Profile cover photo
Profile photo
Frédéric Basse
133 followers
133 followers
About
Posts

Post has attachment
Amlogic S905 SoC: bypassing the (not so) Secure Boot to dump the BootROM
The Amlogic S905 System-On-Chip is an ARM processor designed for video applications. It's widely used in Android/Kodi media boxes. The SoC implements the TrustZone security extensions to run a Trusted Execution Environment (TEE) that enables DRM & other sec...
Add a comment...

Post has attachment
PowerLine (PLC) support in OpenWrt for D-Link DHP-1565
D-Link 1565 is one of the few routers which integrates a PLC (Power line Communication) chipset (in this case QCA AR7400). Unfortunately, OpenWrt does not provide support for this feature yet. This post presents configuration steps to enable PLC support in ...
Add a comment...

Post has attachment
[QPSIIR-80] Qualcomm TrustZone Integer Signedness bug
______________________________________________________________________ Summary: Qualcomm TrustZone is prone to an integer signedness bug that may allow to write NULL words to barely controllable locations in memory. The vulnerability can be triggered from...
Add a comment...

Post has attachment
Analysis of Nexus 5 Monitor mode
This article will first describe how to locate the Monitor mode code in Nexus 5 firmware ( hammerhead-ktu84p-factory-35ea0277 , bootloader-hammerhead-hhz11k : c32f8bec310c659c1296739b00c6a8ac). Then, we will try to understand what it does (its functionaliti...
Add a comment...

Post has attachment
Exploitation of Philips Smart TV
This post is a translated summary of the article published for my talk at SSTIC 2014 conference (french) . My Philips Smart TV is a Linux box standing there in my living room : that's a sufficient reason to try to get root. Debug serial port Internet hacker...
Add a comment...

Post has attachment
pflupg-tool : unpack Philips SmartTV firmware
pflupg-tool is an unpacking tool for Philips SmartTV firmware (Fusion platform). If your firmware is encrypted, you have to provide the corresponding public key (public exponent + modulus). You can add public keys in pflupg.h file: #define PUBLIC_KEYS_CNT 2...
Add a comment...

Post has attachment
[CVE-2014-2978] DirectFB remote out-of-bounds write vulnerability
[CVE-2014-2978] DirectFB remote out-of-bounds write vulnerability ______________________________________________________________________
Summary:
DirectFB is prone to an out-of-bound write vulnerability since version 1.4.4. The vulnerability can be trigge...
Add a comment...

Post has attachment
[CVE-2014-2977] DirectFB integer signedness vulnerability
[CVE-2014-2977] DirectFB integer signedness vulnerability ______________________________________________________________________
Summary:
DirectFB is prone to an integer signedness vulnerability since version 1.4.13. The vulnerability can be triggered rem...
Add a comment...

Post has attachment
dfb-wireshark-dissector : DirectFB Voodoo protocol dissector for Wireshark
Voodoo  is the network layer of DirectFB . dfb-wireshark-dissector is a Wireshark plugin to dissect this protocol. Main features are : Both packet & raw modes are supported ; FLZ decompression ; Instance ID resolution. Source code can be found on Github .
Add a comment...
Wait while more posts are being loaded