攻击三星 Galaxy A_ 启动链及其他.pdf

编号:981604 PDF 87页 7.16MB 下载积分:VIP专享
下载报告请您先登录!

1、Maxime Rossi BellomDamiano MelottiRaphal NeveuGabrielle VialaAttacking Samsung Galaxy A*Boot Chain,and Beyond2Who we areDamiano Melotti DamianoMelottiEx security researcher QuarkslabInterested in low-level mobile security and fuzzingMaxime Rossi Bellom max_r_bSecurity researcherand R&D leader Quarks

2、labWorking on mobile and embedded software securityRaphal NeveuSecurity researcher QuarkslabWorking on low-level mobile securityGabrielle Viala pwissenlitSecurity researcherand R&D leader QuarkslabPlaying with low-level stuff4Samsung Galaxy A225FCheap(300)Mediatek SoC MT6769VMain OS:AndroidMix of Me

3、diatek and Samsung codeTrustzone OS:TEEGRISSecure Boot Bypass using MTKClient1making debugging easierOur Device1:https:/ Secure Boot Process6Mediatek Secure Boot Process7Little Kernel(LK)Open-source OS2Common as bootloader in the Android worldAllows to boot Android or other modes(Recovery)Implements

4、 Android Verified Boot v2Verification of Android imagesInvolving boot and vbmeta partitionsAnti-rollback2:https:/ modified LK to include:The Odin recovery protocolKnox Security BitEtcAnd a JPEG parser/rendererThis version is closed sourceLittle Kernel by Samsung9Why Targeting the JPEG Loader/ParserJ

5、PEGs are placed in a TAR archive in the up_param partitionThe archive is signed but the signature is not checked at bootAnyone able to write the flash can modify these JPEGsParsing JPEG is known to be hard(cf.LogoFail3)3:https:/www.binarly.io/blog/inside-the-logofail-poc-from-integer-overflow-to-arb

6、itrary-code-execution10Why Targeting the JPEG Loader/ParserJPEGs are placed in a TAR archive in the up_param partitionThe archive is signed but the signature is not checked at bootAnyone able to write the flash can modify these JPEGsParsing JPEG is known to be hard(cf.LogoFail3)How are these JPEGs l

友情提示

1、下载报告失败解决办法
2、PDF文件下载后,可能会被浏览器默认打开,此种情况可以点击浏览器菜单,保存网页到桌面,就可以正常下载了。
3、本站不支持迅雷下载,请使用电脑自带的IE浏览器,或者360浏览器、谷歌浏览器下载即可。
4、本站报告下载后的文档和图纸-无水印,预览文档经过压缩,下载后原文更清晰。

本文(攻击三星 Galaxy A_ 启动链及其他.pdf)为本站 (竿头日上) 主动上传,三个皮匠报告文库仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对上载内容本身不做任何修改或编辑。 若此文所含内容侵犯了您的版权或隐私,请立即通知三个皮匠报告文库(点击联系客服),我们立即给予删除!

温馨提示:如果因为网速或其他原因下载失败请重新下载,重复下载不扣分。
客服
商务合作
小程序
服务号
折叠