Uncategorized

Reverse Engineering Samsung S6 SBOOT – Part II

Reverse Engineering Samsung S6 SBOOT – Part II
By Fernand Lone Sang

In my previous article, I explained how to load Samsung’s proprietary bootloader SBOOT into IDA Pro. The journey to the TEE OS continues in this second article which describes two techniques to locate Trustonic’s TEE <t-base in the binary blob. A few months back, I started digging into various TEE implementations and that led me to reverse engineer Samsung’s proprietary bootloader SBOOT [1]. At that time, I suspected that the Trustonic’s TEE <t-base was somehow embedded in the bootloader’s image of Exynos-based smartphones, and it turned out that my assumptions were good. Back then, I used two techniques to locate <t-base in SBOOT but I did not find enough time to cleanup my notes and blog about it until now. This article describes the two techniques I used.[…]

https://blog.quarkslab.com/reverse-engineering-samsung-s6-sboot-part-ii.html

https://blog.quarkslab.com/reverse-engineering-samsung-s6-sboot-part-i.html

Standard

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s