Sandsifter software finds hidden instructions inside processors.

[skybu...@hotmail.com]

Hello,

I just watched this video, it's pretty interesting and somewhat amazing, this guy find a way to find hidden instructions inside processors:

https://www.youtube.com/watch?v=KrksBdWcZgQ

The software which finds these hidden instructions is available too:

https://github.com/xoreaxeaxeax/sandsifter

Apperently it's open source python and a little bit of C.

It will probably require some kind of python interpreter/executor and probably admin rights to run.

I am not yet sure how to run this software it will require installing some additional capstone disassembler.

I am curious what would be found on my AMD X2 3800+ from almost 12 years ago... if it will run at all... I think it will run.

I would be curious to also here results of other people ! ;)

So if you curious as to what secret instructions exist inside your computer give this a run.

Later today or in the coming days when I have some time for this I will return to
this subject.

For now I may have other things to do or maybe not :P :)

Bye,
Skybuck =D

P.S.:

After watching this video, and taking a little peak at the software I am pretty sure you will find this document highly interesting, a first in it's kind:

https://github.com/xoreaxeaxeax/sandsifter/blob/master/references/domas_breaking_the_x86_isa_wp.pdf

Compared to others newsgroups, now you have a leg up ! :) (LOL) :)

[skybu...@hotmail.com]

Hi,

I hope you have the following newsgroup in case you are highly interested in knowing every last detail and every thought I have on this subject matter:

https://groups.google.com/forum/#!forum/alt.comp.hardware.pc-homebuilt

There I have written some detailed postings.

In the other newsgroups I will constrain myself to the most important matter/summary of my activities, findings and productions for your usage.

The most important information I want to share with you is the following:

1. I was successfull in running SandSifter software with Linux Mint 18.2 booteable DVD, downloaded ISO from the internet and undocumented instructions have been found for AMD X2 3800+ Dual Core processor.

2. All files are available on my webdrive:

www.skybuck.org/SandSifter/

Explore the "unzipped folder" to see what it's all about.

3. I have written two tutorials how you can also run this software on your computer in case you have a DVD drive and DVD disc to burn this software onto.
One manual tutorial and one automatic tutorial. The automatic tutorial is the easiest one which I will post here, the automatic tutorial includes a run.sh script which I will also post here, this is to help you run this software on your machine, at the end of this posting I will discuss any possible risks to doing so in case you are worried.

Automatic tutorial:

Step 1. Download Linux Mint ISO (Successfully tested on Linux Mint 18.2 Sonya)

https://www.linuxmint.com/

Step 2. Burn Linux Mint ISO to DVD (Windows 7: Right click on file and choose burn to disc).

Step 3. Boot Linux Mint ISO from DVD (Restart computer, if needed go into bios and change boot order, or press F8 to bring up boot menu or something like that)

Step 4. Start FireFox Web Browser

Step 5. Download SandSifter software and extract to a folder.

https://github.com/xoreaxeaxeax/sandsifter

(Click "clone or download", then click "download zip", then click "open with archive manager", then click "extract" (top left icon), click "other locations", choose a harddisk or other storage
medium which is persistent, click on the storage medium, click create new folder (top right icon), name for folder could be "test", click "extract", click "show the files")

Enter the folder "sandsifter-master" by left clicking on it.

Step 6. Download Skybuck's Flying run.sh script file

Download and save the "run.sh" script file to/inside the "sandsifter-master" folder.

http://www.skybuck.org/SandSifter/unzipped/run.sh

Step 7. Open terminal window and resize it to make it bigger

Right click in the empty space and choose "open in terminal"

A window and a prompt/blinking cursor should now come up looking similar to:

mint@mint /media/mint/Windows 7 System (New)/test/sandsifter-master $

Make the window bigger so that the summarize script at the end doesn't crash !

Drag and Drop the window at the bottom right corner to make it bigger (Hold the left mouse button to drag and make it bigger then let mouse button go)

Step 8. Run Skybuck's Flying Bash Script to install software and run SandSifter

type the following command:

bash ./run.sh

Step 9. Guide the software installation and upgrade process

Sometimes it will ask if you want to continue ? Press the Y key.

Once it's done installing SandSifter will automatically run and finally a summary will be created.

Step 10. Wait for the analysis to complete

Once you see instructions scrolling/flying over the screen go take a sleep and wait many hours until it is completely done.

Once it is done it will show something like: "May the Force be with you ! Always !" then you know the script is done !

