![](https://ccweb.imgix.net/https%3A%2F%2Fwww.classcentral.com%2Fimages%2Ficon-black-friday.png?auto=format&ixlib=php-4.1.0&s=fe56b83c82babb2f8fce47a2aed2f85d)
A Black-Box Security Evaluation of the SpaceX Starlink User Terminal
BruCON Security Conference via YouTube
Overview
![](https://ccweb.imgix.net/https%3A%2F%2Fwww.classcentral.com%2Fimages%2Ficon-black-friday.png?auto=format&ixlib=php-4.1.0&s=fe56b83c82babb2f8fce47a2aed2f85d)
Syllabus
Starlink 101
Hardware revisions
UART - Login Prompt
PCB overview
RF Components
Identifying eMMC test points
Reading eMMC in-circuit
Extracting the eMMC dump
Unpacking the FIT
Temperature and RF channels
Webpages
Development geofences
Obtaining root
Fault injection
Crowbar VFI: Challenges
Example output
STM/SpaceX ARM TFA-A
Tricks of the trade
BL1 Glitch setup
ROM Bootloader (BL1)
BL1 glitch detection example
Enabling decoupling capacitors
Creating a mobile setup
PCB design
Installed modchip
SpaceX strikes back
Adapt
Network exploration
What's next?
Conclusion
Taught by
BruCON Security Conference