Join the Telegram channel Part 1: Detailed overview of Samsung’s TrustZone components Part 2: Tools development for reverse-engineering and vulnerability research Part 3: Vulnerability exploitation to reach code execution in EL3 on a Samsung device Introduction This article details different vulnerabilities affecting Secure World components in Samsung’s TrustZone and how […]
Tutorials
42 posts
Join the Telegram channel As you may have read in our previous blog post, the release of Triton v0.8 came with a lot of features and improvements. Support for the ARMv7 architecture is amongst the main contributions of this new version. This blog post provides some extra details about how […]
Want to stay up to date? Join the Telegram channel here Introduction Fuchsia is a new operating system developed by Google, targeting the AArch64 and x86_64 architectures. While little is known about the purpose of this OS and where it will be used, it seems plausible that it aims at […]
Introduction Ansible [1] is an open-source software that automates configuration management and software deployment. If you’re not familiar with Ansible, we encourage you to read this introduction first [15]. Ansible works by connecting to the infrastructure machines (which can be a Windows or Linux OS) and uploading small pieces of […]
Context Quarkslab is one of the 10 ITSEF (Information Technology Security Evaluation Facility, CESTI in French) licensed by the ANSSI’s Centre de Certification National (CCN, French for National Certification Body) for performing CSPN (Certification de Sécurité de Premier Niveau, French for First Level Security Certification) evaluations in the software domain. […]
Introduction Embedded devices are a huge and wide world of options for CPU architectures, operating systems and file systems. You can find the combination you can think of. In this case, I’ll present a study about the TP-Link TL-WR543G. This old router I had at home came equipped with a […]
We are pleased to announce that we released Triton v0.8 under the terms of the Apache License 2.0 (same license as before). This new version provides bug fixes, features and improvements: the detailed list can be found on this Github page (there are about 297 changed files with 43,115 additions […]
How many times have you needed to use John The Ripper to do some password cracking but just not had whatever you needed, or for whatever reason wanted to use an online GPU? Well, now you can do this all thanks to Google Collab. Google Colab is a free cloud service […]
Introduction In March 2020, Google patched a critical vulnerability affecting many MediaTek based devices [1]. This vulnerability had been known by MediaTek since April 2019 (10 months before being fixed), and allows a local attacker without privileges to read and write system memory, leading to privilege escalation. There is even […]
Introduction Welcome to the final chapter of the Trimedia series. In the first part of the series, I introduced this research project, showing the different steps I took in order to analyze the firmware and the hardware of the camera. Then, in the second part, I presented the Philips TriMedia […]
Introduction After detailing Samsung’s TrustZone implementation in the first part of this series, this blog post introduces the tools that we have developed to reverse engineer the system and find vulnerabilities more easily. Part 1: Detailed overview of Samsung’s TrustZone components Part 2: Tools development for reverse engineering and vulnerability […]
Motivations After a general introduction on the ARM TrustZone and a focus on Qualcomm’s implementation, this new series of articles will discuss and detail the implementation developed by Samsung and Trustonic. These blog posts are a follow up to the conference Breaking Samsung’s ARM TrustZone that was given at BlackHat […]
Introduction This blog post deals with the Legu packer, an Android protector developed by Tencent that is currently one of the state-of-the-art solutions to protect APK DEX files. The packer is updated frequently and this blog post focuses on versions 4.1.0.15 and 4.1.0.18. Overview An application protected with Legu is […]
Introduction Irma is our file security analysis software, originally developed as an open source project with the sponsorship of 5 major European organizations, it is now also one of Quarkslab’s commercial software products. Since our last post from February 2016, Irma evolved significantly. This post summarizes the major changes, the […]
Cobalt Strike is software for Adversary Simulations and Red Team Operations. What this means is, if you wanted to test your SOC capabilities or IR functions and see how well they do against someone mimicking an APT, this tools allows you to do that. With that said let’s move on. Load […]
TLDR: Canary tokens are not new but can help give you some Intel into your attackers, be it insider or external . If you’re not familiar with the idea of a canary as an early warning system, its origins lie in coal mining. Miners would carry a small bird […]
Increasing the TXpower above what is allowed in your country can be illegal. If you decide to make these changes to your system and use the wireless above the allowed legal limit, that is down to you and I will not be held responsible. This document is for educational research […]
I have a number of Kodi Media Centre running in different rooms around the house. Some are hooked up to surround sound and some are not. One of my media centres is hooked up to a projector with a rubbish tinny speaker. In the same room i have a google […]
So the OSCP journey is hard work, needs commitment, understanding from your wife and a try harder attitude (you will hate the words try harder and love them at the same time). To be able to pass the exam and earn the OSCP cert you will need to get enough points […]
Ok, so you have upgraded your Wi-Fi to a new shiney circular Ubiquiti device….and you are using PfSense too? Welcome to the club. Lets get started. There are multiple parts to get this all working so lets step through them. Few things to note:- I have setup the GUEST network […]