Completed
Intro
Class Central Classrooms beta
YouTube videos curated by Class Central.
Classroom Contents
Exploiting Qualcomm WLAN and Modem Over The Air
Automatically move to the next video in the Classroom when playback concludes
- 1 Intro
- 2 MBA and Modem images
- 3 Modem Secure Boot
- 4 TOCTOU Vulnerability Bypass Secure Boot
- 5 Debug Server Injection
- 6 Qualcomm WLAN Architecture
- 7 Example - WIFI List
- 8 Firmware
- 9 Reverse Engineering - Hint From Qualcomm
- 10 Reverse Engineering - Offload Handlers
- 11 Sample Offload Handler
- 12 The Roadmap
- 13 Mitigation Table (WLAN & Modem)
- 14 The Vulnerability (CVE-2019-10540)
- 15 Data & Address of Overflow
- 16 Smart Pointer Around Overflow Memory
- 17 Usage Of Smart Pointer
- 18 Global Write With Constraint
- 19 Control PC & RO
- 20 Transform To Arbitrary Write
- 21 Run Useful FOP Gadget
- 22 Memory Mapping RWX
- 23 Copy Shellcode to 0x42420000
- 24 Trigger Shellcode
- 25 From WLAN to Modem
- 26 Map Modem Memory into WLAN
- 27 The Attack Surfaces
- 28 Memory Management of Qualcomm Multi-Processor
- 29 CVE-2019-10538
- 30 Deliver the Payload Over-The-Air
- 31 Deliver the Payloads Using Pixel2
- 32 Demo
- 33 Future Works