Published in News

Zentool exploit teases wild RISC-V dreams

by on14 April 2025
Zentool exploit teases wild RISC-V dreams


AMD Zen microcode hacked for Chinese project

Google’s latest security bombshell tool is already fuelling an underground bid to rewrite the rules of chip architecture.

A team of Google researchers dropped a tool called Zentool last month, revealing how bits of AMD's Zen microcode can be modified. What should be a nasty security flaw has instead become a golden ticket for China's Jiachen Project, which is running a contest to turn Zen CPUs into native RISC-V execution engines.

They're dangling ¥20,000 (€2,560) for anyone who can alter the microcode of a modern Zen chip — like an EPYC 9004 — so it can execute RISC-V binaries directly or with a serious speed boost over emulation.

Benchmarks must include Coremark or Dhrystone in RISC-V form. Full submissions need binaries or source, configs, dependencies, and test instructions by 6 June. If only binaries are sent in, source must follow via pull request.

x86 is a creaky old CISC instruction set nearing its 50th birthday, but modern implementations have long relied on hidden internal RISC engines. These are fed microcode, which breaks down complex x86 instructions into simpler ones the silicon can execute. That microcode is meant to be off-limits — but Zentool begs to differ.

Microcode is like duct tape, used to patch hardware bugs. Commenters on YCombinator reckon there’s nowhere near enough space or flexibility in Zen 2/3/4 microcode to gut the x86 front-end entirely.

One hacker Monocasa wrote:  "This is not achievable. There is not enough rewritable microcode to do this even as a super slow hack... the microcode decode and jump is itself hardwired for x86 instruction formats... the micro-ops are very non-RISC."

There’s historical baggage. In the mid-2010s, AMD chief architect Mike Clarke said internal efforts to ship Zen chips that supported both x86-64 and Arm’s Aarch64. Zen 1 might’ve been able to juggle multiple microcode layers. But anything newer? Not likely. The hardware is now optimised down to the bone for x86, leaving no wiggle room for another ISA.

Finally, some have questioned the prize. Rewriting microcode at this level isn’t a weekend project — it’s something national labs and state actors might take a stab at. Asking hobbyists to tackle it for under $3,000 feels more like a cheeky outsourcing trick than a serious call for innovation.

Still, if someone pulls it off, they'll have done the silicon equivalent of getting a tiger to bark.

Last modified on 14 April 2025
Rate this item
(2 votes)
Tagged under
More in this category: « AMD's Ryzen 8000HX series is just a reheated Dragon Range Amiga refuses to die »
back to top

Most popular

Latest comments

Read more about: