Reverse-engineering a Qualcomm baseband
Original File: 28c3-4735-en-reverse_engineering_a_qualcomm_baseband_h264.mp4 |
About: Reverse-engineering a Qualcomm baseband | Report Broken File | embed video
About: Reverse-engineering a Qualcomm baseband | Report Broken File | embed video
Despite their wide presence in our lives, baseband chips are still nowadays poorly known and understood from a system point of view. Some presentations have hilighted vulnerabilities in GSM stacks across various models of basebands (cf. 27c3: All your baseband are belong to us by R-P. Weinmann). However none of them actually focused on the details of how a baseband operating system really works. This is the focus of our presentation. From the study of a simple 3G USB stick equipped with a Qualcomm baseband, we will discuss how to dump the volatile memory, reverse-engineer the proprietary RTOS, and ultimately execute and debug code while trying to preserve the real-time system constraints.
Persons:- Guillaume Delugré
