Travis Goodspeed

Security ResearcheR (USA)

Abstract

This lecture concerns the Tytera MD380, a handheld transceiver used for the Digital Mobile Radio (DMR) protocol, a competitor to TETRA and APCO P25. First, I'll describe in detail how firmware was extracted from a locked radio, despite protection features. Then, I'll describe how the firmware was reverse engineered, tracing I/O ports and external memory addresses. Once the firmware was understood, it became possible to patch it for promiscuous mode and other new features. With a bit more work, we'll see completely open source firmware for this platform.

Speaker Bio

Travis Goodspeed is a Southern Appalachian neighbor trapped in New York City. He quite likes his packet-in-packet trick for remotely injecting layer 1 frames from layer 7 data, as well as collecting exploits for ROM bootloaders. His work is frequently featured in PoC||GTFO.

Copyright © 2017-18 | Nullcon India | International Security Conference | All Rights Reserved