Knockin' On MediaTek ADSP's Door
Offered By: Hack In The Box Security Conference via YouTube
Course Description
Overview
Explore the vulnerabilities in MediaTek's audio DSP firmware and Android API in this HITB Security Conference talk. Dive into the reverse engineering process of the custom Tensilica Xtensa microprocessor architecture used in MediaTek SoCs. Learn about the discovered security issues that could lead to local privilege escalation, eavesdropping on user conversations, and malicious code concealment. Gain insights into the unique challenges posed by MediaTek's custom instruction set and the research methodology employed to uncover these vulnerabilities. Understand the implications for the security of smartphones and IoT devices using MediaTek chips, which are present in approximately 37% of such devices worldwide.
Syllabus
Introduction
Research Goal
Research Methodology
Test PC Code
EP Message
Memory
Kernel Lock
Android to Audio DSP
Create Audio EP Message
Research
Audio DSP Image
RAM Partition
Tensilic Extensions
Disassembly
Object Dump
Audio Tasks
Android Kernel Lock
Task Audio Demon
Open Audio Buffer
What we have
Parameters
Program File
Summary
Questions
Taught by
Hack In The Box Security Conference
Related Courses
Browser Hacking With ANGLEHack In The Box Security Conference via YouTube Can A Fuzzer Match A Human
Hack In The Box Security Conference via YouTube Biometrics System Hacking in the Age of the Smart Vehicle
Hack In The Box Security Conference via YouTube ICEFALL - Revisiting A Decade Of OT Insecure-By-Design Practices
Hack In The Box Security Conference via YouTube Fuzzing the MCU of Connected Vehicles for Security and Safety
Hack In The Box Security Conference via YouTube