About  Project Blog Resources

Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

UBoot Glitch Attack In Action- 219

Théo Rigas - NVISOPosted 5 Years Ago
  • UBoot (in the non-secure version) is known to drop into a shell if the boot process does not work.
  • Normally, the boot process works fine. However, by shorting out the data line at boot time, this can cause the bootloader to become confused and drop into a shell.
  • What is particularly interesting about the attack in the article is that the chip is a mounted via a BGA (ball grid array). BGA has tiny little pieces of solder underneath it. Honestly, before reading this article, I did not think that this particular glitch attack was viable with BGA mounted chips.
  • Once we have a shell in UBoot, the job is easy! Secrets are sometimes stored within UBoot variables. Additionally, we can add scripts to run on the host OS from UBoot. By altering these scripts, we now have a shell on the device OS itself (not just UBoot).

Maxwell DulinEmail me!TwitterGithubAdminBlog RSS FeedResources RSS Feed