Publications
Vlind Glitch: A Blind VCC Glitching Technique to Bypass the Secure Boot of the Qualcomm MSM8916 Mobile SoC
In this talk, presented December 7 at BlackHat Europe 2022, we introduced a Secure Boot bypass technique using voltage fault injection that does not require source code, binary code nor reverse engineering in order to succeed. In fact, our technique can be used on scenarios where no vulnerabilities are known in the BootROM. This technique can be applied to a broad variety of devices and smartphones, and was demonstrated on a Dragon Board 410c.
Auditing Closed Source Trusted Applications for Qualcomm Secure Execution Environment (QSEE)
This talk was presented November 17 at DeepSec 2022. We shared the knowledge we obtained from a careful reverse engineering examination of different QSEE Trusted Applications and operating systems (QSEE-OS). Besides, we presented the different tools we have developed throughout our research to assist in the security evaluation of QSEE, including a debugger for QSEE Trusted Applications fully integrated with GDB and Ghidra and a coverage-based fuzzer for QSEE Trusted Applications. Such tools are essential for us to better understand the internals and behaviour of the trusted applications, to find attack surfaces and to identify vulnerable code for further analyzing and fuzzing.