Step 11. Do not open the log files !

The log files (in data folder) may be to big for the Linux Mint 18.2 text and office editors to handle ! This will probably crash/hang the system !

Step 12. Go into the data folder and send the files to the e-mail address:

xoreax...@gmail.com


The run.sh script:

echo "Step 1. Install standard C library software"
sudo apt-get install libc6-dev

echo "Step 2. Install python pip"
sudo apt install python-pip

echo "Step 3. Update python pip"
sudo pip install --upgrade pip

echo "Step 4. Install setuptools"
sudo pip install setuptools

echo "Step 5. Install capstone binaries"
sudo apt-get install libcapstone3

echo "Step 6. Install capstone dev source"
sudo apt-get install libcapstone-dev

echo "Step 7. Install capstone python bindings (this will take a while)"
sudo pip install capstone

echo "Step 8. Make sandsifter"
make

echo "Step 9. Run sandsifter"
sudo ./sifter.py --unk --dis --len --sync --tick -- -P1 -t

echo "Step 10. Summarize"
./summarize.py data/log

echo ""
echo "Bash script"
echo "Version 0.01 created on 22 october 2017 by Skybuck Flying"
echo "To Install, Make, Run, Summarize SandSifter Software and Software Dependencies"
echo "Successfully tested on Linux Mint 18.2 Sonya on AMD Dual Core X2 3800+ processor"
echo "May the Force be with you ! Always ! =D"
echo "Have fun analyzing undocumented instructions !!!!"
echo "E-mail results to or contact: xoreax...@gmail.com"
echo "^^^ !!! Author of SandSifter Software and interested in log files !!! ^^^"
echo ""

For now I will not discuss the collected data, this will have to be further analyzed, however I will say that the collected data is in this folder:

http://www.skybuck.org/SandSifter/unzipped/data/

The log file contains discovered undocumented instruction byte code sequences for further investigation.

(Lastly I will try and collect the messages I write on this subject matter in the messages folder so you don't have to scavenge the usenet/web for all info;) a bit tricky but I will try at least :))

Bye,
Skybuck.

[skybu...@hotmail.com]

Idea of this software is basically:

Generate random bytes and feed them to processor.

Observe result of processor if good or bad (error codes).

If good check docs.
If bad adjust and retry.

Somebody wrote a nice short explanation of what SandSifter does to give you an idea (it's a new algorithm to find undocumented instructions fast !):

It's guessing possible X86 instructions by exploiting the Instruction Decoder via the (PF) Page Fault result code. Effectively splitting an instruction across two pages and only having one page of it executable. When the decoder fetches the instruction it notices that it's incomplete, attempts to fetch the next part that is on a new non-executable page. The decoder then throws a page fault since it's not executable. So it moves the entire instruction one to the left and tries again with various combinations until it doesn't get a page fault at which point it executes it.

And thus it attempts to 'tunnel' through every possible instruction. That's the general very simplified explanation.

Bye,
Skybuck.

[skybu...@hotmail.com]

I am going to issue a warning about all of this software:

SandSifter, Linux Mint 18.2 and install-apt and for windows: git

For now I suspect running two instances of SandSifter at same time on Linux Mint 18.2 caused file system corruption as can be seen on these three screenshots also checkdisk log file is included in web folder:

http://www.skybuck.org/SandSifter/unzipped/risks/

Possible causes of file system corruptions:

1. Running two instances of SandSifter + Linux Mint 18.2
2. Git on Windows
3. Perhaps a problem was already with file system.
4. BIOS Corruption in recent past.
5. Spark when other person connected laptop to power output... there was a spark.
6. FireFox corruption while browsing or extracting files !
Google detected cooky corruption... so FireFox is also a prime suspect !
7. Capstone disassembler
8. Possibly execution of hidden instructions or corruption because of it ;)

Be carefull !

I still have to investigate checkdisk log further though ! ;)

Bye,
Skybuck.

[skybu...@hotmail.com]

I do remember a very rare and extreme Windows 7 system hang not so long ago.

It was probably caused by having to many FireFox tabs open... and somehow a website/FireFox managed to "hang windows 7".

Windows 7 might have been busy trying to write data to the harddisk and somehow during that process it hang.

After waiting a bit I had no choice but to press the "reset" button.

I think this is what might have caused this file system corruption.

A combination of "FireFox memory hogging" and "Windows 7 writing to disk", possibly FireFox cache or cookie related.

Bye,
Skybuck.