GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → quarkslab → Samsung Trustzone Research

quarkslab / Samsung Trustzone Research

Licence: other
Reverse-engineering tools and exploits for Samsung's implementation of TrustZone

Programming Languages

python
139335 projects - #7 most used programming language

Labels

reverse-engineeringfuzzingemulationexploitationbindingstoolingsamsung

Projects that are alternatives of or similar to Samsung Trustzone Research

FirmWire
FirmWire is a full-system baseband firmware emulation platform for fuzzing, debugging, and root-cause analysis of smartphone baseband firmwares
Stars: ✭ 555 (+552.94%)
Mutual labels:  emulation, fuzzing, samsung
Ludo
A libretro frontend written in golang
Stars: ✭ 366 (+330.59%)
Mutual labels:  bindings, emulation
Medfusion 4000 Research
Medfusion 4000 security research & a MQX RCE.
Stars: ✭ 331 (+289.41%)
Mutual labels:  exploitation, reverse-engineering
Netzob
Netzob: Protocol Reverse Engineering, Modeling and Fuzzing
Stars: ✭ 584 (+587.06%)
Mutual labels:  reverse-engineering, fuzzing
Slides
won't maintain
Stars: ✭ 79 (-7.06%)
Mutual labels:  reverse-engineering, fuzzing
AEGPaper
Automatic Exploit Generation Paper
Stars: ✭ 30 (-64.71%)
Mutual labels:  fuzzing, exploitation
Subaru Starlink Research
Subaru StarLink persistent root code execution.
Stars: ✭ 432 (+408.24%)
Mutual labels:  exploitation, reverse-engineering
Galaxybudsclient
Unofficial Galaxy Buds Client for Windows
Stars: ✭ 733 (+762.35%)
Mutual labels:  samsung, reverse-engineering
Paper collection
Academic papers related to fuzzing, binary analysis, and exploit dev, which I want to read or have already read
Stars: ✭ 710 (+735.29%)
Mutual labels:  exploitation, fuzzing
Rizin
UNIX-like reverse engineering framework and command-line toolset.
Stars: ✭ 673 (+691.76%)
Mutual labels:  exploitation, reverse-engineering
ShannonBaseband
Scripts, plugins, and information for working with Samsung's Shannon baseband.
Stars: ✭ 69 (-18.82%)
Mutual labels:  samsung, exploitation
Baresifter
A bare-metal x86 instruction set fuzzer a la Sandsifter
Stars: ✭ 33 (-61.18%)
Mutual labels:  reverse-engineering, fuzzing
phuzz
Find exploitable PHP files by parameter fuzzing and function call tracing
Stars: ✭ 53 (-37.65%)
Mutual labels:  fuzzing, exploitation
Unipacker
Automatic and platform-independent unpacker for Windows binaries based on emulation
Stars: ✭ 273 (+221.18%)
Mutual labels:  emulation, reverse-engineering
foundry
Foundry is a blazing fast, portable and modular toolkit for Ethereum application development written in Rust.
Stars: ✭ 4,623 (+5338.82%)
Mutual labels:  tooling, fuzzing
Pwndra
A collection of pwn/CTF related utilities for Ghidra
Stars: ✭ 417 (+390.59%)
Mutual labels:  exploitation, reverse-engineering
Uddbg
A gdb like debugger that provide a runtime env to unicorn emulator and additionals features!
Stars: ✭ 159 (+87.06%)
Mutual labels:  emulation, reverse-engineering
titanm
This repository contains the tools we used in our research on the Google Titan M chip
Stars: ✭ 149 (+75.29%)
Mutual labels:  fuzzing, exploitation
Vivisect
Stars: ✭ 672 (+690.59%)
Mutual labels:  emulation, reverse-engineering
Pbtk
A toolset for reverse engineering and fuzzing Protobuf-based apps
Stars: ✭ 791 (+830.59%)
Mutual labels:  reverse-engineering, fuzzing
View All Similar Projects ➔

Security Research on Kinibi

In this repository, you will find the tools that we have developed during our research to help us reverse engineer and also exploit Samsung's implementation of TrustZone, which is based on a Trusted OS called Kinibi.

Bindings

In the bindings/ folder, you will find Python bindings for the libMcClient.so library that is used to communicate with Trusted Applications and Secure Drivers. They were developed because we found it easier to write our exploits in Python, and they proved especially useful for the exercises given during our training sessions.

Emulator

In the emulator/ folder, you will find a Python script that makes use of the Unicorn engine to emulate a trustlet. This tool was mainly used to test our exploits as it can print the instructions executed, register values and stack content.

Fuzzer

In the fuzzer/ folder, you will find a Python script that makes use of the afl-unicorn project to fuzz trustlets. It is heavily based on the emulator. You will need to implement more tlApis/drApis if you intend to do some serious fuzzing.

Scripts

In the scripts/ folder, you will find various things:

  • mclf_loader, a loader for trustlet binaries using the MCLF file format
  • tbase_loader, a loader that extracts the various components of a SBOOT image
  • find_symbols, a script that finds and renames the various tlApis/drApis stubs within trustlets
  • find_symbols_mclib, a script that finds and renames the various tlApis/drApis functions within the McLib

The scripts are available both for IDA Pro and Ghidra, as we wanted our trainees to be able to use a free SRE.

Tainting

In the tainting/ folder, you will find a Python script that makes use of Manticore to find vulnerabilities in trustlets using symbolic execution. This was just an experiment, so the script is really basic.

Contact

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].