Completed
Patching Bootloader Unlock A single branch instruction was identified, which sent an error response or unlocked the bootloader, depending on whether the signature was accurate
Class Central Classrooms beta
YouTube videos curated by Class Central.
Classroom Contents
Breaking Secure Bootloaders
Automatically move to the next video in the Classroom when playback concludes
- 1 Intro
- 2 Common Android Bootloader Protection Analysis of an unlock on the phone was performed using USBPCAP
- 3 Implementing Fastboot Easy to implement using standard USB libraries
- 4 Identifying A Potential Bootloader Weakness The "flash" command usually only flashes partitions on unlocked bootloaders
- 5 Unknown Memory Analysis Most opcodes, while valid operations, would not be the same as in the bootloader
- 6 Unlocking The Bootloader To unlock the bootloader, it was necessary to jump to the code after the RSA check
- 7 Patching Bootloader Unlock A single branch instruction was identified, which sent an error response or unlocked the bootloader, depending on whether the signature was accurate
- 8 Bootloader Firmware Update Protocol Unique to NXP chips
- 9 Hashing Process The first command contains a version number, SHA-256 hash, and signature of the hash
- 10 Bypassing Signature Verification Modified hashes could be written in the right portion of memory
- 11 Repairing the Firmware Using a dump of the working config, the new config could be hashed and written