Reverse Engineering and Exploiting Samsung's Shannon Baseband

Last month we gave a presentation at REcon about Samsung baseband security. The slides are available here. In the talk, we discuss steps for understanding the proprietary firmware format, reverse engineering the RTOS, figuring out the security architecture, analyzing the attack surface to find vulnerabilities, and, finally, writing an exploit to achieve remote code execution. During our journey, we found several tricks that often prove useful during the reverse engineering of embedded devices nicely applicable to our usecase.

Read more