Overview
Syllabus
Intro
Modern OS Security
Samsung's Secure Boot Process
BL2 components
Odin: The Samsung Flashing Tool
Put Phone Into Download Mode
process packet(): Write Data to Buf
Hold Your Horses
Mystery Mode
Upload Mode: What Did We Stumble Into?
Breakthrough: Memory Dump
Some Suspicious String Pointers
Finding the Secret Terminal
Normal USB Connection
USB Multiplexing on Samsungs
Shorting the GND and I pins with variable resistance micro B USB Jack
Looking for the Right Resistance
The Samsung Anyway Jig
Building Our Own Jig
call bl commando parses terminal
Let's Dump the Stack!
The Exploit
What's Next?
Taught by
nullcon