Skip to content

vapidray/qualcomm_gbl_exploit_poc

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
LICENSE
LICENSE
 
 
README.md
README.md
 
 
VbRwStateApp.c
VbRwStateApp.c
 
 
VbRwStateApp.inf
VbRwStateApp.inf
 
 
gbl_efi_relock.efi
gbl_efi_relock.efi
 
 
gbl_efi_unlock.efi
gbl_efi_unlock.efi
 
 

Repository files navigation

qualcomm_gbl_exploit_poc

Unlocking qualcomm bootloader via gbl exploit.

Qualcomm adds a gbl boot stage in its ABL because it wants to limit OEM's ability.

gbl is loaded as an uefi app.

it stores in efisp partition

you need to flash the efi file into the partition.

Qualcomm uses its own verification instead of UEFI secure boot.

But GBL is unsigned.

So we can load unsigned uefi app

This way,we can achieve arbitary code execution.

So we can overwrite the lock state storing in RPMB.

Because the ABL it self reads/writes devinfo via a special function.

Before milestone,we can call the function to overwrite the lock state.

About

Unlocking qualcomm bootloader via gbl exploit.

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages

  • C 100.0%