This course aims to teach learners how to emulate Samsung's "Shannon" baseband for security testing. The learning outcomes include understanding the importance of baseband processors in mobile phones, exploring the vulnerabilities in basebands, and utilizing the ShannonEE emulation environment for vulnerability research.
Individual skills taught in the course include leveraging the avatar2 & PANDA frameworks, debugging basebands, reverse engineering, fuzzing techniques, and GSM session management.
The teaching method involves a presentation format covering topics such as the Samsung baseband, baseband emulation, debugging methods, reverse engineering, and future research directions.
The intended audience for this course includes security researchers, vulnerability analysts, mobile device developers, and individuals interested in understanding and testing the security of baseband processors in mobile phones.
Overview
Syllabus
Introduction
About me
Agenda
What is a Baseband
Why Basebands
Samsung Baseband
Baseband Emulator
How did we get here
Crashes
Root
Debugging
Scaling
Reverse Engineering
Boot modes
Samsung kernel
Memory structure
Block diagram
Next step
Choosing a framework
Boot UART
UART debugging
Snapshots
The Problem
PiPanda
PAL
The Banner
Fuzzing
Triforce AFL
Target AFL Tasks
GSM Session Management
Fuzz Single
Demo
Rediscovery
Call of Death
Experimental Setup
Calling Demo
Logcat
Wrap Up
Future Work
Release Schedule
Thank You
Questions
Taught by
Black Hat
