![]() As we've previously seen, we could blow the QFuses responsible for various device features.This includes the memory used by the peripherals on the board (such as the modem). We could disable the hardware protections provided by the SoC's XPUs, allowing us to read and write directly to all of the DRAM.For example, we could directly extract the stored real-life fingerprint or various secret encryption keys (more on this in the next blog post!). We could hijack any QSEE application directly, thus exposing all of it's internal secrets. ![]() ![]() There are quite a few interesting things we can do solely from the context of the TrustZone kernel. Having previously elevated our privileges to QSEE, we are left with the task of exploiting the TrustZone kernel itself. ![]() ![]() In this blog post we'll continue our journey from zero permissions to code execution in the TrustZone kernel. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |