Delete comment from: Ken Shirriff's blog
Hi Ken, many thanks for the nice article. I was able to follow the Peters work and your extracted floating point constants allowed me to fully recover the encryption keys for the deschutes/mobile A/B (it does not work for klamath for some unknown reason, but you as a Master Ken can figure this out ;). It also confirms that your FPROM values are correct. I think I miss only couple of values which never turned up in the microcode updates. If you want to reproduce his work, it is needed to also look to various pictures from twitter to get all the hints. I think ultimately, you can then dump the whole microcode ROM and analyze everything. There are hints from him for that as well. It is such great "treasure hunt!" It somehow seems that it might work for PIII as well! But I'm ending up with a strange situation where I can decrypt the microcode patches despite the start is wrong but integrity check is OK?! Maybe somehow the IV is wrong (possibly different algorithm is used). Maybe if enough people gather some steps forward can be done on PIII as well. I think all interested people should contact you and as an invite post part of the encryption key here ;) Mine invite is CPU_KEY_DESCHUTES_A 0x3b02... Ruik
Apr 2, 2025, 4:35:32 PM