATA, external storage
Display(s) Philips 43PUS8857/12 UHD TV (120Hz, HDR, FreeSync Premium) / 19'' HP monitor + BlitzWolf BW-V5
Case Sharkoon Rebel 12 / CoolerMaster Elite 361 / Xigmatek Midguard
Audio Device(s) onboard
Power Supply Chieftec 850W / Silver Power 400W / Sharkoon 650W
Mouse CoolerMaster Devastator III Plus / CoolerMaster Devastator / Logitech
Keyboard CoolerMaster Devastator III Plus / CoolerMaster Devastator / Logitech
Software Windows 10 / Windows 10&Windows 11 / Windows 10
I'm confused by this answer. If you have admin access on a box, you already have access to the network through that box but, these vulnerabilities don't get you access to other boxes. It's more like digging your feet into the box you've already compromised. This sounds like a non-answer. If anything it can keep a machine infected but, it doesn't help you get into other machines on a network.

That's another part I have a problem to believe. I mean, who pays for a network of 1000 PCs, for example, if one PC that's get infected with malware, is enough to bring down the whole system? I think this is deliberate and tries to scare admins to not replace an older Intel system with a modern AMD one. "If you buy EVEN ONE new Ryzen/Epyc system, and put it in the same network with the 999 secure Intel PCs, then ALL PCs are in danger".

For people who say that they don't have much experience communicating their findings to the public, they do have a hell of a great experience in destroying someone's reputation and making it sure that everyone will avoid that someone's products at all costs. Not avoid investing a great deal of money buying many of those products, but even avoiding the minimum investment that is needed to buy just one of those products.
 

rtwjunkie

PC Gaming Enthusiast
Supporter
Joined
Jul 25, 2008
Messages
14,018 (2.34/day)
Location
Louisiana
Processor Core i9-9900k
Motherboard ASRock Z390 Phantom Gaming 6
Cooling All air: 2x140mm Fractal exhaust; 3x 140mm Cougar Intake; Enermax ETS-T50 Black CPU cooler
Memory 32GB (2x16) Mushkin Redline DDR-4 3200
Video Card(s) ASUS RTX 4070 Ti Super OC 16GB
Storage 1x 1TB MX500 (OS); 2x 6TB WD Black; 1x 2TB MX500; 1x 1TB BX500 SSD; 1x 6TB WD Blue storage (eSATA)
Display(s) Infievo 27" 165Hz @ 2560 x 1440
Case Fractal Design Define R4 Black -windowed
Audio Device(s) Soundblaster Z
Power Supply Seasonic Focus GX-1000 Gold
Mouse Coolermaster Sentinel III (large palm grip!)
Keyboard Logitech G610 Orion mechanical (Cherry Brown switches)
Software Windows 10 Pro 64-bit (Start10 & Fences 3.0 installed)
I just want to say thanks for the TPU follow-up which was done. The questions were technical in nature, but non-technical enough that most of the public could understand. It went a long way to making some sense of the debacle they created. It still leaves a lot to be answered, and I look forward to AMD's digestion of this.
 
Joined
Apr 30, 2006
Messages
1,181 (0.17/day)
Processor 7900
Motherboard Rampage Apex
Cooling H115i
Memory 64GB TridentZ 3200 14-14-14-34-1T
Video Card(s) Fury X
Case Corsair 740
Audio Device(s) 8ch LPCM via HDMI to Yamaha Z7 Receiver
Power Supply Corsair AX860
Mouse G903
Keyboard G810
Software 8.1 x64
Acknowledged all AsMedia based USB chipsets are vulnerable, yet still targeting just one specific company. If there is any concern it should be Intel MoBo which has way higher market share and they got 0 mention. Fishy AF.
I guess only AMD uses AsMedia:/
Since they found the AsMedia bug but ignored the effect for Intel systems running on this chipset

Intel chipsets don't have any AsMedia vulnerabilities!

But some motherboards manufacturers add an AsMedia chip to their intel platform boards but you cant blame intel for that. Blame falls on AsMedia and the motherboard manufacturer.

Whereas AMD is being targeted because AMD's chipset has the Asmedia hardware built in, so some blame does fall on AMD for the AsMedia vulnerabilities built in to their chipset.

Yup, Just checked my old Asus SaberTooth Z77, has ASMedia 1042.

Asus is to blame for that as they added the Asmedia chip to their board. Disable that controller and use the x79 usb ports.

