Finish of SMCAA (this should be easy, just leak their keys from the image dump)
Debug why MIT didn't work even when we got their keys (and hopefully first blood supply chain boot)
Dump and analyze post boot code
Dump the ap of some team to get post boot ap code
Both SMCAA and UCI have buffer overflows on the ap
write shellcode and exploit for this
Dump someones insulin sensor to get that post boot code
easy, already have tools for this, just hasn't been done yet
analyze post boot code
The UB rop chain to get pump swap
The UB rop chain to dump supply chain, hypothetically I think we can get a UB supply chain boot
Michigan State supply chain boot
This one is complicated by the fact we will need our malicous component to be on the same i2c address as the real component
The UIUC pump swap with dropped packets
Once we dump post boot code, we should know if this is possible or not
Hardware Hacking Stuff (glitch attack, etc.)
Submit Writeups
You can’t perform that action at this time.