Breaking Secure Boot by Experience
Secure Boot is fundamental for assuring the authenticity of the Trusted Code Base (TCB) of embedded devices. Recent attacks on Secure Boot, on a wide variety of devices such as video game consoles and mobile phones, indicate that Secure Boot vulnerabilities are widespread.
The BootPwn experience puts you in the attacker's seat in order to explore the attack surface of Secure Boot while identifying and exploiting interesting vulnerabilities applicable to real-world devices. Moreover, it’s hands-on, well-guided and driven by an exciting jeopardy-style format.
Your journey starts with achieving a comprehensive understanding of Secure Boot. You will learn how hardware and software are used to assure the integrity and confidentiality of the software of an embedded device. You will then use this understanding for identifying interesting vulnerabilities across the entire Secure Boot attack surface. You will be challenged to exploit these vulnerabilities using multiple realistic scenarios.
All practical exercises are performed on our custom emulated attack platform which is based on publicly available code bases.
As an attacker, you will be able to:
- open the device and make physical modifications
- communicate with the internal and external interface
- program the external flash of the device
- perform hardware attacks like fault injection
You will be guided towards an interesting range attack vectors and vulnerabilities specific for Secure Boot, which can be leveraged for novel and creative exploits, allowing you to refine your skills to a new level.
I learned a lot and my expectations were fully met. Thanks!
I really enjoyed the training. I had a lot of fun with the exercises, and I learned new approaches to several problems!
I think this was a pretty good experience, lots of breadth covered. Appreciate the exercises, think this gives me a lot of confidence in trying to explore boot-time stuff further. 10/10
Learned a lot! The course system is exceptional, I have not seen anything like it.
I really enjoyed the hands-on experience. It was awesome.
Fantastic instructor. The theory + labs in the class were fantastic, and should vastly speed up any work I might have in the 'device' security field.
I very much liked the fact the instructor has a lot of real world experience with the taught subject. Being able to explain concepts based on own research was very valuable.
Definitely would recommend the class and would also join other trainings. The training covered all relevant aspects of secure boot and it was a perfect mixture of lectures and exercises. Really enjoyed.
I would highly recommend this class to my colleagues and also attend any other training offered by this trainer.
- Anyone with an interest in breaking Secure Boot on secure devices
- Security enthusiasts with an interest in embedded device security
- Designers of Secure Boot interested in an offensive perspective
- Embedded devices
- Secure Boot
- Attack surface
- Real-world attacks
- Identifying Secure Boot vulnerabilities
- Design information
- Flash dumps
- Source code
- Binary code
- Exploit Secure Boot vulnerabilities related to
- Insecure designs
- Vulnerable software
- Weak cryptography
- Incorrect cryptography
- Configuration issues
- Incorrect checks
- Insecure parsing
- Vulnerable hardware
- Fault Injection
The students of the BootPwn experience are expected to:
- have experience with Python/C programming
- have experience with the ARM architecture (AArch64)
- have an understanding of typical software v/ulnerabilities
- be familiar with reverse engineering (AArch64)
- be familiar with common cryptography (RSA, AES and SHA)
Don’t worry if you don’t meet all of the above expectations. Less-experienced students can rely on our guidance, hints and solutions, whereas more-experienced students will not.
|Date||Nov 14-17, 2023|
Feel free to contact us, we will be happy to listen and support.