Reverse Engineering Samsung S6 SBOOT – Part II

Reverse Engineering Samsung S6 SBOOT – Part II
By Fernand Lone Sang

In my previous article, I explained how to load Samsung’s proprietary bootloader SBOOT into IDA Pro. The journey to the TEE OS continues in this second article which describes two techniques to locate Trustonic’s TEE <t-base in the binary blob. A few months back, I started digging into various TEE implementations and that led me to reverse engineer Samsung’s proprietary bootloader SBOOT [1]. At that time, I suspected that the Trustonic’s TEE <t-base was somehow embedded in the bootloader’s image of Exynos-based smartphones, and it turned out that my assumptions were good. Back then, I used two techniques to locate <t-base in SBOOT but I did not find enough time to cleanup my notes and blog about it until now. This article describes the two techniques I used.[…]

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s