In the last years mobile devices usage has turned massive. These devices, in general, follow the IEEE 802.11 standard for wireless connectivity. Broadcom is one of the most important semiconductor companies in the wireless and broadband communication business. Some of their WiFi solutions (BCM4325 & BCM4329 chipsets) are included in great part of the mobile devices market, including vendors like Apple, Samsung, Motorola, Sony, Nokia, LG, Asus and HTC. In this paper we describe the process of modification of the firmware program on these cards. The presented results could open new possibilities to the information security community such as access to baseband components without intervention of the operating system and the capabilities to store information within the network card's internal memory among others. As the reader explores the present work we go through the internals of the firmware program, our reverse engineering process and show, as a proof of concept, how to set these cards on monitor mode.
Friday, September 21, 2012