Breaking Secure Bootloaders
Offered By: Black Hat via YouTube
Course Description
Overview
Syllabus
Intro
Common Android Bootloader Protection Analysis of an unlock on the phone was performed using USBPCAP
Implementing Fastboot Easy to implement using standard USB libraries
Identifying A Potential Bootloader Weakness The "flash" command usually only flashes partitions on unlocked bootloaders
Unknown Memory Analysis Most opcodes, while valid operations, would not be the same as in the bootloader
Unlocking The Bootloader To unlock the bootloader, it was necessary to jump to the code after the RSA check
Patching Bootloader Unlock A single branch instruction was identified, which sent an error response or unlocked the bootloader, depending on whether the signature was accurate
Bootloader Firmware Update Protocol Unique to NXP chips
Hashing Process The first command contains a version number, SHA-256 hash, and signature of the hash
Bypassing Signature Verification Modified hashes could be written in the right portion of memory
Repairing the Firmware Using a dump of the working config, the new config could be hashed and written
Taught by
Black Hat
Related Courses
Mobile Devices in Everyday LifeTallinn University via EMMA Windows Support Essentials: Maintenance
Microsoft via edX Advanced IOT Applications
Indian Institute of Science Bangalore via Swayam Computer Fundamentals: Security
Pluralsight Integrating AWS IoT Core in Your Application
Pluralsight