Secret AMD Debugger

digibucc · Nov 16, 2010

http://www.woodmann.com/collaborati...secret_debug_capabilities_of_AMD_processors_!

'Super-secret' debugger discovered in AMD CPUs
Password-protected feature goes beyond x86

By Dan Goodin in San Francisco
Posted in PCs & Chips, 15th November 2010 19:10 GMT

A hardware hacker has discovered a secret debugging feature hidden in all AMD chips made in the past decade.

The password-protected debugger came as a shock to reverse-engineers who have hungered for an on-chip mechanism for performing conditional and direct-hardware breakpoint operations. Although AMD has built the firmware-controlled feature into all chips since the Athlon XP, the company kept it a closely guarded secret that was only disclosed late last week by a hacker who goes by the name Czernobyl.

“AMD processors (Athlon XP and better) have included firmware-based debugging features that expand greatly over standard, architecturally defined capabilities of x86,” the hacker wrote. “For some reason, though, AMD has been tightly secretive about these features; hint of their existence was gained by glancing at CBID's page.”

To put a chip into developer mode, a user must first enter what amounts to a password — 9C5A203A — into the CPU's EDI register. Czernobyl was able to deduce the secret setting by brute forcing the key.

Presumably, the debugger is an internal AMD utility used during development and then turned off before shipping. Its discovery by world + dog means that everyday users may have powerful new tools to hack, debug, and reverse-engineer their hardware. Now that its existence and the instructions for turning it on are known, the real discoveries about exactly what can be done with it are sure to commence. ®

did search, didn't see it, sry if i'm blind

also, this should probably be in AMD/ATi huh? my bad.

KainXS · Nov 16, 2010

so what does this mean wiz

W1zzard · Nov 16, 2010

won't have much use for the general public. most of the people who call themselves tech journalists have no clue what all the funky words in the original article mean so they come up with explanations that make sense to them

basically it enables some additional debugging capabilities that allow better control on when a debug event occurs. this might be of use for operating system kernel developers, probably not even for them as there are no software tools that support these features. normal application developers rely on the debugging facilities of their development software that offers all such features at a non-hardware level "emulated" by the debugger but in a nice colorful clicky click representation

there is no security implication. access to MSRs is only available from kernel mode. if your virus is in kernel mode it can already do everything it wants, no need for those additional debug capabilities

wahdangun · Nov 16, 2010

wtf, is this some kind performance enhancing ???

W1zzard · Nov 16, 2010

wahdangun said:
wtf, is this some kind performance enhancing ???

no it will not performance enhance anything. it lets you set a breakpoint with complex conditions that causes the equivalent of a bluescreen when the condition it met and/or the breakpoint address is reached

digibucc · Nov 16, 2010

thanks for the link change, that site is MUCH better

had never seen it before ...

Mussels · Nov 16, 2010

what are these breakpoint operations all about?

PVTCaboose1337 · Nov 16, 2010

Here is the super sweet code list to decode what you see.

http://cbid.softnology.biz/html/undocmsrs.html

Steevo · Nov 20, 2010

Mussels said:
what are these breakpoint operations all about?

Lets say you want a exact picture of what is happening step by step during a programs run time. You set a breakpoint (system state stop) to occur at the time you want in the execution by setting perimeters that you define for the stop.

Comparing it to a event, it would be like saying stop a engine with the exact flame front in a cylinder as it is occurring. Basically think of freezing time.

So we could say executable Adobe32.exe is having performance problems when multitasking with XXX program. You could run them and get exact dumps of state as they occur through each step, analyze the data and implement fixes, or just tell adobe they suck.

robn · Nov 20, 2010

Yeah a breakpoint is a pre-set pause point in a code sequence in a program being debugged.

A program is going wrong somewhere and needs to be fixed. So the programmer wants to know what everything (data, threads, files open, etc.) looks like when their code reaches a certain instruction that they think might be in the problem area. A breakpoint tags that instruction, and the system pauses execution when it reaches the tag, to allow the developer to do whatever inspection they want. The program can be continued or aborted from that point as the dev sees fit.

