Fusée Gelée

The Exploit

Fusee Gelee (translates to Frozen Rocket) is a coldboot launcher. The exploit takes advantage of a USB software stack that is provided inside the BootROM. This stack contains a copy operation that allows for control from attackers. By creating your own USB control request, attacks can use this vulnerability to gain control of the Boot and Power Management Processor (BPMP).
This allows attackers to gain control of the system before any of privilege restrictions are put in place, essentially giving full access to the device. Allowing for the loading of arbitrary code and extraction of secrets.
This vulnerability is completely unpatchable, so the only way to fix this vulnerability is to recall and replace existing SKUs. It affects most of the Tegra devices that were produced before the exploit was published. This includes Surface RT and Surface RT2 and other Tegra3/4 devices.

Execute the Exploit

To use this exploit you need
  • A payload - a binary file which gets executed
  • A payload sender - a program which transfers the payload to the device memory.
  • pyusb
There is a precompiled payload for the Nexus 7 2012 that we can repurpose for the Surface RT (Tegra 3).
The payload provided in this repository has been tested many times, but proceed at your own risk.
You will need to clone this repository into a new directory, including the submodule here:
Once the payload and exploit are downloaded, here are the steps all the way up to flashing an unsigned bootloader:
  • Connect a USB-A to USB-A cable from your Surface RT to a USB 3.0 port on your host machine.
  • Boot into APX mode.
    1. 1.
      Press and hold Volume Up & Power for about 3 seconds
    2. 2.
      Release the Power button
    3. 3.
      Release the Volume Up button
    4. 4.
      lsusb should show a Nvidia device with id 0955:7130
  • cd into the tegra30_debrick directory
  • Run the commandsudo ./fusee-launcher/ ./payload/uart_payload_n7.bin -V 0955 -P 7130
    • This will send the uart_payload to the Surface RT, and patch the getSecurityMode function to always return 3, allowing us to use nvflash.
  • Run the commandsudo ./utils/nvflash_v1.13.87205 --getbct --bct surfacert.bin --configfile ./utils/flash.cfg
    • This will read the surfacert bct, which is a required input for many nvflash commands.
  • Finally, we can run arbitrary code using the following command:
    • sudo ./utils/nvflash_v1.13.87205_miniloader_patched --setbct --bct surfacert.bin --configfile ./utils/flash.cfg --bl u-boot.bin --go
Further tweaking is needed to get a functioning bootloader, with the above steps, and the compiled nvidia fork of u-boot located here (Driver Packages - Cardhu), the webcam light turns on.
Once the L4T R16 u-boot.bin is flashed, you will then need to press and hold the Power button for around 10 seconds to fully power off the tablet. Then you can repeat the above steps to re-attempt flashing.