The ring 0 façade: awakening the processor's inner demons

Conference:  Defcon 26



The presentation discusses the discovery of timing anomalies in microcode and MSRs, and the potential implications for processor security.
  • MSRs are used for powerful functions and control all details of a processor
  • Timing side channel attack on specific assembly instructions is new and promising
  • Many processors have unusual timing anomalies within microcode and MSRs
  • The cause of these anomalies is unclear and warrants further investigation
  • The presenter developed a password cracking tool and found a previously undisclosed MSR password
  • Third parties have access to processor keys that are not available to the public
The presenter discovered a previously undisclosed MSR password being used by hundreds of different firmware across many different vendors, which highlights the issue of third parties having access to processor keys that are not available to the public.


Your computer is not yours. You may have shelled out thousands of dollars for it. It may be sitting right there on your desk. You may have carved your name deep into its side with a blowtorch and chisel. But it's still not yours. Some vendors are building secret processor registers into your system's hardware, only accessible by shadowy third parties with trusted keys. We as the end users are being intentionally locked out and left in the dark, unable to access the heart of our own processors, while select organizations are granted full control of the internals of our CPUs. In this talk, we'll demonstrate our work on how to probe for and unlock these previously invisible secret registers, to break into all-powerful features buried deep within the processor core, to finally take back our own computers.