Difference between revisions of "Android TrustZone"
Jump to navigation
Jump to search
m |
m |
||
| (3 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
A very valuable series of posts to understand TrustZone and more specifically QSEE |
A very valuable series of posts to understand TrustZone and more specifically QSEE |
||
| − | * http://bits-please.blogspot. |
+ | * http://bits-please.blogspot.com/2015/03/getting-arbitrary-code-execution-in.html |
| − | * http://bits-please.blogspot. |
+ | * http://bits-please.blogspot.com/2015/08/exploring-qualcomms-trustzone.html |
| − | * http://bits-please.blogspot. |
+ | * http://bits-please.blogspot.com/2015/08/full-trustzone-exploit-for-msm8974.html |
| − | * http://bits-please.blogspot. |
+ | * http://bits-please.blogspot.com/2015/08/android-linux-kernel-privilege.html |
| − | * http://bits-please.blogspot. |
+ | * http://bits-please.blogspot.com/2016/01/android-privilege-escalation-to.html |
| − | * http://bits-please.blogspot. |
+ | * http://bits-please.blogspot.com/2016/04/exploring-qualcomms-secure-execution.html |
| − | * http://bits-please.blogspot. |
+ | * http://bits-please.blogspot.com/2016/05/qsee-privilege-escalation-vulnerability.html |
| + | * http://bits-please.blogspot.com/2016/05/war-of-worlds-hijacking-linux-kernel.html |
||
| + | * http://bits-please.blogspot.com/2016/06/trustzone-kernel-privilege-escalation.html |
||
| + | * http://bits-please.blogspot.com/2016/06/extracting-qualcomms-keymaster-keys.html |
||
Reconstructing a QSEE Trustlet as valid ELF: |
Reconstructing a QSEE Trustlet as valid ELF: |
||
| Line 14: | Line 17: | ||
Exploits |
Exploits |
||
* https://github.com/laginimaineb/MSM8974_exploit |
* https://github.com/laginimaineb/MSM8974_exploit |
||
| + | * https://github.com/laginimaineb/WarOfTheWorlds |
||
| + | * https://github.com/laginimaineb/cve-2015-6639 |
||
| + | * https://github.com/laginimaineb/cve-2016-2431 |
||
TrustZone more generally |
TrustZone more generally |
||
Latest revision as of 16:31, 2 July 2016
A very valuable series of posts to understand TrustZone and more specifically QSEE
- http://bits-please.blogspot.com/2015/03/getting-arbitrary-code-execution-in.html
- http://bits-please.blogspot.com/2015/08/exploring-qualcomms-trustzone.html
- http://bits-please.blogspot.com/2015/08/full-trustzone-exploit-for-msm8974.html
- http://bits-please.blogspot.com/2015/08/android-linux-kernel-privilege.html
- http://bits-please.blogspot.com/2016/01/android-privilege-escalation-to.html
- http://bits-please.blogspot.com/2016/04/exploring-qualcomms-secure-execution.html
- http://bits-please.blogspot.com/2016/05/qsee-privilege-escalation-vulnerability.html
- http://bits-please.blogspot.com/2016/05/war-of-worlds-hijacking-linux-kernel.html
- http://bits-please.blogspot.com/2016/06/trustzone-kernel-privilege-escalation.html
- http://bits-please.blogspot.com/2016/06/extracting-qualcomms-keymaster-keys.html
Reconstructing a QSEE Trustlet as valid ELF:
Exploits
- https://github.com/laginimaineb/MSM8974_exploit
- https://github.com/laginimaineb/WarOfTheWorlds
- https://github.com/laginimaineb/cve-2015-6639
- https://github.com/laginimaineb/cve-2016-2431
TrustZone more generally
- https://genode.org/documentation/articles/trustzone
- https://genode.org/documentation/articles/usb_armory
Presentations