Software stacks for cellular communication standards are complex beasts.In the past, I presented work on memory corruption vulnerabilities insaid software stacks that were found using reverseengineering of the firmware image and subsequent static analysis.
However, this is a really time consuming technique. Moreover, not havinga debugger but only the option of obtaining memory snapshots makesdevelopment of exploits time-consumimg. In this talk I will look at anddemonstrate the available options to debug code on the basebandprocessor -- both software-oriented and using additional hardware.A port of Guillaume Delugre's qcombbdbg to OKL4 hosted QCOM basebandstacks will be shown [hopefully I will have the remaining bugs fixed bythen so I can also release it at REcon].