In this post we will exploit a memory corruption issue in AMLogic El3 code that is used by various consumer devices like the Sonos One (2nd generation) and the Lenovo Smart Clock. The goal is to get a copy of the OTP/eFUSE data and dump out the code for the application processor BootROM.
