HardwareBanter

HardwareBanter (http://www.hardwarebanter.com/index.php)
-   Homebuilt PC's (http://www.hardwarebanter.com/forumdisplay.php?f=36)
-   -   Time Slice Visualizer to Detect Firmware Spyware using CPU. (http://www.hardwarebanter.com/showthread.php?t=199005)

[email protected] June 8th 18 02:51 PM

Time Slice Visualizer to Detect Firmware Spyware using CPU.
 
Now google groups isn't working lol.

Anyway here is the tool, I made it available via github cause mijndomein.nl is also not working correctly.

https://github.com/SkybuckFlying/Hel...pplication.exe

This tool spawns 1 gui thread and 1 main processing thread.

The 1 main processing thread will visualize it's time slices by drawing black, red or green pixels.

The black gaps represent interrupted activity. If it's black the thread could not run and something else was run. Red is little time was left to process that particular pixel could also be slightly suspicious but could also indicate the end of a time slice.

Green indicates the thread had cpu time available to fill the pixel at least twice.

Which is probably insufficient to be super reliable or good indicator but at least it's something, so red = pixel was filled exactly once, green greater than once.

However since time slices are usually 10 milliseconds, this simple tool should be enough for now to get an idea if something suspicious is running on the system.

This tool was not created to detect firmware spyware in particular, it was written to simply to examine the effect of time slicing on audio i/o buffers. Paul realized such a tool might be able to detect spyware inside firmware which interrupts the processor to run it's spyware.

This tool may therefore detect it.

Perhaps more advanced tools can be written in the future.

For now enjoy it for what it's worth ! ;)

Bye,
Skybuck.

[email protected] June 8th 18 03:00 PM

Time Slice Visualizer to Detect Firmware Spyware using CPU.
 
Some further information:

1. Multiple instances can be started and via task manager affinity can be set to a specific core.

2. Screen of application can be resized and should then fill the new screen, this allows the thread to do more pixel processing and consume more cpu time to try and detect more fine grained time slices/interrupts, though spyware might detect higher cpu usage and stay dormant.

The affinity experiment is quite interesting to see what operations/events like mouse events get executed on what core ! ;)

Bye,
Skybuck.


[email protected] June 8th 18 03:03 PM

Time Slice Visualizer to Detect Firmware Spyware using CPU.
 
So far my conclusion concerning mouse events and such would be:

1. Mouse events are handled by both cores on my Dual Core AMD X2 3800+.

2. Resizing of windows explorer is handled by one core only.

Bye,
Skybuck.

[email protected] June 8th 18 03:27 PM

Time Slice Visualizer to Detect Firmware Spyware using CPU.
 
Some further observations, the program was written in 2012 so had to think/figure out how it worked exactly ! :)

The program will always try to consume maximum processing power for it's single thread/core.

It's processing power is "smeared" over the pixels available. If there are many pixels available and only little processing power than all pixels will turn red or black. Black = no processing power available, red = exactly 1 pixel processing power available.

So for example maximizing the screen may show all red pixels depending on how fast your computer is.

Reducing the screen size has no effect on cpu consumption. Instead the same pixel will be filled multiple times, indicated by green color. (fill count 1 = green)

So this app can easily consume near 100% cpu power by running it twice for my purchased ;) dual core AMD X2 3800+ processor.

Green/Red is a nice helper to give some idea of how much processing power your core has.. also the re-sizing is for convenience as well to keep it smaller if necessary.

The re-sizing may fail/might be bugged/locked, in that case try clicking stop... then re-size and click start again... this should make it work again.

So just liked to point out there is no way for now to make it consume less cpu processing power... for now it makes no sense to do so... cause all cpu processing power must be consumed to have any chance of detecting "stolen" cpu processing power ;)

However perhaps there might be a way in the future to detect "stolen cpu processing power" easier without consuming so much processing power.

One idea which pops into my head is:

1. Relinquish control of the cpu. In other words, give up the time slice for the thread... but do "mark" where it was supposed to "run/start". And perhaps also mark where it was suppose to "stop". If all app instances do this then basically all cpu processing power would have been theirs. Now once the thread is run again it can figure out if there are gaps between where it should have been and where it actually is... this may be hard to do accurate or perhaps not... not sure about this... but could be worth a try to figure this out. For example a time slice run could be done to see how many pixels per time slice it can process. Then this can be used as some length indicator of where it should have been after it was given control again off the cpu.

The idea is that if no other threads are running, then the thread should regain control every 10 milliseconds.

For example sleep(0) or event signalling can be used to re-gain control this way..

So idea is basically:

1. Thread runs.
2. Thread measures time/start point.
3. Thread goes to sleep.
4. Thread is re-awakened by OS because nothing else is running.
5. Thread notes end point, computes where end point should have been, any gaps are suspicious. All is visualized including the gaps.
6. Thus gaps can be drawn as well and could be suspicious.

However if such an app is reliable remains to be seen.

For now the current max cpu processing power consuming app is quite nice ! =D

Bye,
Skybuck.

[email protected] June 10th 18 06:35 PM

Time Slice Visualizer to Detect Firmware Spyware using CPU.
 
Ok problem with webhosting solved.

Webhoster probably moved to a new sftp server while letting the old ftp server run :)

TimeSliceVisualizer application can now be downloaded from my humble website =D

http://www.skybuck.org/Applications/...iceVisualizer/

Bye,
Skybuck =D


All times are GMT +1. The time now is 06:42 PM.

Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
HardwareBanter.com