Lead AI-Native Products with Microsoft's Agentic AI Program
Learn Generative AI, Prompt Engineering, and LLMs for Free
Overview
Google, IBM & Meta Certificates – 40% Off
One plan covers every Professional Certificate on Coursera.
Unlock All Certificates
Explore the intricacies of Widevine DRM and Qualcomm's QTEE TrustZone implementation in this Black Hat conference presentation. Delve into the high-value nature of these technologies and gain insights into their fundamental concepts. Learn how to identify command handling logic and uncover vulnerabilities within the system. Discover the memory model of a QTEE Trusted Application (TA), including command delivery and buffer sharing between worlds. Understand techniques for information leakage, breaking ASLR, and accessing TA from user-controlled locations. Follow the step-by-step process of exploiting the Widevine TA and extracting data from QTEE's trusted storage (SFS). While prior knowledge is beneficial, it is not mandatory for this 27-minute deep dive into cybersecurity research and exploitation techniques.
Syllabus
Wideshears: Investigating and Breaking Widevine on QTEE
Taught by
Black Hat