so.cl

Rascals are always sociable, and the chief sign that a man has any nobility in his character is the little pleasure he takes in others company. Arthur Schopenhauer


Breaking Secure Boot on Google Nest Hub (2nd Gen) to run Ubuntu

In this post, we attack the Nest Hub (2nd Gen), an always-connected smart home display from Google, in order to boot a custom OS.

First, we explore both hardware and software attack surface in search of security vulnerabilities that could permit arbitrary code execution on the device.

Then, using a Raspberry Pi Pico microcontroller, we exploit an USB bug in the bootloader to break the secure boot chain.

Finally, we build new bootloader and kernel images to boot a custom OS from an external flash drive. Breaking Secure Boot on Google Nest Hub (2nd Gen) to run Ubuntu