Techly NewsGet the app

Get the latest tech news

Magic Leap One Bootloader Exploit


An exploit chain for the Magic Leap One (and probably other TX2 devices) - EliseZeroTwo/ml1hax

The fastbootrs folder contains a Rust implementation of a Fastboot client, and is the code that runs on the host. Code Execution in CBoot over Fastboot USB by smashing the stack in NVidia's SparseFS parser ( sparsehax) Overwriting CBoot in memory using an oversized kernel-dtb implementation on the storage to gain persistant code execution ( dtbhax) I've not researched it much but there's a decent chance the kernel-dtb vuln can be used for persistence on the Autopilot units of certain cars using the TX2.

Get the Android app

Or read this on Hacker News

Read more on:

Photo of Magic Leap One

Magic Leap One

Photo of Bootloader Exploit

Bootloader Exploit

« Peacock Premium drops to only $25 for one year
Firefox Announces Same-Day Update After Two Minor Pwn2Own Exploits »