Overview
Syllabus
Intro
Overview
Secure boot?
Secure boot theory
Secure boot example
ways to ...
debug access to boot stage (JTAG) riscure
Debug/service functionality
Nook boot UART exploit
18. Overriding boot source medium
TOCTOU race conditions
Timing attacks
Timing attack with Infectus board
XBOX 360 timing attack procedure
Glitch sensitivity
Glitch demo
Is it a real attack?
Slot machine EMP Jamming
Code section
EM-FI Transient Probe
Research probes
Design mistakes
Accessibility of boot ROM after boot riscure
Crypto sanitization
Firmware Upgrade / Recovery flaws riscure
Relying on unverified code
Service backdoor/password
State errors
Driver weaknesses
ROM patching functionality
Inappropriate signing area
Key management
Weak signing keys/methods
Parting thoughts
Taught by
WEareTROOPERS