TZ Exploit - CTS
Idea
Write code into TZ mem and jump to it. Hopefully it will execute at EL3.
Tests
Read NS-Bit
https://developer.arm.com/documentation/ddi0406/latest/ page 1697: can only be read from securemode.
Read EL
https://stackoverflow.com/questions/31787617/what-is-the-current-execution-mode-exception-level-etc http://lioncash.github.io/ARMBook/the_apsr,_cpsr,_and_the_difference_between_them.html https://www.keil.com/pack/doc/CMSIS/Core_A/html/group__CMSIS__CPSR.html https://www.keil.com/pack/doc/CMSIS/Core_A/html/group__CMSIS__CPSR__M.html
https://developer.arm.com/documentation/ddi0406/latest/ page: 1139
Read EL from APX
a custom payload will be used to read the Exception Level from in APX mode. I expect it to be 3.
#define CPSR_M_SVC 0x13U |
Supervisor mode is the default mode to which a Supervisor Call exception is taken.
Read EL from UEFI
A normal efi App will be used to read the Execption Level from UEFI. I expect it to be 0.
#define CPSR_M_FIQ 0x11U |
FIQ mode is the default mode to which an FIQ interrupt is taken.
Creating a payload
We need a relocateable payload since UEFI can give us different load addresses everytime.
Therefore we need to use Position independent code: https://stackoverflow.com/questions/6324257/load-time-base-address-cortex-m3-bare-metal https://stackoverflow.com/questions/5311515/gcc-fpic-option
Step by Step
Step 1:
Create payload which reads EL and reports back via serial. Read payload from USB/eMMC to memory. Disable TZ protection. copy payload into TZ mem. override TZ with jumps to payload address. If payload reads EL3 continue.
Step 2:
to be continued...
Last updated