Linked by Thom Holwerda on Tue 12th Nov 2013 23:06 UTC
PDAs, Cellphones, Wireless

I've always known this, and I'm sure most of you do too, but we never really talk about it. Every smartphone or other device with mobile communications capability (e.g. 3G or LTE) actually runs not one, but two operating systems. Aside from the operating system that we as end-users see (Android, iOS, PalmOS), it also runs a small operating system that manages everything related to radio. Since this functionality is highly timing-dependent, a real-time operating system is required.

This operating system is stored in firmware, and runs on the baseband processor. As far as I know, this baseband RTOS is always entirely proprietary. For instance, the RTOS inside Qualcomm baseband processors (in this specific case, the MSM6280) is called AMSS, built upon their own proprietary REX kernel, and is made up of 69 concurrent tasks, handling everything from USB to GPS. It runs on an ARMv5 processor.

Permalink for comment 576817
To read all comments associated with this story, please click here.
RE[3]: Heh
by fuckregistration on Thu 14th Nov 2013 08:35 UTC in reply to "RE[2]: Heh"
fuckregistration
Member since:
2013-11-13

That thing is only usable for GSM. With a SDR you can mess with CDMA, UMTS and LTE. Not only that, but you can do much, much more beside hacking phone networks.

There is no usable code released for anything other than GSM.
Implementing a stack for UMTS takes man years (given a programmer who is experienced in that field already).
This is unrealistic, only a purely theoretical possibility.

Also, that piece of software is only usable as a baseband software for your own stupid phone.

Not true. There are quite a lot of applications for osmocombb, not only 'mobile', which is the normal MS functionality.
Of course a general purpose SDR has more possibilities, but that's well out of scope of this discussion.

You can't impersonate a base staion with it with ease.

Yes you can.
http://bb.osmocom.org/trac/wiki/Software/Transceiver
That's not any more complicated than running 'mobile'.

Reply Parent Score: 2