Overview
This course aims to teach learners how to reverse-engineer the MediaTek audio DSP firmware and Android API, identifying vulnerabilities that could lead to local privilege escalation and other security risks. The course covers topics such as the MediaTek audio DSP architecture, Tensilica Xtensa microprocessor, disassembly, object dump, and analyzing audio tasks. The teaching method involves a detailed exploration of the firmware and API, with a focus on practical research and hands-on analysis. This course is intended for security researchers, professionals in the field of firmware security, and individuals interested in mobile platform security.
Syllabus
Introduction
Research Goal
Research Methodology
Test PC Code
EP Message
Memory
Kernel Lock
Android to Audio DSP
Create Audio EP Message
Research
Audio DSP Image
RAM Partition
Tensilic Extensions
Disassembly
Object Dump
Audio Tasks
Android Kernel Lock
Task Audio Demon
Open Audio Buffer
What we have
Parameters
Program File
Summary
Questions
Taught by
Hack In The Box Security Conference