Halt and Catch Fire
x86

Sandsifter checks your processor for secrets

Next Story

AWS won’t be ceding its massive market share lead anytime soon

Are you sufficiently paranoid? If you’re not, there’s now Sandsifter. This project, just announced at Defcon 2017, tests your x86 processor for hidden instructions and bugs. “Sandsifter has uncovered secret processor instructions from every major vendor; ubiquitous software bugs in disassemblers, assemblers, and emulators; flaws in enterprise hypervisors; and both benign and security-critical hardware bugs in x86 chips,” wrote creator Christopher Domas of the Battelle Institute.

The program essentially reduces the number of possible instructions to test to a manageable 100,000. Each is performed and anomalous activity is recorded for later perusal. The most important thing? Domas has found a so-called “halt and catch fire” instruction in a chip that he has declined to name. These sorts of calls – originally found in the Pentium chip and called f00f – can shut down a computer instantly, resulting in data loss. It’s the first real “f00f”-like attack found in 20 years.

Most of us won’t find anything unusual but it is useful to test your processor for, say, undocumented calls that may affect future programs. Think of it as a chkdsk for your processor.

You can download Sandsifter here and run it on your computer as long as you have the Capstone engine install installed. It can take a few hours to scan your entire system and Domas is even offering to look over anomalous logs so let him know if you find something odd.

It’s a fascinating look at chips and a space few of us have ever explored and, given that it’s so easy to try, it can’t hurt to see if someone is hiding something inside your CPU.