
33C3 talk on dissecting cellular modems - BuuQu9hu
http://laforge.gnumonks.org/blog/20161230-33c3-presentation/
======
Sidnicious
Here's the recording:

[https://media.ccc.de/v/33c3-8151-dissecting_modern_3g_4g_cel...](https://media.ccc.de/v/33c3-8151-dissecting_modern_3g_4g_cellular_modems)

(I prefer media.ccc.de over YouTube because it lets you download the video in
at least a couple of formats, and sometimes offers alternate
streams/languages.)

~~~
holri
Related: The YouTube and stream dump problem

[https://events.ccc.de/2015/01/03/the-youtube-and-stream-
dump...](https://events.ccc.de/2015/01/03/the-youtube-and-stream-dump-
problem/)

~~~
jamesbrownuhh
Wow, had been following a ccc account on YouTube for some years, had no idea
it wasn't official. Now subbed to the real source - thanks. :)

~~~
secure
Just to make sure there are no misunderstandings: the mediacccde account is
official:

> To mitigate this we have decided to open an official media.ccc.de YouTube
> channel to at least make sure users don’t have to suffer advertisements,
> incorrect licenses and incomplete metadata. This account can be found on
> [https://www.youtube.com/mediacccde](https://www.youtube.com/mediacccde).

------
therein
So can I really write AT+QLINUXCMD to my USB LTE Modem over tty-over-USB and
execute arbitrary shell commands on the modem's internal linux installation as
root?

~~~
ynezz
It's still present even in the latest EC20E firmware EC20EQAR02A09E2G from
2016-09-24:

    
    
      ynezz@ntbk:/opt/devel/flexisbc/quectel_ec20/EC20EQAR02A09E2G$ grep QLINUXCMD
      Binary file 9615-cdp-recovery-image-9615-cdp.yaffs2 matches
      Binary file dsp2.mbn matches
      Binary file 9615-cdp-usr-image.usrfs.yaffs2 matches
    

Edit: formating

~~~
therein
Would Sierra Wireless 313U be a good candidate?

------
dbalan
system() is one of the most abused function in that code.

------
leowinterde
Video recording on yt
[https://www.youtube.com/watch?v=sq9chzNVoXg](https://www.youtube.com/watch?v=sq9chzNVoXg)

