Researcher from the Levven Catholic University at the Black Hat conference technique terminals Starlink , using Linux and equipped with its own 64-bit SOC, created by STMICRO specifically for SpaceX. The proposed method allows you to execute your code on the Starlink terminal, get a Root access and access to the internal network inaccessible to the user, I use terminals, for example, to update the firmware. The published achievements can also be used for advanced experiments in the field of programmed radio systems (SDR), due to the specific structure of the Starlink terminal (array of phased antennas, controlled programmature).
The hacking of the Starlink terminal is interesting in terms of attack on a well-protected Linux system with a high-quality implementation of the Secure Boot mode. Since the software system was not able to compromise, hacking was carried out at the hardware level using special equipment. Ultimately, the equipment required for hacking was reduced to a specialized board (Modchip) using the usual RP2040 microcontroller (2-core Cortex M0).
A prepared Modchip board is connected to certain paths of the Starlink terminal main board and causes voltage failure during a digital signature check in ROM Bootloader (BL1), which allows you to start arbitrary SOC code. Starlink hacks for hacking the terminals published on Github in Kicad format. Also published the code used to attack the firmware of the microcontroller.
