Date : 04 juin 2020 à 10:00 — 30 min.
Modern basebands are an interesting topic for reverse engineers. However, the lack of debugger for these components makes this work harder.
This article presents how a 1-day vulnerability in Samsung Trustzone can be used to rewrite the Shannon baseband memory and install a debugger on a Galaxy S7 phone. The details of the debugger development are explained and a demonstration will be done by using specific breakpoints to extract interesting informations.