About  Project Blog Resources

Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

Vulnerable tzdemuxerservice TA on Samsung TVs (J-series)- 674

raelizePosted 4 Years Ago
  • Trusted Execution Environment (TEE) is the secure part of TrustZones. This has has two worlds: secure and non-secure. The secure world performs sensitive tasks that are considered sensitive, such as encryption or DRM. Samsung TVs implement this technology for processing video files.
  • In TEE, the GlobalPlatform API is commonly used. When calling these APIs, the parameters are not properly validated for the address being written to. As a result, an address in the secure world can be specified!
  • By doing this, it is possible to write to an arbitrary address within the trusted application (TA). The fix for this (5 of them) was to validate the parameters being sent in.
  • Another vulnerability was a NULL dereference caused by not checking the return value in Malloc. Theoretically, the TA could be mapped to zero, potentially making this exploitable.

Maxwell DulinEmail me!TwitterGithubAdminBlog RSS FeedResources RSS Feed