Breaking Secure Boot by Experience

Secure Boot is fundamental for assuring the authenticity of the Trusted Code Base (TCB) of embedded devices. Recent attacks on Secure Boot, on a wide variety of devices such as video game consoles and mobile phones, indicate that Secure Boot vulnerabilities are widespread.

The BootPwn experience puts you in the attacker's seat in order to explore the attack surface of Secure Boot while identifying and exploiting interesting vulnerabilities applicable to real-world devices. Moreover, it’s hands-on, well-guided and driven by an exciting jeopardy-style format.

Your journey starts with achieving a comprehensive understanding of Secure Boot. You will learn how hardware and software are used to assure the integrity and confidentiality of the software of an embedded device. You will then use this understanding for identifying interesting vulnerabilities across the entire Secure Boot attack surface. You will be challenged to exploit these vulnerabilities using multiple realistic scenarios.

All practical exercises are performed on our custom emulated attack platform which is based on publicly available code bases.

As an attacker, you will be able to:

  • open the device and make physical modifications
  • communicate with the internal and external interface
  • program the external flash of the device
  • perform hardware attacks like fault injection

You will be guided towards an interesting range attack vectors and vulnerabilities specific for Secure Boot, which can be leveraged for novel and creative exploits, allowing you to refine your skills to a new level.

Please contact us for more information!

Anonymous

Anonymous

I learned a lot and my expectations were fully met. Thanks!

Anonymous

Anonymous

I really enjoyed the training. I had a lot of fun with the exercises, and I learned new approaches to several problems!

Anonymous

Anonymous

I think this was a pretty good experience, lots of breadth covered. Appreciate the exercises, think this gives me a lot of confidence in trying to explore boot-time stuff further. 10/10

Anonymous

Anonymous

Learned a lot! The course system is exceptional, I have not seen anything like it.

Anonymous

Anonymous

I really enjoyed the hands-on experience. It was awesome.

Anonymous

Anonymous

Fantastic instructor. The theory + labs in the class were fantastic, and should vastly speed up any work I might have in the 'device' security field.

Anonymous

Anonymous

I very much liked the fact the instructor has a lot of real world experience with the taught subject. Being able to explain concepts based on own research was very valuable.

Anonymous

Anonymous

Definitely would recommend the class and would also join other trainings. The training covered all relevant aspects of secure boot and it was a perfect mixture of lectures and exercises. Really enjoyed.

Anonymous

Anonymous

I would highly recommend this class to my colleagues and also attend any other training offered by this trainer.


Additional Info

Audience

  • Anyone with an interest in breaking Secure Boot on secure devices
  • Security enthusiasts with an interest in embedded device security
  • Designers of Secure Boot interested in an offensive perspective

Agenda

  • Fundamentals
    • Embedded devices
    • Verification
    • Decryption
  • Secure Boot
    • Attack surface
    • Real-world attacks
  • Identifying Secure Boot vulnerabilities
    • Design information
    • Flash dumps
    • Source code
    • Binary code
  • Exploit Secure Boot vulnerabilities related to
    • Insecure designs
    • Vulnerable software
    • Weak cryptography
    • Incorrect cryptography
    • Configuration issues
    • Incorrect checks
    • Insecure parsing
    • Vulnerable hardware
    • Fault Injection

Requirements

The students of the BootPwn experience are expected to:

  • have experience with Python/C programming
  • have experience with the ARM architecture (AArch64)
  • have an understanding of typical software v/ulnerabilities
  • be familiar with reverse engineering (AArch64)
  • be familiar with common cryptography (RSA, AES and SHA)

Don’t worry if you don’t meet all of the above expectations. Less-experienced students can rely on our guidance, hints and solutions, whereas more-experienced students will not.

Please contact us for more information!

HostNFI
DateFeb 25-28, 2025
TypeClassroom
LocationNetherlands
LanguageEnglish

Access restricted

HostRingzer0
DateMar 9-15, 2025
TypeOnline
TimezoneUSA
LanguageEnglish

Buy your ticket here!

HostRingzer0
DateMar 18-21, 2025
TypeClassroom
LocationAustin, TX
LanguageEnglish

Buy your ticket here!

Contact Us

Contact Details

Feel free to contact us, we will be happy to listen and support.

Meeuwenlaan 20, 3055 CL, Rotterdam, The Netherlands
Email: info@raelize.com
VAT: NL861445934B01
KVK: 78549477