In the case of this news, these AMD chips provide extra triggering options for the break to occur.

System Name	i7-PC / HTPC / iMac
Processor	i7 3820 / Phenom II 940
Motherboard	GIGABYTE G1.ASSASSIN2 / M3A79-T Deluxe
Cooling	Corsair Hydro H100i / Scythe II (HS only)
Memory	G.SKILL Trident X Series 8GB (2 x 4GB) DDR3 1600mhz / 4GB DDR2 1066 (@800) Corsair Dominator
Video Card(s)	GB Radeon HD 7950s 3GB / GB Radeon HD 7950s 3GB
Storage	2x 80GB Intel X-25, 2x600gb SATA, 1x1tb 5400RPM storage /1x600GB, 3x500GB,1x160,1x120 SATA
Display(s)	1x 27" Yamakasi / Vizio 42" HDTV
Case	Lian Li Lancool PC-K58 / Antec 900
Audio Device(s)	HT Omega Striker 7.1 / Onboard and HDMI from ATi Card
Power Supply	PC Power & Cooling 750W / 610W
Software	Ubuntu / Windows 8.1 Pro / OS X / PHPStorm / Gaming

Processor	AMD Ryzen 9 9900x / AMD Epyc 7773x
Motherboard	Gigabyte B850 Gaming X/ ASROCK ROME
Cooling	Be Quiet Dark Rock Pro 4(Custom) / Custom Air
Memory	64GB Crucial Pro 6400 / 384GB
Video Card(s)	Gigabyte RTX 3080 / Radeon Instinct
Storage	Adata SX8200 1TB NVME/WD Black 1TB NVME
Display(s)	Dell 27 Inch 165Hz
Case	Lian Li A3 Mini
Audio Device(s)	IFI Zen Dac/JDS Labs Atom+/SMSL Amp+Rivers Audio
Power Supply	Corsair RM850x
Mouse	Logitech G502 SE Hero
Keyboard	Corsair K70 RGB Mk.2
VR HMD	Samsung Odyssey Plus/ Quest 3
Software	Windows 11

Processor	Ryzen 7 5700X
Memory	48 GB
Video Card(s)	RTX 4080
Storage	2x HDD RAID 1, 3x M.2 NVMe
Display(s)	30" 2560x1600 + 19" 1280x1024
Software	Windows 10 64-bit

Processor	Ryzen 7 5700X
Memory	48 GB
Video Card(s)	RTX 4080
Storage	2x HDD RAID 1, 3x M.2 NVMe
Display(s)	30" 2560x1600 + 19" 1280x1024
Software	Windows 10 64-bit

System Name	i7-PC / HTPC / iMac
Processor	i7 3820 / Phenom II 940
Motherboard	GIGABYTE G1.ASSASSIN2 / M3A79-T Deluxe
Cooling	Corsair Hydro H100i / Scythe II (HS only)
Memory	G.SKILL Trident X Series 8GB (2 x 4GB) DDR3 1600mhz / 4GB DDR2 1066 (@800) Corsair Dominator
Video Card(s)	GB Radeon HD 7950s 3GB / GB Radeon HD 7950s 3GB
Storage	2x 80GB Intel X-25, 2x600gb SATA, 1x1tb 5400RPM storage /1x600GB, 3x500GB,1x160,1x120 SATA
Display(s)	1x 27" Yamakasi / Vizio 42" HDTV
Case	Lian Li Lancool PC-K58 / Antec 900
Audio Device(s)	HT Omega Striker 7.1 / Onboard and HDMI from ATi Card
Power Supply	PC Power & Cooling 750W / 610W
Software	Ubuntu / Windows 8.1 Pro / OS X / PHPStorm / Gaming

