Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

On the Nose - Bypassing Huawei's Fingerprint Authentication by Exploiting the TrustZone

via YouTube

Overview

Explore the intricacies of bypassing Huawei's fingerprint authentication by exploiting the TrustZone in this 45-minute conference talk from Derbycon 2018. Delve into the modern mobile security architecture and the exploit chain, focusing on Huawei's TrustZone system architecture. Learn about the journey from userland to kernel, including a custom unmap implementation bug and exploitation techniques like redirecting the fops table. Discover the process of entering the Secure World, passing arguments to a Trustlet, and hijacking TEE_Malloc. Investigate the Trusted Core Environment, finding primitives, and disabling fingerprint authentication by locating and manipulating the responsible trustlet. Follow the userland daemon to identify and patch vulnerabilities in this comprehensive exploration of mobile security vulnerabilities.

Syllabus

Intro
The Goal
The modern mobile security architecture
The exploit chain
Disclaimer - Chipset determines the TEE
Huawei's Trustzone system architecture
Userland to Kernel
Bug #2- A custom unmap implementation?
Exploitation - Redirecting the fops table
Kernel to Trustlet
Into to the Secure World - Passing args to a Trustlet
Exploitation - Hijacking TEE_Malloc
Trusted Core Environment
Trusted Core - Finding Primitives
Disable Fingerprint Auth • Find trustle responsible for recognizing Fingerprints
Follow the userland daemon
Finding and patching

Reviews

Start your review of On the Nose - Bypassing Huawei's Fingerprint Authentication by Exploiting the TrustZone

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.