Explore iPhone baseband research and reversing techniques in this 48-minute conference talk from LevelUp 0x03. Dive into the intricacies of baseband technology in mobile Apple devices, focusing on 32-bit systems and Qualcomm firmware. Gain insights into baseband internals, research methodologies, and useful tools for analysis. Learn about firmware boot stages, code signatures, security measures, and certificate chains. Discover techniques for dumping and debugging SBL1, analyzing Sahara mode in SBL2, and identifying known vulnerabilities. Explore fuzzing methods for baseband, including log analysis and AT command fuzzing. Acquire valuable resources and understand future developments in this field of mobile security research.
iPhone Baseband Research and Reversing - Security Insights and Techniques
Overview
Syllabus
Intro
WHY BASEBAND
WHAT IS BASEBAND
BASEBAND IN 32-BIT MOBILE APPLE DEVICES
BASEBAND FIRMWARE IN 32-BIT MOBILE APPLE DEVICES
QUALCOMM BASEBAND OPERATING SYSTEM
QUALCOMM FIRMWARE: BOOT STAGES
QUALCOMM FIRMWARE: CODE SIGNATURES
QUALCOMM FIRMWARE: PARSE AND LOAD SECURITY
QUALCOMM FIRMWARE: CERTIFICATE CHAIN
QUALCOMM FIRMWARE: AMSS
QUALCOMM FIRMWARE: OSBL
QUALCOMM DETAILS (IPHONE 5)
SBL1 DUMPING AND DEBUGGING FEATURES!!!
SBL2: SAHARA MODE DLOAD
ANALYZING FIRMWARE
KNOWN VULNERABILITIES IN BASEBAND FIRMWARE
FUZZING THE BASEBAND: LOGS
FUZZING THE BASEBAND: FUZZER
FUZZING AT COMMANDS
FUTURE DEVELOPMENTS
RESOURCES
Taught by
Bugcrowd
