DFRWS EU 2026 Workshop – Quickboot (Exploiting a Tiny Bootloader)



Date
Tuesday, March 24th
Time
09:00 – 12:45
Level
Average
Capacity
12

About This Workshop

This workshop focuses on data acquisition. Modern devices such as smartphones rely on bootloaders to initialize and start the rest of the system. They often provide some form of interaction that can potentially be abused by an attacker to gain code execution on the device. Which is required to enable data extraction.

We have created our own bootloader called Quickboot which runs on a NUCLEO-F103B development board using an STM32 microcontroller. Students will interact with the bootloader over a serial connection using a Python client.

During the course students will gain a basic understanding of memory corruption vulnerabilities. We will exploit the Newlib nano heap allocator and circumvent an exploit mitigation in the process. The allocator has not been modified and could be encountered in real embedded devices. The goal of the course is to unlock the bootloader and run our own code.

The course follows a CTF-style format whereby students can solve challenges at their own pace. We have created additional support scripts which should allow investigators with an intermediate skill level to solve the challenges. The course will be 75% hands-on and 25% theoretical.

Learning Objectives

At the end of this workshop you will be able to:

  • Have a basic understanding of how bootloaders function
  • Have a basic understanding of memory allocation vulnerabilities
  • Have a basic understanding of exploit mitigations
  • Successfully exploit the Newlib nano heap allocator

Requirements

Provided by workshop:

  • Development board (NUCLEO-F103B with STM32 microcontroller)
  • Mini-USB cable

Participants must bring:

  • Laptop with at least one available USB-A port
  • USB-A to USB-C adapter or USB hub (if laptop lacks USB-A port)

Preparation

The required software can be installed on all major operating systems natively. Participants are required to install the software and follow the provided installation guides beforehand.

Access to the training materials website and installation instructions will be provided to registered attendees via the registration system.


Workshop Speaker

RB
Richard Buurke
Netherlands Forensic Institute, The Netherlands