matthiasseemoo
commented
6 years ago Thanks for the hint, we already started reversing the firmware.
Am 20.02.2018 5:14 nachm. schrieb "Marcus" notifications@github.com:
I've written some tools to dump the RAM and ROM of the the second ARM core in broadcom chip, responsible for handling bluetooth and fm radio:
https://github.com/marcusml/broadcom_tools
Notes:
I came accross a reference to "bluetool", a windows/perl tool that once was on broadcom site, used for accessing additional diagnostic modes on the chip, but I haven't been able to find the tool online.
I also found a detailed list of hci commands for controlling the FM radio (it shares the same core as the bluetooth chip):
https://github.com/CyanogenMod/android_frameworks_base/blob/froyo/ core/jni/android_hardware_fm.cpp
Unfortunately I don't have IDA for ARM Cortex M3 to analyze the dumps, but perhaps this might interest someone who has. @baselsayeh https://github.com/baselsayeh ? :)
Cool project!
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/seemoo-lab/nexmon/issues/191, or mute the thread https://github.com/notifications/unsubscribe-auth/ALP_7rZD1GHtZUF_9HkXQodMyDH0aG7bks5tWu9LgaJpZM4SMN1c .
baselsayeh
I've written some tools to dump the RAM and ROM of the the second ARM core in broadcom chip, responsible for handling bluetooth and fm radio:
https://github.com/marcusml/broadcom_tools
Notes:
I came accross a reference to "bluetool", a windows/perl tool that once was on broadcom site, used for accessing additional diagnostic modes on the chip, but I haven't been able to find the tool online.
I also found a detailed list of hci commands for controlling the FM radio (it shares the same core as the bluetooth chip):
https://github.com/CyanogenMod/android_frameworks_base/blob/froyo/core/jni/android_hardware_fm.cpp
Unfortunately I don't have IDA for ARM Cortex M3 to analyze the dumps, but perhaps this might interest someone who has. @baselsayeh ? :)
Cool project!