Publications

Kinibi TEE: Trusted Application exploitation

lun 10/12/2018 - 16:09
Exploit
This blog post is dedicated to the Trustonic's TEE implementation and more particularly to the integration made by Samsung for its Exynos chipsets. Samsung recently patched a trivial vulnerability in a Trusted Application. After a brief explanation of TrustZone/Kinibi, this article details the exploitation of this vulnerability.

E-ink maiden: Bring your reader to the reverser

sam 01/12/2018 - 14:12
Hardware
Reverse-engineering
As a team of security researchers, we like poking at software and tinkering with common household objects for fun. So, one of our researchers bought an electronic paper reader tablet, and instead of reading ebooks on the train, started having fun with it!

iOS12 Kernelcache Laundering

lun 01/10/2018 - 15:47
Tools
Exploit
iOS 12 has been released for a few weeks now. New major iOS versions often mean new kernelcache and dyld_shared_cache file formats. iOS12 is no exception to the rule and comes with an other surprise: Pointer Authentication Code (PAC) for the new A12 chip. This blogpost shows you how to deal with both by enhancing IDA. IDA 7.2 beta future release might add PAC and iOS12 kernelcache support but it will only be released in a few weeks and we think it will always be interesting to illustrate how to do it by ourselves. ...

2018 Summer Challenge Writeup

mer 15/08/2018 - 10:21
Challenges
An old school RE challenge was published on August 07th and has been solved by several people. This blog post provides a detailed solution on how to solve this challenge followed by the winner write-up.

Practical DMA attack on Windows 10

mer 30/05/2018 - 13:16
Hardware
Pentest
Among the various security assessments performed by Synacktiv, some involve attacking the security hardening of a laptop or workstation master image that will be massively deployed in an infrastructure. The purpose of this kind of security assessment is to give the client an overview of its level of maturity regarding security concerns and provide him with some recommendations in order to increase his level of security. This post describes how Synacktiv defeated a workstation security measures by using a hardware appro...