About This Workshop
This workshop focuses on data acquisition. Modern devices such as smartphones rely on bootloaders to initialize and start the rest of the system. They often provide some form of interaction that can potentially be abused by an attacker to gain code execution on the device. Which is required to enable data extraction.
We have created our own bootloader called Quickboot which runs on a NUCLEO-F103B development board using an STM32 microcontroller. Students will interact with the bootloader over a serial connection using a Python client.
During the course students will gain a basic understanding of memory corruption vulnerabilities. We will exploit the Newlib nano heap allocator and circumvent an exploit mitigation in the process. The allocator has not been modified and could be encountered in real embedded devices. The goal of the course is to unlock the bootloader and run our own code.
The course follows a CTF-style format whereby students can solve challenges at their own pace. We have created additional support scripts which should allow investigators with an intermediate skill level to solve the challenges. The course will be 75% hands-on and 25% theoretical.
Learning Objectives
At the end of this workshop you will be able to:
- Have a basic understanding of how bootloaders function
- Have a basic understanding of memory allocation vulnerabilities
- Have a basic understanding of exploit mitigations
- Successfully exploit the Newlib nano heap allocator
Requirements
Provided by workshop:
- Development board (NUCLEO-F103B with STM32 microcontroller)
- Mini-USB cable
- Virtual machine with all necessary tools
Participants must bring:
- Laptop with at least one available USB-A port
- USB-A to USB-C adapter or USB hub (if laptop lacks USB-A port)