Post on 15-Jul-2020
The Smart and the Phone
Inside your SmartphoneYanis BOUSSAD
1st year PhD studentUCA
1
PhD Seminars22/01/2018
Arnaud LEGOUT Leonardo LIZZI Inria LEAT
2
Cell Phone● Cellphone is a mobile telecommunication device
○ Presented in 1973 and commercialized in 1983 (Motorola)
○ Features:■ Voice communication■ SMS (and MMS)
3
Personal Digital Assistant (PDA)
● Personal information managing device○ Appeared beginning of 1990s○ Features:
■ Calendar, To-do list■ Contact book■ Email and Web browsing
4
5
SmartPhone● Is a combination of cell phone and PDA features in one device.
One Chip to Rule’em All
6
SoC
System-On-Chip (SoC)
● A single Integrated Circuit chip combining cell phone and PDA hardware functionalities and more!
● Small size chips
● Low power consumption.
7
8
Memory Modem(Baseband)
GPU CPU
DSP DPUVPULocation(GPS)
How y O at Sy em r ?
it s 2 OS!!
9
One p e co t
mo r a d!
2 coOperating SystemsApplication OS
● Android, iOS, Windows● Display, Storage, Camera, IO
peripherals, Phone contacts...● Runs User applications (Dialer,
Facebook, Camera app, Spotify… )
Baseband OS
● RTOS ● Runs Cellular protocol stack (3G,
LTE...)● Modulation/Demodulation and DSP● [Wifi, Bluetooth, GPS,...]
control/interface● Vendor specific● Closed-source
10
Smart Phone
How do they communicate?(Android case study)
11
App
licat
ion
OS
12
Baseband OS
Phone applications
Application framework
Libraries
Linux Kernel
Radio Interface Layer(RIL)
Android (telephony) stack
13
Radio Interface Layer(RIL)
Android (telephony) stack
RIL Radio Interface Layer
14
● Abstraction layer between Application OS and the baseband.● Receives, translates and forwards system calls between the two OSs.
○ Solicited calls: calls from Application OS to Baseband. (Ex: Sending an SMS)
○ Unsolicited calls: calls from Baseband OS to Application OS. (Ex: Receiving an SMS)
● Vendor specific
● provided as binary file (Closed source)
Android (telephony) stack 15
ATtention AT (Hayes) Commands
16
● Instructions set to configure/control a modem.● Developed by Dennis Hayes in 1981.● Short text strings starting with ‘AT’. ● Dial/Answer call, send SMS, PIN code modification, GPS position...● Example: “AT+CPIN=1234” to enter PIN code.
Man-in-The-Middle [TRACING THE BASEBAND, FABIEN SANGLARD]
● Intercepts then forwards data from RIL to baseband OS and vise-versa.
17
MITM
Man-in-The-Middle [TRACING THE BASEBAND, FABIEN SANGLARD]
[Android recv] :+CRING: VOICE # Hey 'smart', someone is calling you.
[Android send] :AT+CLCC # Sure, send me the phone number of this person
[Android recv] :+CLIP: "+1416839XXXX",145,,,"" # Here it is +11416839XXXX
[Android send] :AT+CMUT=0 # Unmute the microphone
[Android recv] :0
[Android send] :ATA # Pickup the call
[Android recv] :0
[Android send] :ATH # Hang up
[Android recv] :018
So What?
19
● Use smartphone as measurement tool of wireless telecommunication radiations and Cellular network diagnosis tool (ElectroSmart project).
● Limited (possibly corrupted) information only accessible from the Application OS through public APIs.
● Baseband is the master, App OS is just a slave.
How?
20
● AT commands and RIL● Diagnostic port in baseband
○ Serial communication port ○ Exposes ALL raw information of
baseband (network) protocols.○ Proprietary softwares ($$$)
● Challenges:○ Closed source (no docs)○ Raw information (bytes) ○ Specific Diag protocol○ In-device solution.
Thanks
21
References
● Cisco Report: Mobile Phones Will Number 5.5 billion by 2021 http://www.eweek.com/mobile/cisco-report-mobile-phones-will-number-5.5-billion-by-2021
● Drake, J.J., Lanier, Z., Mulliner, C., Fora, P.O., Ridley, S.A. and Wicherski, G., 2014. Android hacker's handbook. John Wiley & Sons.
● Snapdragon 800 Processor https://www.qualcomm.com/products/snapdragon/processors/800
● Miras, Luis. "Baseband playground." Ekoparty, (2011).● Hayes command set. (2017, December 3). In Wikipedia, The Free
Encyclopedia. Retrieved 08:36, January 8, 2018, from https://en.wikipedia.org/w/index.php?title=Hayes_command_set&oldid=813407208
● Introduction to AT commands and its uses. https://www.codeproject.com/articles/85636/introduction-to-at-comman ds-and-its-uses
● Tracing the baseband. http://fabiensanglard.net/cellphoneModem/index.php
● Evan McDonough, Kevin Welch. Smartphone Architecture. http://meseec.ce.rit.edu/551-projects/fall2015/3-2.pdf