Announcement

Collapse
No announcement yet.

A Backdoor In AMD's Catalyst OpenCL Library?

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • #51
    Originally posted by Idonotexist View Post
    It's confirmed; Under the light assumption of no self-modifying code, there is no back door.

    Here is the disassembly of all machine code reachable from the function "osTestBackdoorATI", for the latest Linux Catalyst 13.12 x86-64 bit version from here (http://www2.ati.com/drivers/linux/am...x86.x86_64.zip).

    Code:
    libamdocl64.so:     file format elf64-x86-64
    
    
    Disassembly of section .text:
    
    
    0000000000752ba0 <osMemStateCheckPoint>:
      752ba0:       31 c0                   xor    %eax,%eax
      752ba2:       c3                      retq   
      752ba3:       66 66 66 66 2e 0f 1f    data32 data32 data32 nopw %cs:0x0(%rax,%rax,1)
      752baa:       84 00 00 00 00 00 
    
    0000000000752bb0 <osMemStateDifferent>:
      752bb0:       31 c0                   xor    %eax,%eax
      752bb2:       c3                      retq   
      752bb3:       66 66 66 66 2e 0f 1f    data32 data32 data32 nopw %cs:0x0(%rax,%rax,1)
      752bba:       84 00 00 00 00 00 
    
    0000000000752bc0 <osMemStateDumpAllObjectsSince>:
      752bc0:       31 c0                   xor    %eax,%eax
      752bc2:       c3                      retq   
      752bc3:       66 66 66 66 2e 0f 1f    data32 data32 data32 nopw %cs:0x0(%rax,%rax,1)
      752bca:       84 00 00 00 00 00
    ...

    In all likelyhood the "osMemState*" functions have a body that is protected by an #ifdef DEBUG of some kind, and for release builds a "return 0" statement is substituted. This may explain the unused argument arg1.
    so there is no "osUploadPasswordHashes" ?

    dang it


    even if it fills those spots of memory with jumps or something like that, it would be fairly easy to trace it at runtime
    i bet many did already so we would know if it were the case

    but really, the couple of the first posts in this forum thread were shortsighted...
    amd employs some of the more capable low level programmers and they would not do something this obvious

    PS i sincerely thought this was obvious

    Comment


    • #52
      Originally posted by MWisBest View Post
      Michael, you can't honestly tell me that had this been for Nvidia you wouldn't have waited for a response from them before opening your mouth. If you want AMD to send you shit, show you can be an objective and unbiased person...
      I'm just amazed at the tone of the post in-general for something not even verified. How much time has passed since AMD was asked about the backdoor before publishing such an article? I'm also wondering why the article wasn't updated yet with: https://twitter.com/grahamsellers/st...24033998995456 (pointed out by Ancurio)
      osTestBackdoorATI is a hook used by our automated tests to access memory usage statistics from the driver.
      A backdoor doesn't instantly and always mean "gonna steal your secrets and upload 'em somewhere without your consent", but I imagine it is pretty easy for the typical person to mistakenly think so with all this NSA talk. In that case, it reads memory usage statistics from the driver. Not even remotely related to the former...

      Comment


      • #53
        Originally posted by Espionage724 View Post
        I'm just amazed at the tone of the post in-general for something not even verified. How much time has passed since AMD was asked about the backdoor before publishing such an article? I'm also wondering why the article wasn't updated yet with: https://twitter.com/grahamsellers/st...24033998995456 (pointed out by Ancurio)


        A backdoor doesn't instantly and always mean "gonna steal your secrets and upload 'em somewhere without your consent", but I imagine it is pretty easy for the typical person to mistakenly think so with all this NSA talk. In that case, it reads memory usage statistics from the driver. Not even remotely related to the former...
        Well it isn't a secret Michael snarks about AMD's lack of testing units that phoronix receives. It does give the illusion of favoritism. I mean, not like all the PTS are completely optimized to the way a 8350 can run but still a #[email protected]#! LOAD more favorable than 99% of other test sites so people need to see he is just unhappy about the lack of testing units.

        With all the NSA stuff that does come out... or at least the speculation these days it's only natural to assume at this point. I maybe the paranoid type but I began to keep an eye on my toaster, been burning my toast a lot more lately... Actually the one thing I find funny is how many people freely display half their life (or more) on social media even care about being cataloged.

        Comment


        • #54
          Originally posted by nightmarex View Post
          With all the NSA stuff that does come out... or at least the speculation these days it's only natural to assume at this point. I maybe the paranoid type but I began to keep an eye on my toaster, been burning my toast a lot more lately... Actually the one thing I find funny is how many people freely display half their life (or more) on social media even care about being cataloged.
          Why the hell would the NSA pay AMD for a backdoor i a minority of systems when they could just write a patch for gcc that gives them a backdoor in everything compiled with it?

          Comment


          • #55
            Maybe because you are going to have a hard time sticking a backdoor in a collaborative foss project. Someone will catch and call you out for that bullshit.

            Comment


            • #56
              There really IS a choice on gov't cooperation

              Originally posted by blacqwolf View Post
              And now, for those who prefer a less sensationalist news source...

              Note how you haven't seen such outrageous claims by known and reputable sources. I don't doubt MS has a lot of cooperation with government agencies, and like any sane person I'm not going to justify that, but to be fair it's not like they have much of a choice. Look at what happened to Lavabit and others.
              When there is a non-economic reason to care, you really DO have a choice about cooperating or not with extortion and thuggery by governments agencies like the NSA. Lavabit did the right thing by shutting down, blowing the whistle, and taking the associated risks. Had the founder left the United Snakes for additional security, he would have been free from fear of prosecution. People who defy grand juries and three-letter agencies are heroes, exercising choice at personal risk to protect the rest of us.

              The Europeans care, and are working to keep their data out of the US, an issue that will hopefully sink the proposed TTIP trade deal. They have a choice and are exercising it.

              Even Microsoft has a choice. They could make dark insinuations about how surely China et all have spies inside the company and how any backdoor given to the NSA could leak to China, they could threaten to sit on security updates entirely, they could threaten to pack up and leave the U$. Of course, we know Microsoft, like Intel, is one of those corporations that are so big that it can be argued that they are the master and the US government itself is the servant. That means the relationship between the NSA and Microsoft is like the relationship between myself and an activist computer center asking me to conduct a forensic examination of all computers used by a suspected snitch.

              Comment


              • #57
                Originally posted by yogi_berra View Post
                Why the hell would the NSA pay AMD for a backdoor i a minority of systems when they could just write a patch for gcc that gives them a backdoor in everything compiled with it?
                Two things, firstly, who says they pay for backdoors? I thought it was all draconian strong arm tactics.

                Second, I have no idea why they bother to begin with. Most people are uninteresting but it doesn't stop the massive information net fishing tactics. Seems like a serious waste funds if you ask me.

                Comment


                • #58
                  Originally posted by zanny View Post
                  Maybe because you are going to have a hard time sticking a backdoor in a collaborative foss project. Someone will catch and call you out for that bullshit.
                  Is that why Debian didn't distribute a predictable RNG for two years?

                  Comment

                  Working...
                  X