Exploiting Qualcomm WLAN and Modem Over The Air

Exploiting Qualcomm WLAN and Modem Over The Air

Black Hat via YouTube Direct link

Reverse Engineering - Offload Handlers

10 of 33

10 of 33

Reverse Engineering - Offload Handlers

Class Central Classrooms beta

YouTube videos curated by Class Central.

Classroom Contents

Exploiting Qualcomm WLAN and Modem Over The Air

Automatically move to the next video in the Classroom when playback concludes

  1. 1 Intro
  2. 2 MBA and Modem images
  3. 3 Modem Secure Boot
  4. 4 TOCTOU Vulnerability Bypass Secure Boot
  5. 5 Debug Server Injection
  6. 6 Qualcomm WLAN Architecture
  7. 7 Example - WIFI List
  8. 8 Firmware
  9. 9 Reverse Engineering - Hint From Qualcomm
  10. 10 Reverse Engineering - Offload Handlers
  11. 11 Sample Offload Handler
  12. 12 The Roadmap
  13. 13 Mitigation Table (WLAN & Modem)
  14. 14 The Vulnerability (CVE-2019-10540)
  15. 15 Data & Address of Overflow
  16. 16 Smart Pointer Around Overflow Memory
  17. 17 Usage Of Smart Pointer
  18. 18 Global Write With Constraint
  19. 19 Control PC & RO
  20. 20 Transform To Arbitrary Write
  21. 21 Run Useful FOP Gadget
  22. 22 Memory Mapping RWX
  23. 23 Copy Shellcode to 0x42420000
  24. 24 Trigger Shellcode
  25. 25 From WLAN to Modem
  26. 26 Map Modem Memory into WLAN
  27. 27 The Attack Surfaces
  28. 28 Memory Management of Qualcomm Multi-Processor
  29. 29 CVE-2019-10538
  30. 30 Deliver the Payload Over-The-Air
  31. 31 Deliver the Payloads Using Pixel2
  32. 32 Demo
  33. 33 Future Works

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.