physical – Feasibility of CPU Backdoors

Recently I was thinking of the feasibility of hardware backdoors in the CPU introduced by manufacturers at the behest of three letter agencies. I can think of two potential backdoors that seem extremely powerful, but want to see if they would be practical.

The first backdoor would be a god-mode privilege execution backdoor. Essentially, if a series of magic values were introduced to registers and an undocumented instruction was executed, the CPU would take some chunk of memory and begin executing it in ring0. In this hypothetical situation, registers rax, rbx, rcx, and rdx could hold the magic value giving 256 bits of entropy to ensure that the backdoor couldn’t be stumbled upon accidentally, a fifth and sixth register would hold the starting and ending address of the chunk of memory to execute.

This seems entirely possible and even practical to me, but an even more powerful backdoor would be to not only elevate privileges, but execute code remotely, and that’s the backdoor I’m not sure is feasible. For this backdoor, the manufacturer would have to depend upon a networking driver reliably loading some series of values into cpu registers based on the characteristics of incoming network traffic. Presumably if you assume the cpu manufacturer is onboard with the three letter agency the network card manufacturer could be brought onboard as well to ensure this is the case.

If this could be guaranteed, the backdoor could work as follows. The cpu checks the values loaded into the four “magic value” registers. If the four registers together contain the magic value, the next two registers are used as before to define the addresses in memory to load into ring0. When the attacker wishes to exploit the backdoor, he sends crafted network packets that are guaranteed to end up loading the magic values into the correct cpu registers, along with the starting and ending addresses to be loaded into ring0. In addition, the packets send the actual code to be executed, which is stored in the network card driver’s memory buffer and pointed to be the magic values in the fifth and sixth registers.

When all is said and done, the attacker is essentially able to go from no access to ring0 access simply by firing some network packets at the computer.

The biggest issue with such a backdoor that I can see is ASLR and configuration differences causing the memory layout to be uncertain. To prevent this from causing problems, instead of the fifth and sixth registers containing direct addresses, they could contain offsets from the starting address of the network driver, which the CPU could retrieve by examining the interrupt descriptor table register to get the IDT address and using the IDT to get the address associated with the interrupt generated when a network packet is received.

How feasible would each of these backdoors be? I’m by no means a hardware expert, but it seems to me that the simple privilege execution backdoor would be entirely feasible, while the remote execution backdoor may be too error prone.