Samdunk: eMMC backdoor leading to bootloader unlock

Surely this “security_register” can’t be the “hardware to prevent this operation after the first programming” as described in the eMMC spcifications; it is simply a dword in the controller’s RAM.

A fascinating look into undocumented embedded vendor firmware.

[pdf]

Leave a Reply

Your email address will not be published. Required fields are marked *