Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

Secure boot is the baseline for a secure system. If the boot process can be compromised, then it is essentially game over from the beginning.

Symbolic links are a way to link someone to a different location on the file system, without having to change each reference to the spot on the OS. This can be useful compatibility reasons.

Embedded devices commonly have a cryptographically signed section of the Secure Boot process and a partition that stores logs and other data, which is not digitally signed. So, what is the big deal? Why does this matter?

A symbolic link can be used in order to reference files within the secure boot process itself. Because the system applications attempting to access files and directories on the non-volatile storage partition can be redirected to the root file system, the Secure Boot process can be defeated.

Where are potential attacks lying in this? From the non-verified partition, web hosting, log files, boot scripts and several other things are prime targets for this attack. These attacks go from leaking sensitive information to compromising the device upon loading the firmware itself.

From there, the whitepaper goes into several attack scenarios and how to exploit the bug.

How do developers prevent link attacks? Extend cryptographic protections across all partitions. Additionally, using file permissions to prevent the writing of important files is a big aspect of this too.