Unlocking Hidden Powers in Xtensa-based Qualcomm WiFi Chips

Explore how to modify firmware in modern Xtensa-based Qualcomm WiFi chips through this 37-minute conference talk from DEF CON 31. Discover the untapped potential of WiFi chip processors, which despite their capabilities, typically run closed-source firmware that restricts modifications. Learn about Qualcomm WiFi chip architecture, understand firmware structure, and gain insights into extending functionality beyond manufacturer intentions. Follow along as security research techniques are demonstrated for finding vulnerabilities in closed-source WiFi code. Get hands-on knowledge about using a modified version of the Nexmon framework for patching Xtensa-based firmware, with detailed explanations of each step in the patching process.