Maybe, maybe not. Keep in mind that opcodes are the lowest-level part of the programming stack. They’re literally just integers transmitted on the system bus. So if you’ve got, for example, 35 operations that you’re actually trying to implement, you need 2n ≥ 35 or n = 6 signal lines in your bus to transmit it. But since 26 = 64, that means it’s possible to put another 29 values on that 6-bit bus, with completely undefined behavior unless you go out of your way to handle them in the instruction decoder (increasing the size and therefore cost of your silicon, which is very undesirable in an embedded chip that sells for less than $1).
It is not at all implausible for one of those undefined instructions to just happen to do something that an attacker would find useful, by sheer coincidence.
Yes, but to do that they have to be decoded and handled. That’s basically what the commenter above was saying.
The original 6502 had many undocumented opcodes for this reason, and developers stated exploiting them for various reasons. The CMOS 65C02 redefined them to no-op. This has been going on a long time.
It is not at all implausible for one of those undefined instructions to just happen to do something that an attacker would find useful, by sheer coincidence.
It amazing how there is an endless supply of these “coincidence”
Well, yeah. That’s because it’s inherent to how CPUs work. Every single CPU on the planet has undefined opcodes, unless the number of defined ones just happens to be a power of two.
Maybe, maybe not. Keep in mind that opcodes are the lowest-level part of the programming stack. They’re literally just integers transmitted on the system bus. So if you’ve got, for example, 35 operations that you’re actually trying to implement, you need 2n ≥ 35 or n = 6 signal lines in your bus to transmit it. But since 26 = 64, that means it’s possible to put another 29 values on that 6-bit bus, with completely undefined behavior unless you go out of your way to handle them in the instruction decoder (increasing the size and therefore cost of your silicon, which is very undesirable in an embedded chip that sells for less than $1).
It is not at all implausible for one of those undefined instructions to just happen to do something that an attacker would find useful, by sheer coincidence.
Couldn’t they just designate them as no-op codes?
Yes, but to do that they have to be decoded and handled. That’s basically what the commenter above was saying.
The original 6502 had many undocumented opcodes for this reason, and developers stated exploiting them for various reasons. The CMOS 65C02 redefined them to no-op. This has been going on a long time.
It amazing how there is an endless supply of these “coincidence”
Well, yeah. That’s because it’s inherent to how CPUs work. Every single CPU on the planet has undefined opcodes, unless the number of defined ones just happens to be a power of two.