Exploiting Qualcomm WLAN and Modem Over The Air
Offered By: Black Hat via YouTube
Course Description
Overview
Syllabus
Intro
MBA and Modem images
Modem Secure Boot
TOCTOU Vulnerability Bypass Secure Boot
Debug Server Injection
Qualcomm WLAN Architecture
Example - WIFI List
Firmware
Reverse Engineering - Hint From Qualcomm
Reverse Engineering - Offload Handlers
Sample Offload Handler
The Roadmap
Mitigation Table (WLAN & Modem)
The Vulnerability (CVE-2019-10540)
Data & Address of Overflow
Smart Pointer Around Overflow Memory
Usage Of Smart Pointer
Global Write With Constraint
Control PC & RO
Transform To Arbitrary Write
Run Useful FOP Gadget
Memory Mapping RWX
Copy Shellcode to 0x42420000
Trigger Shellcode
From WLAN to Modem
Map Modem Memory into WLAN
The Attack Surfaces
Memory Management of Qualcomm Multi-Processor
CVE-2019-10538
Deliver the Payload Over-The-Air
Deliver the Payloads Using Pixel2
Demo
Future Works
Taught by
Black Hat
Related Courses
Computer SecurityStanford University via Coursera Cryptography II
Stanford University via Coursera Malicious Software and its Underground Economy: Two Sides to Every Story
University of London International Programmes via Coursera Building an Information Risk Management Toolkit
University of Washington via Coursera Introduction to Cybersecurity
National Cybersecurity Institute at Excelsior College via Canvas Network