Explore the intricacies of bootloader unlocking and Samsung Sboot exploitation in this 48-minute conference talk from nullcon Goa 2017. Dive deep into the secretive world of Samsung's bootloader, examining its protective mechanisms and anti-tamper features like the Warranty Bit. Discover the obscure protocols driving the bootloader, and uncover a memory corruption vulnerability that allows unprecedented access to Sboot. Learn about modern OS security, Samsung's secure boot process, and tools like Odin for flashing. Investigate the mysterious Upload Mode, breakthrough techniques for memory dumping, and the discovery of a secret terminal. Gain insights into USB multiplexing on Samsung devices and the creation of custom jigs for accessing hidden functionalities. Follow along as the speaker demonstrates stack dumping and exploit development, providing a comprehensive look at the art of bootloader unlocking on Samsung devices.
The Art of Bootloader Unlocking - Exploiting Samsung Sboot
Overview
Syllabus
Intro
Modern OS Security
Samsung's Secure Boot Process
BL2 components
Odin: The Samsung Flashing Tool
Put Phone Into Download Mode
process packet(): Write Data to Buf
Hold Your Horses
Mystery Mode
Upload Mode: What Did We Stumble Into?
Breakthrough: Memory Dump
Some Suspicious String Pointers
Finding the Secret Terminal
Normal USB Connection
USB Multiplexing on Samsungs
Shorting the GND and I pins with variable resistance micro B USB Jack
Looking for the Right Resistance
The Samsung Anyway Jig
Building Our Own Jig
call bl commando parses terminal
Let's Dump the Stack!
The Exploit
What's Next?
Taught by
nullcon
