This is a document for setting up the required environment for our training (Practical Binary Hardening with Control-flow Enforcement Technology (CET)). Please do not hesitate to ask for help @kento or @rand0m (message us here or DM us directly).
Intel CET is a processor feature available for modern chips, therefore some participants may not have chips with CET support. We decided to use Intel® Software Development Emulator (SDE) 10.5.0-2026-01-13 for our hands-on training.
We highly recommend that you make sure your environment works before the training.
ARM Windows is NOT supported. If you're on ARM Windows, let us know: @kento or @rand0m (message us here or DM us directly). We would like to discuss further.
Since Intel SDE does not support CET on Windows (Windows' CET implementations are very tied to the OS layer for backward compatibility matters!), we need to rely on WSL. Ubuntu 24 is recommended but it might work for other distros as well.
- Download SDE
curl -LO https://downloadmirror.intel.com/859732/sde-external-10.5.0-2026-01-13-lin.tar.xz- Unzip
tar -xzf sde-external-10.5.0-2026-01-13-lin.tar.xz- It runs:
./sde64 --help
# Intel(R) Software Development Emulator. ...Then cd sde-external-10.5.0-2026-01-13-lin and follow the Testing for the rest of setup.
Due to the CET being Intel's processor feature we do not have many ways to execute Intel SDE in macOS. So we decided for macOS users to set up an isolated environment in Google cloud. It might work the similar way for other vendors, we have no guarantee. If you don't wish to / can't afford a GCP account, feel free to ask @kento or @rand0m (again, message us here or DM us directly).
-
Download and extract Download
cettf.zipand extract:unzip cettf.zip cd cettf -
Prerequisites
gcloudCLI installed and authenticated (gcloud auth login)- GCP project set (
gcloud config set project <id>) orPROJECTinlocal.env - OS Login enabled on the project (default for most orgs)
terraform>= 1.5 installed- Download Intel SDE tarball into the
cettf/directory
curl -LO https://downloadmirror.intel.com/859732/sde-external-10.5.0-2026-01-13-lin.tar.xz
-
Run the following (
AUTO_DESTROY=1to avoid getting charged for non-used resources.)cp defaults.env local.env ./run_all.sh
The output should look something like:
[PASS] native SHSTK baseline
[PASS] SDE SHSTK detection
[PASS] native IBT baseline
[PASS] SDE IBT detection
[PASS] CET SDE regression succeeded
Then follow the Testing for the rest of setup.
See README.md in the zip for full documentation.
Refer to these steps to make sure your environment works with SDE.
First, make a source file:
cat << 'EOF' > shstk_violation.c
#define _GNU_SOURCE
#include <stdio.h>
#include <stdint.h>
#include <signal.h>
#include <unistd.h>
static void handler(int sig, siginfo_t *info, void *ctx) {
const char *msg = "cet violation caught!\n";
write(STDERR_FILENO, msg, 22);
_exit(1);
}
void landing() {
printf("hijacked!\n");
_exit(0);
}
__attribute__((noinline))
void victim() {
uintptr_t *frame = __builtin_frame_address(0);
frame[1] = (uintptr_t)landing;
}
int main() {
struct sigaction sa = {
.sa_sigaction = handler,
.sa_flags = SA_SIGINFO,
};
sigaction(SIGSEGV, &sa, NULL);
victim();
printf("done\n");
return 0;
}
EOFCompile it:
gcc -O0 -fno-omit-frame-pointer -fcf-protection=full -o shstk_violation shstk_violation.cw/o CET:
./sde64 -- ./shstk_violation
# it should print "hijacked!"w/ CET on:
./sde64 -cet -ptr-raise -- ./shstk_violation
# it should print "cet violation caught!"
こはるちゃん?