Qualcomm Hexagon Disassembler?
As our mobile devices are getting more and more locked-up and harder to maintain, it's is surprising that so little effort has been done in vulnerability research of the Qualcomm Hexagon
DSP's. After all, these beasts have been roaming around freely in our phone cores for nearly 8 years already. (In all Snapdragons since 2006). But very few, to none of our security experts have had a good look at what's hiding inside.
So what I propose, is that we start an effort to build an Open Source Hexagon Disassembler
for public security research of mobile baseband firmware.
The only effort I know of to this date is that made by Jan Willem Hengeveld
(itsme), who wrote an IDA module (here
) to the best of his abilities. I don't know what is the current status of that today, but the IDA Hexagon module is now hosted at Github HERE
by Ralf-Philipp Weinmann
(rpw), who reverse engineered parts of the baseband (shown in THIS
video) and recently helped expose
the insecurity of TOR
I'm not going to answer why this is important at this point, but I'd rather like to know more about what mobile developers in the security field think about this. Highly technical talk is welcome and preferred.
If you have any additional information on how to do this, or what would be required, please chime in!
MSM8960 Info, Architecture and Bootloader(s)
El Grande Partition Table Reference
How to talk to the Modem with AT commands
[REF][ServiceMode] How to make your Samsung perform dog tricks
[REF|R&D|RF] RF/Radio properties of Samsung ServiceMode
Want to know when your phone is getting tracked or tapped?
Help us develop the IMSI Catcher / Spy Detector!
If you like what I do, just click THANKS! ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
Everything I do is free, altruism is the way!
I do not answer support related PM's.