This post introduces a tool to dump Samsung Galaxy S7 bootROM using known and fixed security vulnerabilities in Trustzone. The source code is available on GitHub. Procedure We use a Galaxy S7 phone, with ADB access and root privileges. BootROM code is at address 0x0, in Secure world. The TEE …