Re-flashing the BIOS, a prerequisite for MASTERKEY, often does not require physical access to the device.

My biggest concern with masterkey is that the hardware could have the malware BIOS installed by someone at the factory or somewhere in-between before the new system gets delivered to the customer. I'm sure you could get a handheld device that would be possible to flash the bios chip without even powering up the system. The customer would have no way to detect the malware on the new system.
 
Joined
Apr 30, 2012
Messages
3,881 (0.84/day)
Asus is to blame for that as they added the Asmedia chip to their board. Disable that controller and use the x79 usb ports.

I get that. They are a lot of board makers that took that liberty throughout the years. Various post on other forums are starting to link and recall several of them over the years.

Be interesting if TPU can compile a list from its review database

ASM1142
Asus Sabertooth Z170 Mark 1
Asus X99-Deluxe II
Asus ROG Rampage V Edition 10
Asus ROG Maximus VIII Hero
Asus Z170-A
Asus X99-E-10G WS
AsRock Fatal1ty Z170
AsRock Fatal1ty X99 Pro Gaming
ASRock Fata1ty X99X
ASRock Beebox-S
ASRock X99 Taichi
ASRock X99E-ITX
ASRock X99 OC Formula
ASRock Z170 OC Formula
ASRock Z170 Extreme4 & Extreme4+
MSI Z170A Xpower Gaming
MSI Z170A Gaming M9 ACK
MSI X99A TomaHawk
MSI X99A Gaming Pro Carbon
MSI X99A GodLike Gaming
MSI Z170A Xpower Gaming Titanium Ed.
Gigabyte Z170X Gaming 6
Gigabyte Brix BKi5A
Gigabyte Z170XP-SLI
Supermicro X7170-OCE
Supermicro C7270-CG
Supermicro C7270-PG Pro Gaming
Supermicro SuperO C7Z170-M
ECS Liva One
EVGA Z170 Classified


Update:

ASM1042
Asus Maximus VIII Extreme
Asus Z97 Pro
Asus P8Z77-V
ASRock Z68M-ITX
ASRock Z77E-ITX
ASRock Fatal1ty Z68 Pro Gen3
ASRock X79 Extreme4-M
ASRock X99X Killer Fatal1ty
ASRock Z68 Extreme 4
BioStar TZ68K+
MSI Z97 Gaming 9 AC
MSI X99A GodLike Gaming - Has more then one of the vulnerable chips
MSI X99S-MPower
MSI Z270 XPower Gaming Titanium
SuperMicro C7Z97-OCE
SuperMicro X7X99-OCE

^This is just a list from one sites review database
 
Last edited:

OneMoar

There is Always Moar
Joined
Apr 9, 2010
Messages
8,800 (1.64/day)
Location
Rochester area
System Name RPC MK2.5
Processor Ryzen 5800x
Motherboard Gigabyte Aorus Pro V2
Cooling Thermalright Phantom Spirit SE
Memory CL16 BL2K16G36C16U4RL 3600 1:1 micron e-die
Video Card(s) GIGABYTE RTX 3070 Ti GAMING OC
Storage Nextorage NE1N 2TB ADATA SX8200PRO NVME 512GB, Intel 545s 500GBSSD, ADATA SU800 SSD, 3TB Spinner
Display(s) LG Ultra Gear 32 1440p 165hz Dell 1440p 75hz
Case Phanteks P300 /w 300A front panel conversion
Audio Device(s) onboard
Power Supply SeaSonic Focus+ Platinum 750W
Mouse Kone burst Pro
Keyboard SteelSeries Apex 7
Software Windows 11 +startisallback
so how exactly do you implement a backdoor on the hardware level care to explain what exactly this hardware backdoor is and how to access it ? because I can't find anything in there disclosure about exactly what this hardware level backdoor is or how to access it or what evidence they have that its unpatchable

if you are accessing it via software then guess what ITS PATCHABLE





I gotta love how vague they are explaining this using terms like 'if our understanding is correct' so basically they don't fully understand there own report what ....

and enabling wp does not enable wp for the entire chip just the rom portion. and then there is ... CMOS storage != bios chip and on boards that do use a portion of the main rom for that its in a reserved isolated address the fact that they don't even know that much is gasoline on the credibility tire fire

also if you have admin you can move laterally through any network that that machine is connected via other attack vectors. to so again if you have admin you are already pwnd

also teaming up with liberboot/coreboot are you fkin kidding me ?

