This post introduces a tool to dump Samsung Galaxy S7 bootROM using known and fixed security vulnerabilities in Trustzone.
The source code is available on GitHub.
We use a Galaxy S7 phone, with ADB access and root privileges.
BootROM code is at address 0x0, in Secure world. The TEE …