Breaking Secure Bootloaders

Breaking Secure Bootloaders

Black Hat via YouTube Direct link

Implementing Fastboot Easy to implement using standard USB libraries

3 of 11

3 of 11

Implementing Fastboot Easy to implement using standard USB libraries

Class Central Classrooms beta

YouTube videos curated by Class Central.

Classroom Contents

Breaking Secure Bootloaders

Automatically move to the next video in the Classroom when playback concludes

  1. 1 Intro
  2. 2 Common Android Bootloader Protection Analysis of an unlock on the phone was performed using USBPCAP
  3. 3 Implementing Fastboot Easy to implement using standard USB libraries
  4. 4 Identifying A Potential Bootloader Weakness The "flash" command usually only flashes partitions on unlocked bootloaders
  5. 5 Unknown Memory Analysis Most opcodes, while valid operations, would not be the same as in the bootloader
  6. 6 Unlocking The Bootloader To unlock the bootloader, it was necessary to jump to the code after the RSA check
  7. 7 Patching Bootloader Unlock A single branch instruction was identified, which sent an error response or unlocked the bootloader, depending on whether the signature was accurate
  8. 8 Bootloader Firmware Update Protocol Unique to NXP chips
  9. 9 Hashing Process The first command contains a version number, SHA-256 hash, and signature of the hash
  10. 10 Bypassing Signature Verification Modified hashes could be written in the right portion of memory
  11. 11 Repairing the Firmware Using a dump of the working config, the new config could be hashed and written

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.