🔥The 9th Round of Easy Loan, Earn $40 Reward is in progress❗️ ⏰ Promotion Period: January 15th - Feburary 15th, 2025 👉 Register now and check more details at gate.io/campaigns/358

This Intel DFX hack was made possible because of their DFX Aggregator IP is sensitive to Voltage Fault Injection attacks: we reprogrammed intergated LDO (VNNAON LDO) via modified PMC firmware and thus forced DFX IP to abnormal reset...

This is heartbreaking.

Uh, Intel uarch debug instructions (udbgrd/wr) can be submited to CPU via JTAG PIR (Probe Mode Instruction) register. It's very, very suitable for uarch debug by JTAG (some uarch data, such as Funny IO and AON staging buffer, arn't accessible directly through CRBUS/LDAT)

Jailbreak and kernel debugging is coming to new iPhones! (Apple A12-A16 SoC’s < iOS 16.6)

All the details about this vuln and much more will be revealed tomorrow by us (me, Leonid Bezvershenko, Georgy Kucherin) during our talk “Operation Triangulation: What You Get When Attack iPhones of Researchers” at #37c3 (14:45 CET). There will also be a live stream. fahrplan.events.ccc.de/congress/2023/…

We're revealing details of an obscure debugging feature in the Apple A12-A16 SoC’s that bypasses all of the hard-to-hack hardware-based memory protections on new iPhones. Its not used by the firmware and we don't know how the attackers found out about it. securelist.com/operation-tria…

A few of my Exploiting the Linux Kernel training sessions for this year are now public 🥳 Unlike in the last year, these sessions are solely focused on exploitation. So no KASAN or syzkaller but more hardcore exploits 😎 See the list below 👇

In our list of all available MSRs for Intel Goldmont micro-architecture (even in NDA-ed documentation, Intel doesn't public them all) we omitted a set of Uncore MSRs (their descriptors hard-coded out of CPU cores, in hardware logic of Uncore)

François-Philippe Champagne (FPC) 🇨🇦 Dear François-Philippe, We'd appreciate it if you could provide any evidence of Flipper Zero being involved in any criminal activities of this kind. We're not aware of any events like this and frankly speaking not sure what was the reason for this discussion to begin with.

Wrote an article about turning a ThinkPad X1 Carbon 6th Gen laptop into a programmable USB device by enabling the xDCI controller 😯 Now I can emulate USB devices from the laptop without external hardware, including via Raw Gadget or even Facedancer 😁 xairy.io/articles/think…

Backdoor in upstream xz/liblzma leading to ssh server compromise openwall.com/lists/oss-secu…

We dug into the RFDS (intel.com/content/www/us…) mitigation ucode patch for Intel Goldmont Plus uarch: it clears temporal vector registers (we named them tmm0-7 in ucode) and thus vector register file at certain points in ucode (1/4)

No human has ever set foot here (no researcher’s eye has looked) 😀. This is Intel pcode ROM (for Atoms)

We (vaber and I) have discovered a Google Chrome zero-day that is actively used in targeted attacks. It was just fixed as CVE-2024-4947 and we're going to reveal more details soon 🔥🔥🔥. Update now! chromereleases.googleblog.com/2024/05/stable…

North Bridge (CPU complex) wake-up logic complexity in pcode 😱 (for Atoms)

Lack of coordination between Intel CSME security/firmware team and PCH HW team has led to a very big fail: Fuse Encryption Key has been extracted!

Intel HW is too complex to be absolutely secure! After years of research we finally extracted Intel SGX Fuse Key0, AKA Root Provisioning Key. Together with FK1 or Root Sealing Key (also compromised), it represents Root of Trust for SGX. Here's the key from a genuine Intel CPU😀

The embargo (12:00 UTC 2025-06-10) is over, let's start a thread on Hydroph0bia (CVE-2025-4275), a trivial SecureBoot and FW updater signature bypass in almost any Insyde H2O-based UEFI firmware used since 2012 and still in use today. English writeup: coderush.me/hydroph0bia-pa…

We're going to be moving forward under the expectation that future Pixel devices may not meet the requirements to run GrapheneOS (grapheneos.org/faq#future-dev…) and may not support using another OS. We've been in talks with a couple OEMs about making devices and what it would cost.

Published the third part of my blog series about Hydroph0bia (CVE-2025-4275) vulnerability, this one is about the fix as Insyde applied it, and my thoughts on improvements for it. coderush.me/hydroph0bia-pa…