Belgian researchers from KU Leuven have gained access to the firmware of the Starlink satellite dish by reading the built-in eMMC memory module. They found out that the antenna has a quad-core soc and 4GB flash memory.
The researchers said they had already seen previous teardowns of the satellite dish, which is also known as the phased-array user terminal . However, they wanted to know more about the soc and the firmware used. Using a USB-to-serial converter, they were able to read out the UART interface and see how the boot process is going.
In it, they saw that a modified U-Boot bootloader was being used and that the word falcon should be able to interrupt the boot process. The latter did not work for the researchers. According to them, the bootloader loads a kernel, ramdisk and a Flattend Device Tree from the embedded eMMC memory. Based on the tests performed, the researchers conclude that a full trusted boot chain has been implemented from the ROM boot loader to the Linux operating system.
During the teardown, the eye fell on the soc, the 4GB flash memory in the form of an eMMC memory module and the ten test points on the motherboard that are connected to the same memory module . The researchers decided to perform an in-circuit memory dump of the eMMC module through these test points and examine the firmware.
She then came back to the Starlink – dish contains a Cortex-A53-soc with four cores which each core is assigned a specific task. In addition, ordinary users will not be able to log in to the firmware. During the start-up procedure, the satellite dish checks whether the hardware is intended for developers or not. If that is the case, a password is generated for the user who can then log in.
The researchers also said they were able to gain root shell access to the firmware. More information will follow at a later time.
