Researchers tear down Starlink and gain access to the root terminal

Researchers tear down Starlink and gain access to the root terminal

This week there was a new piece of hardware released in the wireless space: Starlink by Huawei. This router connects to the Internet via the 5.0GHz frequency band, and is a competitor to the 5.0 GHz band that Google has been using in its network for its Project Loon balloons. Starlink is trying to ensure that the 5.0 GHz band is used for wireless communications, rather than it being used by commercial satellites for their data services. However, according to our friends at Cryptowatch, Starlink is not capable of competing with satellites.

The root terminal is the device that connects the satellite with the ground station that relays the data and commands from the satellite to the satellite. In the case of Starlink, the satellite contains a root terminal that is at the center of the satellite. The terminal is a microprocessor with a single hard drive (in this case it is a SSD) and all of the necessary files that allow it to work. The terminal also contains the antenna and receiver.

A Belgian research group at the Cu Leuven has released a disassembly of the Starlink user terminal named Dishy McFlatFace and gained access to the root terminal.

The blog by the KU Leuven Cosic researchers does not address specific vulnerabilities, but documents methods that can be used to investigate the Starlink user terminal. The report also notes that the hardware has undergone some changes from previous failures of the device.

The terminal is equipped with a UART port for USB debugging, but access is limited to those with developer access privileges. It should also be noted that the bootloader connection is disabled on consumer terminals, making this approach virtually impossible.

Dishy McFlatFace may have a pretty name, but getting in is no fun. Observing the boot process on the UART port, the team discovered that the active u-boot loader on the device loads the kernel, ramdisk, and flat device structure from the flat uImage structure, all of which are stored on the eMMC.

integrated SoC. | Source : Cosic Research Group, KU Leuven

The boot process also showed that the integrity and authenticity of the kernel, ramdisk and FDT are verified at the beginning of the boot process. Finally, when the boot process is complete, the terminal asks for login credentials, and the command is terminated.

They said they tried to guess the references but couldn’t. However, by observing the boot process, we were able to figure out the kernel command line arguments, initial addresses, and lengths of the various partitions. It was also revealed that the SoC has four processor cores.

According to the researchers, there are 10 test points on the 55 cm long circuit board, which contains most of the hardware. Starlink left 10 test points on the eMMC, of which the researchers only needed the points clock frequency (CLK), command (CMD) and data 0 (D0).

SD card readerconnected to the eMMC source : Cosic Research Group, KI Leuven

To identify the aforementioned signals from the eMMC, the team soldered a short wire to each test point, causing a logic analyzer to record when the terminal was loaded. After identifying the points, they reset the eMMC data using a conventional card reader connected to the eMMC test points.

The last obstacle was reading the contents of the firmware dump, which is not easy because Starlink uses its own FIT format. However, because the company was using a modified version of U-Boot, it was forced to release those changes to remain in compliance with the GPL.

The researchers have not yet released all of their findings, which is understandable given that they will be contacted by SpaceX’s lawyers. However, they said they could access the root shell, but they didn’t specify how.

News: Geekbench excludes the OnePlus 9 and 9 Pro after a benchmark mess.

Someone who writes, edits, films, presents technology programs and races virtual machines in their spare time. You can contact Yadullah at [email protected] or follow him on Instagram or Twitter.

Related Tags:

starlink user terminalstarlink teardownstmicroelectronics starlinkwho makes starlink terminalsstarlink satellite breakdownstarlink terminal buy,People also search for,Privacy settings,How Search works,55:53Starlink Teardown: DISHY DESTROYED!Ken KeiterYouTube – Nov 25, 2020,55:53,Starlink Teardown: DISHY DESTROYED!,Ken KeiterYouTube – Nov 25, 2020,Ken Keiter,YouTube – Nov 25, 2020,33:42Starlink Dish TEARDOWN! – Part 1 – SpaceX BugBounty is open …MikeOnSpaceYouTube – Nov 22, 2020,33:42,Starlink Dish TEARDOWN! – Part 1 – SpaceX BugBounty is open …,MikeOnSpaceYouTube – Nov 22, 2020,MikeOnSpace,YouTube – Nov 22, 2020,22:38Starlink Dish TEARDOWN! – Part 2 – Serial console and login prompt …MikeOnSpaceYouTube – Dec 8, 2020,22:38,Starlink Dish TEARDOWN! – Part 2 – Serial console and login prompt …,MikeOnSpaceYouTube – Dec 8, 2020,YouTube – Dec 8, 2020,See more,starlink user terminal,stmicroelectronics starlink,who makes starlink terminals,starlink satellite breakdown,starlink terminal buy,what company makes starlink terminals,starlink dish installation

Leave a Reply