In this repository, we publish the tools we used in our research on the Google Titan M chip.
We presented our results at Black Hat EU 21 and at the ROOTS workshop within DeepSec.
citadelimgloader
: the Ghidra loader for Titan M firmware filesnugget_toolkit
: the set of tools to trace messages and communicate with the chip (including an exploit for a known vulnerability and a fuzzer)bin2rec
: a set of scripts used to convert firmware files into rec files that can be used with the SPI rescue featureBHEU_2021
: the materials of our presentation at BlackHat Europe 2021 (the slides and the white paper)BHUSA_2022
: the materials of our presentation at BlackHat USA 2022
NOTE
This project uses submodules. So after cloning the repository, do not forget to run:
$ git submodule update --init --recursive