Skip to content

Latest commit

 

History

History
20 lines (12 loc) · 2.08 KB

README.md

File metadata and controls

20 lines (12 loc) · 2.08 KB

VIA C3 Alternative Instruction Set Assembler

Introduction

In 2018 xoreaxeaxeax gave the talk GOD MODE UNLOCKED - Hardware Backdoors in x86 CPUs. In the talk he explains how he found undocumented instructions in VIA C3 processors.

Recently some leaked confidential documents can be found on the internet, describing parts of the AIS. The VIA C3 Processor Alternative Instruction Set Application Note and VIA C3 Processor Alternative Instruction Set Programming Reference. Based on these documents an assembler for the VIA C3 Alternative Instruction Set has been created.

Project

The project contains two Rust packages, ais_asm and kernel.

The ais_asm is the Alternative Instruction Set Assembler. It doesn't parse an input file, but it is dynamic assembler. A program is created with Rust code and calls into the assembler. The ais_asm/examples folder contains some example programs.

The kernel is a mostly copied for an previous project, and is changed to contain and start the assembled payload. It is minimal kernel that can be run on VIA C3 hardware. And has a multiboot2 header and can be loaded with GRUB onto a target system. When the kernel is loaded it will initialize as serial port for println!() messages. Then try to enable AIS, and panic if the target doesn't support AIS. The kernel image includes a copy of the assembled program, and it will run this payload.

Extra info

This project started as a submission for LowLevelJam. The demonstration can be found here.

Xoreaxeaxeax notes on AIS can by found in the rosenbridge repo.

The dynamic assembler design is from the youtube series Bitwise, where one of the projects is a RISCV assembler.