Want to create an interactive transcript for this episode?
Podcast: Chaos Computer Club - recent audio-only feed
Episode: Making the Magic Leap past NVIDIA's secure bootchain and breaking some Tesla Autopilots along the way (39c3)
Description: The Tegra X2 is an SoC used in devices such as the Magic Leap One, and Tesla's Autopilot 2 & 2.5 promising a secure bootchain. But how secure really is the secure boot? In this talk I go over how I went from a secured Magic Leap One headset, to exploiting the bootloader over USB, to doing fault injection to dump the BootROM, to finding and exploiting an unpatchable vulnerability in the BootROM's USB recovery mode affecting all Tegra X2s.
In mid 2024, a friend approached me about Magic Leap making their TX2 based XR headsets little more than a paperweight by disabling...