{"guid":"import-dd7f992024a421b675","title":"Reverse-engineering a Qualcomm baseband","subtitle":null,"slug":"28c3-4735-en-reverse_engineering_a_qualcomm_baseband","link":"http://events.ccc.de/congress/2011/Fahrplan/events/4735.en.html","description":"Despite their wide presence in our lives, baseband chips are still nowadays\npoorly known and understood from a system point of view. Some presentations\nhave hilighted vulnerabilities in GSM stacks across various models of\nbasebands (cf. 27c3: _All your baseband are belong to us_ by R-P.  Weinmann).\nHowever none of them actually focused on the details of how a baseband\noperating system really works. This is the focus of our presentation.  From\nthe study of a simple 3G USB stick equipped with a Qualcomm baseband, we will\ndiscuss how to dump the volatile memory, reverse-engineer the proprietary\nRTOS, and ultimately execute and debug code while trying to preserve the\nreal-time system constraints.\n","original_language":"eng","persons":["Guillaume Delugré"],"view_count":624,"promoted":false,"date":"2011-12-28T01:00:00.000+01:00","release_date":"2012-01-04T01:00:00.000+01:00","updated_at":"2026-04-20T16:15:05.413+02:00","tags":["28c3"," Hacking"],"length":3774,"duration":3774,"thumb_url":"https://static.media.ccc.de/media/congress/2011/28c3-4735-en-reverse_engineering_a_qualcomm_baseband_h264.jpg","poster_url":"https://static.media.ccc.de/media/congress/2011/28c3-4735-en-reverse_engineering_a_qualcomm_baseband_h264_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2011/import-dd7f992024a421b675-timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2011/import-dd7f992024a421b675-thumbnails.vtt","frontend_link":"https://media.ccc.de/v/28c3-4735-en-reverse_engineering_a_qualcomm_baseband","url":"https://api.media.ccc.de/public/events/import-dd7f992024a421b675","conference_title":"28C3: behind enemy lines","conference_url":"https://api.media.ccc.de/public/conferences/28c3","related":[{"event_id":185,"event_guid":"import-c09aabf3b80f40f452","weight":2},{"event_id":693,"event_guid":"import-b55a825bce0ede19d7","weight":2},{"event_id":1303,"event_guid":"import-8a69e7b1ee3f8cc625","weight":7},{"event_id":1405,"event_guid":"import-9a084512d1ad9e7a7a","weight":3},{"event_id":1444,"event_guid":"import-01fa9b6c433d8f94ff","weight":6},{"event_id":1520,"event_guid":"import-70c32b8bc4f7a9b0a7","weight":3},{"event_id":1580,"event_guid":"import-7cc65ec6f710a801aa","weight":3},{"event_id":1803,"event_guid":"c3Q-MbMX7FDXWv6rYj2bFw","weight":6},{"event_id":1835,"event_guid":"xdX27wLbHpeOU_dSgBO4Hg","weight":2},{"event_id":3731,"event_guid":"bc638f9f-0370-42f9-b83c-f85cca4ca38d","weight":8}],"recordings":[{"size":416,"length":3774,"mime_type":"audio/ogg","language":"eng","filename":"28c3-4735-en-reverse_engineering_a_qualcomm_baseband.ogg","state":"downloaded","folder":"ogg-audio-only","high_quality":true,"width":720,"height":576,"updated_at":"2014-05-31T23:45:44.201+02:00","recording_url":"https://cdn.media.ccc.de/congress/2011/ogg-audio-only/28c3-4735-en-reverse_engineering_a_qualcomm_baseband.ogg","url":"https://api.media.ccc.de/public/recordings/3055","event_url":"https://api.media.ccc.de/public/events/import-dd7f992024a421b675","conference_url":"https://api.media.ccc.de/public/conferences/28c3"},{"size":416,"length":3774,"mime_type":"video/webm","language":"eng","filename":"28c3-4735-en-reverse_engineering_a_qualcomm_baseband.webm","state":"downloaded","folder":"webm","high_quality":true,"width":720,"height":576,"updated_at":"2016-01-27T11:03:48.356+01:00","recording_url":"https://cdn.media.ccc.de/congress/2011/webm/28c3-4735-en-reverse_engineering_a_qualcomm_baseband.webm","url":"https://api.media.ccc.de/public/recordings/3054","event_url":"https://api.media.ccc.de/public/events/import-dd7f992024a421b675","conference_url":"https://api.media.ccc.de/public/conferences/28c3"}]}