Enabling Security Research on Qualcomm Wifi Chips

Explore the process of modifying firmware on modern Qualcomm Wifi chips to extend functionality and enable security research. Dive into the architecture of Qualcomm Wifi chips and the structure of their firmware, focusing on the IPQ4019 chip used in many Wifi routers. Learn about the challenges of working with Xtensa architecture and the methods to access memory of the Wifi core from within the Linux system. Discover how to patch an existing Binary Ninja plugin to generate readable assembly and overcome compilation challenges for little endian output. Examine the modifications made to the Nexmon framework to allow patching of Qualcomm firmware in the C programming language, and witness a demonstration of a proof-of-concept patch. Gain insights into potential improvements for the framework and areas requiring further research to better understand Qualcomm Wifi firmware.

Recon 2023 - Daniel Wegemer - Enabling Security Research On Qualcomm Wifi Chips