Explore the inner workings of a custom-developed bootkit for U-Boot based embedded devices in this 33-minute conference talk from Nullcon Goa 2018. Discover how the bootkit achieves persistence at a level lower than firmware, surviving updates and factory resets. Learn about its killswitch functionality, multi-boot technique for switching between regular and backdoored images, and methods to thwart detection. Delve into topics such as dumping flash memory, utilizing toolchains, exploiting U-Boot variables, and backdooring functions. Examine the process of planting the bootkit, ensuring persistence, and potential detection methods. Discuss secure boot, supply chain attacks, and trusted computing concepts. Gain insights into firmware security resources and understand the implications of this advanced IoT cybersecurity threat.
Overview
Syllabus
Introduction
Goal
Bootkit: Advantages
Bootkit: Disadvantages
Preparing the Device
Dumping the flash
The toolchain
U-Boot variables
Interesting features
Backdooring functions printeny
U-Boot password protection
Hiding from 'strings
Demo
Planting the bootkit
Persistence
Detecting Bootkits
Secure Boot
Bypassing Secureboot
Supply Chain attacks
(Not-so) Trusted Computing
Firmware Security Resources
Conclusion
Taught by
nullcon
