In a previous post, we detailed a vulnerability in the Amlogic System-On-Chip bootROM that allows arbitrary code execution at EL3. Since the Chromecast with Google TV (CCwGTV) is one of the devices affected by this issue, it opens the possibility to run a custom OS like Ubuntu. This post describes …| fred's notes
In this post we will exploit a memory corruption issue in AMLogic El3 code that is used by various consumer devices like the Sonos One (2nd generation) and the Lenovo Smart Clock. The goal is to get a copy of the OTP/eFUSE data and dump out the code for the application processor BootROM.| haxx.in