Posted on Wed 10 February 2021 in Tool • Tagged with arm, amlogic, chromecast, bootrom, usb, exploit
In previous posts, we explained how to reverse the USB stack in the Exynos bootROM, which led to the discovery of a critical bug. After reproducing this methodology on Amlogic bootROM recently dumped, a similar vulnerability has been discovered in the USB stack that can be exploited to run arbitrary …
Posted on Wed 17 June 2020 in Tool • Tagged with arm, exynos, samsung, bootrom, usb, exploit
In previous posts, we explained how to dump Exynos bootROM and reverse its USB stack.
These efforts led to the discovery of a bug in the USB stack that can be exploited to run arbitrary code.
The following chipsets are known to be affected by this bug :
Posted on Mon 15 June 2020 in Tool • Tagged with arm, exynos, samsung, bootrom, trustzone, exploit
This post introduces a tool to dump Samsung Galaxy S7 bootROM using known and fixed security vulnerabilities in Trustzone.
The source code is available on GitHub.
We use a Galaxy S7 phone, with ADB access and root privileges.
BootROM code is at address 0x0, in Secure world. The TEE …
Posted on Fri 16 May 2014 in Tool • Tagged with mips, smarttv, firmware, philips
pflupg-tool is an
unpacking tool for Philips SmartTV firmware (Fusion platform). If
your firmware is encrypted, you have to provide the corresponding
public key (public exponent + modulus).
You can add public keys in pflupg.h file:
#define PUBLIC_KEYS_CNT 2
// { name, public exponent e (hex string), modulus n (hex string)}
static …Posted on Thu 15 May 2014 in Tool • Tagged with tool, wireshark, directfb
Voodoo is the network layer of DirectFB. dfb-wireshark-dissector is a Wireshark plugin to dissect this protocol.
Main features are :