mirror of
https://github.com/Qyriad/fusee-launcher.git
synced 2024-11-22 10:39:17 +01:00
68 lines
2.8 KiB
Markdown
68 lines
2.8 KiB
Markdown
# Fusée Gelée
|
||
|
||
```
|
||
* .--.
|
||
/ / `
|
||
+ | |
|
||
' \ \__,
|
||
* + '--' *
|
||
+ /\
|
||
+ .' '. *
|
||
* /======\ +
|
||
;:. _ ;
|
||
|:. (_) |
|
||
|:. _ |
|
||
+ |:. (_) | *
|
||
;:. ;
|
||
.' \:. / `.
|
||
/ .-'':._.'`-. \
|
||
|/ /||\ \|
|
||
_..--"""````"""--.._
|
||
_.-'`` ``'-._
|
||
-' '-
|
||
__ __ _ _ _ _
|
||
/ / \ \ (_) | | | | |
|
||
| |_ __ ___| | _____ ___| |_ ___| |__ ___ __| |
|
||
/ /| '__/ _ \\ \/ __\ \ /\ / / | __/ __| '_ \ / _ \/ _` |
|
||
\ \| | | __// /\__ \\ V V /| | || (__| | | | __/ (_| |
|
||
| |_| \___| | |___/ \_/\_/ |_|\__\___|_| |_|\___|\__,_|
|
||
\_\ /_/
|
||
```
|
||
|
||
## Fusée Launcher
|
||
|
||
The Fusée Launcher is a proof-of-concept arbitrary code loader for a variety
|
||
of Tegra processors, which takes advantage of CVE-2018-6242 ("Fusée Gelée")
|
||
to gain arbitrary code execution and load small payloads over USB.
|
||
|
||
The vulnerability is documented in the 'report' subfolder; more details and
|
||
guides are to follow! Stay tuned...
|
||
|
||
### Use Instructions
|
||
The main launcher is "fusee-launcher.py". Linux and macOS are natively supported with Windows support coming Soon™.
|
||
|
||
With a Tegra device in RCM and connected via USB, invoke the launcher with the desired payload as an argument, e.g. `./fusee-launcher.py payload.bin`. Linux systems currently require either that the Tegra device be connected to an XHCI controller (used with blue USB 3 ports) or that the user has patched their EHCI driver.
|
||
|
||
### Credits
|
||
Fusée Gelée (CVE-2018-6242) was discovered and implemented by Kate Temkin (@ktemkin);
|
||
its launcher is developed and maintained by Mikaela Szekely (@Qyriad) and Kate Temkin (@ktemkin).
|
||
|
||
Credit goes to:
|
||
|
||
* Qyriad -- maintainership and expansion of the code
|
||
* SciresM, motezazer -- guidance and support
|
||
* hedgeberg, andeor -- dumping the Jetson bootROM
|
||
* TuxSH -- help with a first pass of bootROM RE
|
||
* the ReSwitched team
|
||
|
||
Love / greetings to:
|
||
|
||
* Levi / lasersquid
|
||
* Aurora Wright
|
||
* f916253
|
||
* MassExplosion213
|
||
* Schala
|
||
|
||
CVE-2018-6242 was also independently discovered by fail0verflow member
|
||
shuffle2 as the "shofEL2" vulnerability-- so that's awesome, too.
|