Vlind Glitch: A Blind VCC Glitching Technique to Bypass the Secure Boot of the Qualcomm MSM8916 Mobile SoC

Black Hat Europe - 7 December 2022

All modern mobile phone SoCs are protected with the secure boot mechanism. Secure Boot's first level is implemented in bootrom's code. This code is in ROM memory and cannot be modified. The Bootrom is trustworthy and it is responsible for loading the next stage in the boot process. This stage is known in mobile devices as Secondary Boot Loader (SBL), which is stored in eMMC or UFS external writable memories and can be overwritten by firmware updates.

To ensure security while allowing firmware updates, vendors cryptographically sign them, preventing others from modifying the Secondary Boot Loader, otherwise, it would be trivial to break the secure boot chain. In this scenario, either a private key is used to sign a crafted firmware with a modified SBL, or an exploitable software bug is found. Although vulnerable bootroms have been found in the past, they are very tied to particular phones and versions. In addition, it requires a significant effort in reverse engineering the bootrom to try to find vulnerabilities. This approach requires having the bootrom's code in the first place, which is proprietary and not publicly available, and therefore requires a vulnerability to obtain the SoC's bootrom, leading us into a dependency loop and resulting in a failed exploitation attempt.

In this talk, we will present a Blind VCC glitch (Vlind Glitch) method to bypass bootroms' secure boot mechanisms without requiring source or binary code. In other words, we do not have to know things like the code we are glitching, how the secure boot mechanism is implemented or whether the CPU is in thumb mode or not.

To show the practicality of the technique, we have applied the approach to the Qualcomm SoC MSM8916/APQ8016, which resulted in a simple but fast and effective Secure Boot bypass. In our demo, we will show how to apply Vlind Glitch to bypass the secure boot bypass on a development phone board equipped with the Qualcomm SoC MSM8916/APQ8016.