::: left till the conference

Exploiting checkm8 with unknown SecureROM for the T2 chip

45 min
Main Stage

The checkm8 exploit appeared a long time ago, and you can find a lot of materials about it in the public domain. However, the question remains, how the SecureROM of a certain device was originally obtained to adapt different offsets of the exploit for it? Earlier, Alex demonstrated the method of initial firmware dumping for S5L8747X (Haywire) and S7002 (AppleWatch) chips. In this talk, he will show a much more complex method that will work on devices with WXN, using T2 as an example.

Alex Kovrizhnykh

Information security expert specialized in reverse engineering

Other Reports
Defensive Track
Formal verification redux: secure dev beyond randomized testing
Comprehensive training on attacks against applications
Hardware Zone
How do we make Flipper Zero?