Keyless Entry: Breaking and Entering eMMC RPMB with EMFI
Aya Fukami, Richard Buurke
TL;DR
This work demonstrates that electromagnetic fault injection can bypass the RPMB authentication in eMMC devices, enabling arbitrary writes to the RPMB while preserving most non-volatile data. By profiling three devices, reverse engineering firmware, and timing EMFI to the HMAC computation window, the authors show that bypassing the HMAC check is feasible on two targets. The findings reveal practical attack paths against anti-rollback, bootloader lock state, and AVB keys, highlighting the importance of robust mitigations and constant-time validation. The research also discusses responsible disclosure and suggests hardware- and software-based defenses, with future work extending to other RPMB-enabled storage technologies.
Abstract
The Replay Protected Memory Block (RPMB) in modern storage systems provides a secure area where data integrity is ensured by authentication. This block is used in digital devices to store pivotal information that must be safeguarded against modification by potential attackers. This paper targets the authentication scheme of the RPMB in three different eMMCs from a major manufacturer. A glitch was injected by sending an electromagnetic pulse to the target chip. RPMB authentication was successfully glitched and the information stored in two target eMMCs was overwritten with arbitrary data, without affecting the integrity of other data.