- Schedule
- Venue
- Speakers
- Training
- CFP
- Volunteer
- Recreation
- Blackshield Awards
- CTF
- Sponsors
- Exhibition
- Job Fair
- CXO Track
- Goa'16
- About Speakers
- Travis Goodspeed
Abstract
This lecture concerns the Tytera MD380, a handheld transceiver used for the Digital Mobile Radio (DMR) protocol, a competitor to TETRA and APCO P25. First, I'll describe in detail how firmware was extracted from a locked radio, despite protection features. Then, I'll describe how the firmware was reverse engineered, tracing I/O ports and external memory addresses. Once the firmware was understood, it became possible to patch it for promiscuous mode and other new features. With a bit more work, we'll see completely open source firmware for this platform.
Speaker Bio
Travis Goodspeed is a Southern Appalachian neighbor trapped in New York City. He quite likes his packet-in-packet trick for remotely injecting layer 1 frames from layer 7 data, as well as collecting exploits for ROM bootloaders. His work is frequently featured in PoC||GTFO.