Baseband Exploitation
Amat Cama

Dates

15-18 of May 2023

Capacity

20

Price

4.000€

  • Objectives 

    • Basic understanding of cellular networks
    • Understanding of the interaction between baseband and base stations
    • Understanding of typical baseband architectures
    • Ability to identify and exploit vulnerabilities in the baseband
    • Understanding the interaction between cellular processors and application processors
    • Reverse engineering embedded firmware

  • Day 1: Introduction to Cellular Networks

    • The GSM protocol
    • The 3G protocol
    • The 4G Protocol
    • The CDMA path of cellular protocols
    • Cellular protocols as an attack surface, motivations and impact

  • Day 2: Research Environment Setup

    • Installing and setting up OpenBSC
    • Programming your own SIM card
    • Installing and setting up srsLTE
    • Testing communications and modifying OpenBSC and srsLTE
    • Extracting the firmware image of the target and loading into Ghidra / IDA
    • Reverse engineering the target to identify cellular stack code
    • Debugging the target

  • Day 3: Vulnerability Identification and Exploitation I

    • Bug hunting and exploitation (GSM)

  • Day 4: Vulnerability Identification and Exploitation II

    • Bug hunting and exploitation (LTE)
    • Exploring possibilities of a compromised baseband
    • Pivoting to the application processor

Prerequisites

    • Familiarity with the ARM architecture
    • Familiarity with memory corruption vulnerabilities and exploitation
    • Be comfortable with C and ARM assembly
    • Basic reverse engineering skills
    • IDA license if you prefer to use that over Ghidra

Hardware

    • Laptop with Ubuntu and USB 3 support
    • If you would like to use macOS, at your own peril

Bio

Amat is a Principal Security Research at Vigilant Labs.

He has previously worked as a Penetration Tester at Virtual Security Research, a Product Security Engineer at Qualcomm and a Senior Security Research at Beijing Chaitin Technology Co..

He is a member of the fluoroacetate duo that won Master of Pwn at Pwn2Own Tokyo 2018, 2019 and Pwn2Own Vancouver 2019, 2020.

Limited Seats - Remember to reserve your ticket!

register now