Categories

28C3: Reverse engineering a Qualcomm baseband

Posted on Sunday, January 15th, 2012 in reversed, RF, talks, wireless by the machinegeek

At the recently concluded Chaos Communication Congress 28C3 “behind enemy lines” conference in Berlin, Germany, Guillaume Delugr√© presented this talk on reverse-engineering a Qualcomm baseband.

Despite their wide presence in our lives, baseband chips are still nowadays poorly known and understood from a system point of view. Some presentations have highlighted vulnerabilities in GSM stacks across various models of basebands (cf. 27c3: All your baseband are belong to us by R-P. Weinmann). However none of them actually focused on the details of how a baseband operating system really works. This is the focus of our presentation. From the study of a simple 3G USB stick equipped with a Qualcomm baseband, we will discuss how to dump the volatile memory, reverse-engineer the proprietary RTOS, and ultimately execute and debug code while trying to preserve the real-time system constraints.

For more information from this talk or to download the slides in PDF, visit the 28C3 website.

This entry was posted on Sunday, January 15th, 2012 at 5:06 am and is filed under reversed, RF, talks, wireless. You can follow any responses to this entry through the RSS 2.0 feed. You can skip to the end and leave a response. Pinging is currently not allowed.

Leave a Reply

Notify me of followup comments via e-mail. You can also subscribe without commenting.

Recent Comments

  • Dave B: Got two of them. If you let the battery run flat, they don't charge! You have to pull the battery, and get enough charge in...
  • Bill F: My turn?
  • Chris: Ok!
  • Bob: Free PCB for me!
  • Blars: Yet another meaningless comment.