Overview

• Georgia Tech and Purdue researchers built a passive DIMM interposer that captured DDR4 traffic and extracted an SGX DCAP ECDSA attestation key in about 45 minutes.
• The under-$1,000 setup enables forging SGX quotes to impersonate genuine hardware, letting attackers decrypt smart‑contract states or fake proofs in networks such as Phala, Secret, and Crust.
• The technique exploits deterministic memory encryption to create an oracle against constant‑time cryptography, enabling full key recovery without modifying system software.
• Vendor guidance emphasizes physical security, with Intel noting AES‑XTS memory encryption lacks integrity or anti‑replay protections and that no CVE is planned for this class of attack.
• The disclosure follows the Battering RAM study showing a $50 DDR4 interposer can redirect protected addresses to defeat Intel SGX and AMD SEV‑SNP integrity checks, underscoring complementary confidentiality and integrity failures not solvable by software alone.