Posted on Mon 15 June 2020 in Tool • Tagged with arm, exynos, samsung, bootrom, trustzone, exploit
This post introduces a tool to dump Samsung Galaxy S7 bootROM using known and fixed security vulnerabilities in Trustzone.
The source code is available on GitHub.
We use a Galaxy S7 phone, with ADB access and root privileges.
BootROM code is at address 0x0, in Secure world. The TEE …
Posted on Wed 05 October 2016 in Article • Tagged with vulnerability, amlogic, arm, security, firmware, trustzone, bootrom, bug
The Amlogic S905
System-On-Chip is an ARM processor designed for video
applications. It's widely used in Android/Kodi media boxes. The SoC
implements the TrustZone security extensions to run a Trusted
Execution Environment (TEE) that enables DRM & other security
features :
|
| Amlogic S905 System Block Diagram |
Posted on Thu 25 December 2014 in Article • Tagged with arm, security, qualcomm, firmware, android, nexus, trustzone
This article will first describe how to locate the Monitor mode code in Nexus 5 firmware (hammerhead-ktu84p-factory-35ea0277, bootloader-hammerhead-hhz11k : c32f8bec310c659c1296739b00c6a8ac). Then, we will try to understand what it does (its functionalities). Finally, you will have to find bugs by yourself because I didn't find any...so far !
Note: Terms (Non-)Secure …
Posted on Thu 18 December 2014 in Advisory • Tagged with vulnerability, advisory, arm, security, qualcomm, android, trustzone