WeMu:Effective and scalable emulation of microarchitectural weird machines

Recent research on Microarchitectural Weird Machines (µWMs) has shown that microarchitectural optimization features, originally exploited for data exfiltration, can also facilitate hidden computation. Emerging µWMs, enabled by dedicated compilers, have become increasingly practical, evading conventional analysis tools by executing complex cryptographic algorithms and unpacking malware entirely within the microarchitectural domain. To address the lack of defensive capabilities against this growing threat, we introduce WeMu, the first emulation-based framework specifically designed for the analysis of µWMs. WeMuenables security analysts to observe and reverse engineer hidden microarchitectural computations through novel abstractions that accurately replicate µWM behavior without the overhead and limitations of full microarchitectural simulation. We validate WeMu’s effectiveness by successfully emulating µWMs ranging from basic logic gates to sophisticated cryptographic routines consisting of thousands of gates. WeMu establishes the first practical foundation for the analysis and reverse engineering of microarchitectural computations, paving the way for more effective defenses.