that project has gone exactly nowhere in the 19 years it has existed it works on a barely a handful of boards from at greatly reduced functionality https://www.coreboot.org/Supported_Motherboards

so again I postulate the question why are we even talking to these people they quite simply haven't a goddamn clue
 
Last edited:

Durvelle27

Moderator
Staff member
Joined
Jul 10, 2012
Messages
6,797 (1.49/day)
Location
Memphis, TN
System Name Black Prometheus
Processor |AMD Ryzen 7 1700
Motherboard ASRock B550M Pro4|MSI X370 Gaming PLUS
Cooling Thermalright PA120 SE | AMD Stock Cooler
Memory G.Skill 64GB(2x32GB) 3200MHz | 32GB(4x8GB) DDR4
Video Card(s) ASUS DirectCU II R9 290 4GB
Storage Sandisk X300 512GB + WD Black 6TB+WD Black 6TB
Display(s) LG Nanocell85 49" 4K 120Hz + ACER AOPEN 34" 3440x1440 144Hz
Case DeepCool Matrexx 55 V3 w/ 6x120mm Intake + 3x120mm Exhaust
Audio Device(s) LG Dolby Atmos 5.1
Power Supply Corsair RMX850 Fully Modular| EVGA 750W G2
Mouse Logitech Trackman
Keyboard Logitech K350
Software Windows 10 EDU x64
Awaiting Moreno information
 
Joined
Jul 5, 2013
Messages
28,238 (6.74/day)
so am I missing something?
Yes, there are ways to crack a network once you're inside and have admin authoritatives to even one machine on that network. Such access can be structured to grant admin access to many other machines on the same network, regardless of domains.
 

cadaveca

My name is Dave
Joined
Apr 10, 2006
Messages
17,232 (2.52/day)
so how exactly do you implement a backdoor on the hardware level care to explain what exactly this hardware backdoor is and how to access it ? because I can't find anything in there disclosure about exactly what this hardware level backdoor is or how to access it or what evidence they have that its unpatchable

if you are accessing it via software then guess what ITS PATCHABLE


Intel ME (which also has a "backdoor") is exactly what you are asking about. So, you can disable the ME now via some creative hacking of the ME firmware (you couldn't for like a decade before this, since like 2008), but AMD's equivalent, the PSP, might not have the capability to be disabled in a similar fashion. It was documented that the Intel ME could be disabled because the NSA wanted it that way (this needs verification, I'm sure). But anyway, whoever it was, they wanted it, it was implemented, and now the public has this capability. Then we got the ME hack...

We just need similar for the PSP (oh look, apparently according to this CTS news a reason to disable is present), and a big part of this problem is solved.
 

OneMoar

There is Always Moar
Joined
Apr 9, 2010
Messages
8,800 (1.64/day)
Location
Rochester area
System Name RPC MK2.5
Processor Ryzen 5800x
Motherboard Gigabyte Aorus Pro V2
Cooling Thermalright Phantom Spirit SE
Memory CL16 BL2K16G36C16U4RL 3600 1:1 micron e-die
Video Card(s) GIGABYTE RTX 3070 Ti GAMING OC
Storage Nextorage NE1N 2TB ADATA SX8200PRO NVME 512GB, Intel 545s 500GBSSD, ADATA SU800 SSD, 3TB Spinner
Display(s) LG Ultra Gear 32 1440p 165hz Dell 1440p 75hz
Case Phanteks P300 /w 300A front panel conversion
Audio Device(s) onboard
Power Supply SeaSonic Focus+ Platinum 750W
Mouse Kone burst Pro
Keyboard SteelSeries Apex 7
Software Windows 11 +startisallback
Intel ME (which also has a "backdoor") is exactly what you are asking about. So, you can disable the ME now via some creative hacking of the ME firmware (you couldn't for like a decade before this, since like 2008), but AMD's equivalent, the PSP, might not have the capability to be disabled in a similar fashion. It was documented that the Intel ME could be disabled because the NSA wanted it that way (this needs verification, I'm sure). But anyway, whoever it was, they wanted it, it was implemented, and now the public has this capability. Then we got the ME hack...

We just need similar for the PSP (oh look, apparently according to this CTS news a reason to disable is present), and a big part of this problem is solved.
but me's backdoor wasn't 'hardware' it was in the 'me' blobs the hack involves removing those files from the uefi image thats all it does or setting the HAP bit to 1

which isn't hardware its a firmware flag
 
Top