MASTERÂ Assignment
reversing and fuzzing the google titan m chip
Type : Master M-CS
Period: Feb, 2021 - Sep, 2021
Student : Melotti, D. (Damiano, Student M-CS)
Date Final project: Sep 24, 2021
Supervisors:
Abstract:
Google recently introduced a secure chip called Titan M in its Pixel smartphones, allowing the implementation of a Trusted Execution Environment (TEE) in Tamper Resistant Hardware. TEEs have been proven effective in reducing the attack surface exposed by smartphones, by protecting specific security-sensitive operations. However, studies have shown that TEE code and execution can also be targeted and exploited by attackers, therefore studying their security lays the basis of the trust we have in their features. In this paper, we provide the first security analysis of the Titan M. We start by reverse engineering the firmware and reviewing the open source code in the Android OS responsible for the communication with the chip. By exploiting a known vulnerability, we then dynamically examine the memory and the internals of the chip. Finally, leveraging the acquired knowledge, we design and implement a structure-aware black-box fuzzer. Using our fuzzer, we rediscover several known vulnerabilities after a few seconds of testing, proving the effectiveness of our solution. In addition, we find and report a new vulnerability in the latest version of the firmware.