Categories

28C3: Reverse engineering a Qualcomm baseband

Posted on Sunday, January 15th, 2012 in reversed, RF, talks, wireless by the machinegeek

At the recently concluded Chaos Communication Congress 28C3 “behind enemy lines” conference in Berlin, Germany, Guillaume Delugr√© presented this talk on reverse-engineering a Qualcomm baseband.

Despite their wide presence in our lives, baseband chips are still nowadays poorly known and understood from a system point of view. Some presentations have highlighted vulnerabilities in GSM stacks across various models of basebands (cf. 27c3: All your baseband are belong to us by R-P. Weinmann). However none of them actually focused on the details of how a baseband operating system really works. This is the focus of our presentation. From the study of a simple 3G USB stick equipped with a Qualcomm baseband, we will discuss how to dump the volatile memory, reverse-engineer the proprietary RTOS, and ultimately execute and debug code while trying to preserve the real-time system constraints.

For more information from this talk or to download the slides in PDF, visit the 28C3 website.

This entry was posted on Sunday, January 15th, 2012 at 5:06 am and is filed under reversed, RF, talks, wireless. You can follow any responses to this entry through the RSS 2.0 feed. You can skip to the end and leave a response. Pinging is currently not allowed.

Leave a Reply

Notify me of followup comments via e-mail. You can also subscribe without commenting.

Recent Comments

  • David Haile: You are a smart person and absolutely correct. That kind of current needs a lead acid car battery behind it. Still, it does have its...
  • KH: The solution discussed in the linked article is wrong. It's a largish Lipo (2500mAh) and he thinks 77uA is acceptable... ha ha ha ha ha....
  • Dave: I never had to opportunity to learn or use this stuff when I was in college (I'm sooo old that op-amps were just being developed...
  • Matthias: Aww yeah.
  • Samuel: Have a nice week everyone