Explore the development of a DIY ARM debugger for Wi-Fi chips in this conference talk from Recon Brussels 2018. Dive into the Nexmon C-based firmware patching framework, designed primarily for modifying Broadcom Wi-Fi firmwares. Learn how to implement dynamic analysis of proprietary firmwares by setting hardware breakpoints and watchpoints on ARM processors running FullMAC Wi-Fi firmware. Discover the innovative monitor mode debugger that activates the ARM Debug core on Cortex-R4 microcontrollers, handling debugging events directly in the chip's firmware without requiring access to the JTAG port. Gain insights into the debugger's functionality on BCM4339 FullMAC Wi-Fi chips found in Nexus 5 smartphones, including its ability to handle debugging exceptions and perform single-step debugging. Understand the open-source nature of the project, allowing for community reuse and adaptation to other Cortex-R4 based platforms. Presented by Matthias Schulz, a PhD candidate at TU Darmstadt specializing in physical layer security and reverse engineering, this talk offers valuable knowledge for those interested in Wi-Fi firmware analysis and modification.
Overview
Syllabus
Recon Brussels 2018 - DIY ARM Debugger for Wi-Fi Chips
Taught by
Recon Conference