Irdev110
commented
3 years ago I might be writing something to do this soon. I need to modify the baseband firmware for a SIM800L module but much of the code is stored in a compressed ZIMAGE region.
Open ajaybhargav opened 5 years ago
Irdev110
commented
3 years ago I might be writing something to do this soon. I need to modify the baseband firmware for a SIM800L module but much of the code is stored in a compressed ZIMAGE region.
Irdev110
commented
3 years ago @ajaybhargav Were you able to unpack and repack it?
ajaybhargav
commented
3 years ago No I dropped the idea of modifying VIVA. What are you trying to do with SIM800?
Irdev110
commented
3 years ago @ajaybhargav I actually found an easier solution that doesn't require modification of VIVA, the SIM808 modules support something called "Embedded AT" which allows you to compile and run your own C code on the chips. I'm trying to build a passive GSM IMSI catcher with support for sniffing multiple downlink channels (one module per ARFCN), and a GSM clone unit which can be used with a fake BTS for MITM purposes.
ajaybhargav
commented
3 years ago I know about Embedded AT and its very basic, I am not sure how your requirement can be implemented with it.
Irdev110
commented
3 years ago I think it's possible to do inline hooking by writing to the right addresses
Hi @donnm thanks for the tool. I came here while searching about information about VIVA and unpacking it. You and @pfalcon did amazing job on opensource tools. ref: https://www.kosagi.com/forums/viewtopic.php?id=158
I wanted to edit VIVA to modify port settings for taking dump on a different port. These port settings are defined in a structure named "NVRAM_EF_CUSTOM_PORT_SETTING_DEFAULT" (got this information from sym and lis) file of firmware that I have provided by modem vendor. They refused to change these settings so I thought I might modify the structure in code. but I am not able to locate it in the firmware.
This structure goes inside the ZIMAGE region of VIVA(probably?) which I am not able to decode/unpack. ref(listing):
ref(symbol file)
0xf03b047c D NVRAM_EF_CUSTOM_PORT_SETTING_DEFAULTSo I came here if you or @pfalcon can help me somehow to identify how can I unpack and repack VIVA. I would also appreciate if I can get any sort of pointers to what possibly can be done regarding this.
Thanks in advance! 👍