Techly NewsGet the app

Get the latest tech news

Trigon: Exploiting coprocessors for fun and for profit (part 2)


Where did we leave off? Background: KTRR IORVBAR Coprocessors Always-On Processor Investigation AXI? What’s that?! Mapping DRAM Code execution Improving the strategy What about A7 and A8(X)? Conclusion

After a suggestion from@Siguza, the coprocessor that we chose to target was the always-on processor, since the firmware’s base address was in the iboot-handoff region and as such we could easily locate it with the Trigon primitive. After overwriting the start of that function to set some recognisable register values and then try to load from an invalid address, the panic logs proved that we could indeed take control of the always-on processor! We initially thought it was some weird PTE format that used offsets instead of actual addresses, but after discussing this with Siguza, he suggested that it was probably a case of what Apple calls an AXI remapping.

Get the Android app

Or read this on Hacker News

Read more on:

Photo of Fun

Fun

Photo of profit

profit

Photo of Trigon

Trigon

Related news:

News photo

Creating an autonomous system for fun and profit (2017)

News photo

Bitcoin Pulls Back as Record Rally Triggers Profit Taking

News photo

Pakistan’s Best-Funded Startup Nears Profit After Fintech Deal

« Group Behind Steam Censorship Policies Have Powerful Allies — And Targeted Popular Games With Outlandish Claims
Show HN: Display Photos on a World Map »