Reverse engineering the Pixel TitanM2 firmware

Day 2 23:55 Ground en Hardware
Dec. 28, 2025 23:55-00:35
The TitanM2 chip has been central to the security of the google pixel series since the Pixel 6. It is based on a modified RISC-V design with a bignum accelerator. Google added some non standard instructions to the RISC-V ISA. This talk investigates the reverse engineering using Ghidra, and simulation of the firmware in python.

I will discuss the problems encountered while reverse engineering and simulating the firmware for the TitanM2 security chip, found in the Google Pixel phones. I'll discuss how to obtain the firmware. Talk about the problems reverse engineering this particular binary. I show how you can easily extend ghidra with new instructions to get a full decompilation. Also, I wrote a Risc-V simulator in python for running the titanM2 firmware.

Speakers of this event

No avatar
willem

Born to take things apart. Software developer, reverse engineer. https://github.com/nlitsme/. Known for the IDA hexagon processor module, and various other reverse engineering tools. Cooperated in wijvertrouwenstemcomputersniet, xda-developers, hacktic.

  • Reverse engineering the Pixel TitanM2 firmware