{"id":"b98918cb-489e-5f5e-aa06-26753cb48418","kind":"official","name":"Making the Magic Leap past NVIDIA's secure bootchain and breaking some Tesla Autopilots along the way","slug":"making-the-magic-leap-past-nvidia-s-secure-bootchain-and-breaking-some-tesla-autopilots-along-the-way","url":"https://api.events.ccc.de/congress/2025/event/b98918cb-489e-5f5e-aa06-26753cb48418/?format=json","track":"security","assembly":"ccc","room":"62251a07-13e4-5a72-bb3c-8528416ee0f2","location":null,"language":"en","description":"In mid 2024, a friend approached me about Magic Leap making their TX2 based XR headsets little more than a paperweight by disabling the mandatory activation servers. I morally dislike this, companies shouldn't turn functional devices into e-waste just because they want to sell newer devices.\r\n\r\nAfter obtaining one, and poking at the Fastboot implementation, I discovered it was based off NVIDIA's Fastboot implementation, which is source available. I found a vulnerability in the NVIDIA provided source code in how it unpacks SparseFS images (named sparsehax), and successfully blindly exploited the modified implementation on the Magic Leap One. I also found a vulnerability in it that allowed gaining persistence via how it loads the kernel DTB (named dtbhax).\r\n\r\nStill unsatisfied with this, I used fault injection to dump the BootROM from a Tegra X2 devkit.\r\n\r\nIn the BootROM I discovered a vulnerability in the USB recovery mode. Exploiting this vulnerability proved difficult due to only having access to memory from the perspective of the USB controller. I will explain what was tried, why it didn't work, and how I eventually got code execution at the highest privilege level via it. \r\n\r\nAs I will demonstrate, this exploit also functions on Tesla's autopilot hardware.","schedule_start":"2025-12-29T14:45:00+01:00","schedule_duration":"01:00:00","schedule_end":"2025-12-29T15:45:00+01:00"}