Secret AMD Debugger

digibucc

KainXS

W1zzard

Administrator

wahdangun

Guest

W1zzard

Administrator

digibucc

Mussels

Freshwater Moderator

PVTCaboose1337

Graphical Hacker

Steevo

robn

New Member

System Name	Rainbow Sparkles (Power efficient, <350W gaming load)
Processor	Ryzen R7 5800x3D (Undervolted, 4.45GHz all core)
Motherboard	Asus x570-F (BIOS Modded)
Cooling	Alphacool Apex UV - Alphacool Eisblock XPX Aurora + EK Quantum ARGB 3090 w/ active backplate
Memory	2x32GB DDR4 3600 Corsair Vengeance RGB @3866 C18-22-22-22-42 TRFC704 (1.4V Hynix MJR - SoC 1.15V)
Video Card(s)	Galax RTX 3090 SG 24GB: Underclocked to 1700Mhz 0.750v (375W down to 250W))
Storage	2TB WD SN850 NVME + 1TB Sasmsung 970 Pro NVME + 1TB Intel 6000P NVME USB 3.2
Display(s)	Phillips 32 32M1N5800A (4k144), LG 32" (4K60) \| Gigabyte G32QC (2k165) \| Phillips 328m6fjrmb (2K144)
Case	Fractal Design R6
Audio Device(s)	Logitech G560 \| Corsair Void pro RGB \|Blue Yeti mic
Power Supply	Fractal Ion+ 2 860W (Platinum) (This thing is God-tier. Silent and TINY)
Mouse	Logitech G Pro wireless + Steelseries Prisma XL
Keyboard	Razer Huntsman TE ( Sexy white keycaps)
VR HMD	Oculus Rift S + Quest 2
Software	Windows 11 pro x64 (Yes, it's genuinely a good OS) OpenRGB - ditch the branded bloatware!
Benchmark Scores	Nyooom.

System Name	Whim
Processor	Intel Core i5 2500k @ 4.4ghz
Motherboard	Asus P8Z77-V LX
Cooling	Cooler Master Hyper 212+
Memory	2 x 4GB G.Skill Ripjaws @ 1600mhz
Video Card(s)	Gigabyte GTX 670 2gb
Storage	Samsung 840 Pro 256gb, WD 2TB Black
Display(s)	Shimian QH270 (1440p), Asus VE228 (1080p)
Case	Cooler Master 430 Elite
Audio Device(s)	Onboard > PA2V2 Amp > Senn 595's
Power Supply	Corsair 750w
Software	Windows 8.1 (Tweaked)

System Name	Compy 386
Processor	7800X3D
Motherboard	Asus
Cooling	Air for now.....
Memory	64 GB DDR5 6400Mhz
Video Card(s)	7900XTX 310 Merc
Storage	Samsung 990 2TB, 2 SP 2TB SSDs, 24TB Enterprise drives
Display(s)	55" Samsung 4K HDR
Audio Device(s)	ATI HDMI
Mouse	Logitech MX518
Keyboard	Razer
Software	A lot.
Benchmark Scores	Its fast. Enough.

Processor	i7 920 @ 3520MHz locked on 1.04V, all features on
Motherboard	Biostar T-Power x58 + ASUS U3S6 + Broadcom WiFi
Cooling	Akasa Nero S on the i7 + 2 Akasa Apache case fans
Memory	24Gig Kingston HyperX DDR3
Video Card(s)	XFX GTX260 216 XT
Storage	240Gig SanDisk SSD, 750Gig Spinpoint F1
Display(s)	BenQ E2200HD
Case	Coolermaster Elite 334
Audio Device(s)	Realtek(!) with M-Audio AV40 + Wharfedale SW150
Power Supply	Antec EarthWatts 650
Software	Win7 64 Pro / Fedora KDE
Benchmark Scores	wPrime 32M 7.265sec - 3DMark2001 57673 - Intel Linpack 50.6237 GFlops