Aleph Security: Firehorse: Research & Exploitation framework for Qualcomm EDL (Firehose)

Exploiting Qualcomm EDL Programmers (1): Gaining Access & PBL Internals
By Roee Hay (@roeehay) & Noam Hadad
January 22, 2018
* QPSIIR-909, ALEPH-2017029, CVE-2017-13174, CVE-2017-5947

There are many guides across the Internet for ‘unbricking’ Qualcomm-based mobile devices. All of these guides make use of Emergency Download Mode (EDL), an alternate boot-mode of the Qualcomm Boot ROM (Primary Bootloader). To make any use of this mode, users must get hold of OEM-signed programmers, which seem to be publicly available for various such devices. While the reason of their public availability is unknown, our best guess is that these programmers are often leaked from OEM device repair labs. Some OEMs (e.g. Xiaomi) also publish them on their official forums. […] In this 5-part blog post we discuss the security implications of the leaked programmers. The first part presents some internals of the PBL, EDL, Qualcomm Sahara and programmers, focusing on Firehose. In Part 2, we discuss storage-based attacks exploiting a functionality of EDL programmers – we will see a few concrete examples such as unlocking the Xiaomi Note 5A (codename ugglite) bootloader in order to install and load a malicious boot image thus breaking the chain-of-trust. Part 3, Part 4 & Part 5 are dedicated for the main focus of our research – memory based attacks. In Part 3 we exploit a hidden functionality of Firehose programmers in order to execute code with highest privileges (EL3) in some devices, allowing us, for example, to dump the Boot ROM (PBL) of various SoCs. We then present our exploit framework, firehorse, which implements a runtime debugger for firehose programmers (Part 4). We end with a complete Secure-Boot bypass attack for Nokia 6 MSM8937, that uses our exploit framework. We achieve code execution in the PBL (or more accurately, in a PBL clone), allowing us to defeat the chain of trust, gaining code execution in every part of the bootloader chain, including TrustZone, and the High Level OS (Android) itself.

The merit of our research is as follows:
* We describe the Qualcomm EDL (Firehose) and Sahara Protocols. (Part 1)
* We created firehorse, a publicly available research framework for Firehose-based programmers, capable of debugging/tracing the programmer (and the rest of the bootloader chain, including the Boot ROM itself, on some devices). (Part 3 & Part 4)
* We obtained and reverse-engineered the PBL of various Qualcomm-based chipsets (MSM8994/MSM8917/MSM8937/MSM8953/MSM8974) using the Firehose programmers and our research framework. (Part 3)
* We obtained the RPM & Modem PBLs of Nexus 6P (MSM8994). (Part 3)
* We managed to unlock & root various Android Bootloaders, such as Xiaomi Note 5A, using a storage-based attack only. (Part 2)
* We managed to manifest an end-to-end attack against our Nokia 6 device running Snapdragon 425 (MSM8937). We believe this attack is also applicable for Nokia 5, and might be even extensible to other devices, although unverified. (Part 5)

Research & Exploitation framework for Qualcomm EDL Firehorse programmers

Exploiting Qualcomm EDL Programmers (1): Gaining Access & PBL Internals

Exploiting Qualcomm EDL Programmers (2): Storage-based Attacks & Rooting

Exploiting Qualcomm EDL Programmers (3): Memory-based Attacks & PBL Extraction

Exploiting Qualcomm EDL Programmers (4): Runtime Debugger

Exploiting Qualcomm EDL Programmers (5): Breaking Nokia 6’s Secure Boot


Roee Hay’s abootool: fuzzer for Android bootloader

fastboot oem vuln: Android Bootloader Vulnerabilities in Vendor Customizations:
We discuss the fastboot interface of the Android bootloader, an area of fragmentation in Android devices. We then present a variety of vulnerabilities we have found across multiple Android devices. Most notable ones include Secure Boot & Device Locking bypasses in the Motorola and OnePlus 3/3T bootloaders. Another critical flaw in OnePlus 3/3T enables easy attacks by malicious chargers – the only prerequisite is a powered-off device to be connected. An unexpected attack vector in Nexus 9 is also shown – malicious headphones. Other discovered weaknesses allow for data exfiltration (including a memory dumping of a Nexus 5X device), enablement of hidden functionality such as access to the device’s modem diagnostics and AT interfaces , and attacks against internal System-on-Chips (SoCs) found on the Nexus 9 board.

abootool: Simple fuzzer for discovering hidden fastboot gems. Modus Operandi: Based on static knowledge (strings fetched from available bootloader images), dynamically fuzz for hidden fastboot OEM commands.