TrustZone
Omni-Space
专注Android, Mobile Security and AI
展开
-
【译】KINIBI TEE: TRUSTED APPLICATION EXPLOITATION
一段时间以来,Android设备和许多嵌入式系统都使用了受信任的执行环境(TEE)来托管一些安全功能(如硬件加密/密钥,DRM,移动支付,生物识别等)。在ARM平台上,TEE是小型操作系统,它们使用ARM TrustZone技术将其执行与标准操作系统(例如Linux)隔离开。TEE操作系统比Rich Execution Environment(智能手机中的REE,Android)简单得多,并...翻译 2020-03-31 01:29:05 · 1247 阅读 · 0 评论 -
Full TrustZone exploit for MSM8974
In this blog post, we'll cover the complete process of exploiting the TrustZone vulnerability described in the previous post. If you haven't read it already, please do! Responsible Disclosure转载 2017-09-28 04:47:54 · 994 阅读 · 0 评论 -
TrustZone Kernel Privilege Escalation (CVE-2016-2431)
In this blog post we'll continue our journey from zero permissions to code execution in the TrustZone kernel. Having previously elevated our privileges to QSEE, we are left with the task of exploiti转载 2017-09-28 04:55:33 · 819 阅读 · 0 评论 -
War of the Worlds - Hijacking the Linux Kernel from QSEE
After seeing a full QSEE vulnerability and exploit in the previous blog post, I thought it might be nice to see some QSEE shellcode in action.As we've previously discussed, QSEE is extremely pri转载 2017-09-28 04:57:13 · 570 阅读 · 0 评论 -
QSEE privilege escalation vulnerability and exploit (CVE-2015-6639)
In this blog post we'll discover and exploit a vulnerability which will allow us to gain code execution within Qualcomm's Secure Execution Environment (QSEE). I've responsibly disclosed this vulnera转载 2017-09-28 04:59:14 · 1039 阅读 · 0 评论 -
Exploring Qualcomm's Secure Execution Environment
Welcome to a new series of blog posts!In this series, we'll dive once more into the world of TrustZone, and explore a new chain of vulnerabilities and corresponding exploits which will allow us转载 2017-09-28 05:00:34 · 898 阅读 · 0 评论 -
The Case for a Virtualization-Based Trusted Execution Environment in Mobile Devices
Saeed Mirzamohammadi, Ardalan Amiri Sani, "The Case for a Virtualization-Based Trusted Execution Environment in Mobile Devices" in Proc. ACM SIGOPS Asia-Pacific Workshop on Systems (APSys), August 20...转载 2019-03-07 18:08:17 · 342 阅读 · 0 评论 -
Hands on Introduction to ARM Firmware using the 96Boards HiKey
https://casualhacking.io/blog/2016/11/25/hands-on-introduction-to-arm-firmware-using-the-hikeyThis is a walkthrough for flashing custom ARM Trusted Firmware, OP-TEE, and the ARM UEFI Platform code o...转载 2019-03-20 17:10:33 · 2250 阅读 · 0 评论 -
【译】Ethereum Wallet in a Trusted Execution Environment / Secure Enclave
介绍在过去的几周里, Weeve团队已经从社区中获得了很多关于我们如何将以太坊钱包应用到我们的 weeveOS中的兴趣 。 weeveOS是一个开源操作系统,针对IoT-to-Ethereum进行了优化(在未来的版本中,我们将增加对其他区块链技术的支持)应用程序利用最先进的安全机制来保护以太网钱包免受网络攻击( GitHub )。 通过WeeveOS,该项目旨在为区块链实施安全可靠的物联网神谕...翻译 2019-06-03 13:01:20 · 511 阅读 · 0 评论