This training covers how the Rowhammer effect can be used to corrupt and recover secrets from a TrustZone implementation. This training is composed of two main parts: a presentation (theoretical) and a practical part.
During the theoretical part we first introduce TrustZone, which is a hardware-based security technique built into processors. After, we cover in detail ‘Rowhammer’, which is a software attack that can be used to generate faults in memory, also known as bit flips. The theoretical part concludes with how to target a TrustZone implementation using Rowhammer.

During the practical part the participant implements a Rowhammer attack themselves with the assistance of the trainers. The participants then use their own implementation to target a TrustZone implementation prepared by eshard.

There is an optional second day which focuses on the mobile “Drammer” attack which is an advanced exploitation of the Rowhammer effect used to gain root privileges on an un-rooted android device. This part contains a presentation of the attack and a practical part where the participant implement the attack themselves.

This training ties in well with eshard’s other TEE related training courses, such as ‘TEE TrustZone, how to reproduce an exploit’ and our ‘TrustZone V7-A, V8-M and Trusty’ course. Following these courses prior to attending this course is not necessary, though you may be interested in learning more about the specifics discussed in these courses.

  • Date: Flexible, your choice!
  • Location: Bordeaux or Marseille in France,  or at your office location
  • Costs: Please contact us

ARM TrustZone principles17%

Rowhammer effect25%

Principal of the Drammer attack27%

Practical implementations30%


2 days


Security analysts and software engineers.


Copy of the slides and software package.


  • C programming
  • Basic assembly knowledge
  • OS understanding

To get more information on availability and to sign up, please contact us