Please note: the training ticket does not include access to the conference. Similarly, the conference ticket does not grant access to the trainings. If you have any questions, reach out to us.
The training teaches the structure of typical cellular baseband firmware on the example of Samsung’s Shannon baseband. We cover how basebands communicate internally, how to reverse engineer them, and how to find security vulnerabilities through emulation and fuzzing.
The training uses firmware binaries from real phones. While most of the training is centered around static and dynamic off-device testing, such as reverse engineering and emulation, participants also get the chance to interact with real phones and perform over-the-air testing.
The training is divided into four parts:
Hands-on introduction to FirmWire
Participants will gain hands-on experience on baseband firmware in modern smartphones. They will learn the general structure of a baseband RTOS, by the example of the Shannon baseband. Together, we will dump the firmware from the device, take a deep dive into the binary, find common patterns and reverse engineer protocol parsers.
Equipped with the gained knowledge about the firmware, students will learn how to rehost selected parsers and fuzz-test them using AFL++. Then, we will set up a fake base station using commercially available Software Defined Radios for over-the-air replication of discovered crash cases.
Lastly, we will provide a brief hands-on introduction to FirmWire, a state-of-the-art full-system baseband emulation platform released in 2022.
Ethernet port with access to internet, preferably without captive portals in the middle - we need to create our own WiFi network for the training, so that attendees can SSH into the dedicated training equipment.
Marius is a postdoctoral researcher at Vrije Universiteit Amsterdam. His research interests cover (in-)security of embedded systems, binary & microarchitectural exploitation, and defenses. He obtained his PhD from Sorbonne University in cooperation with EURECOM. He developed and maintains avatar2, a framework for analyzing embedded systems firmware. Among others, he used the framework within the FirmWire project for emulating Samsung’s Shannon and MediaTek’s MTK baseband firmware, resulting into the discovery of several critical vulnerabilities.
Fabian has been working freelance in the IT Security Industry for several years, performing security assessments, code audits, and doing vulnerability research. With a background in physics and long-time experience playing CTF, Fabian focuses on low-level static reverse engineering and binary exploitation. He likes scripting reverse engineering tasks and developing plugins for reverse engineering tools. His recent public work includes reverse engineering the AirTag, as presented at Hardwear.io NL 2021.