David Noel Breuer, M.Sc.

Smartphone and Web Privacy / Advertisement Networks / Researcher

Contact Information

David Noel Breuer

Offered Theses Topics

No results match your search criteria.

  2024 Available now

Smartphone and Web Privacy

Supervisor: David Noel Breuer

If you are interested in topics related to smartphone and browser privacy (mostly from an end-user perspective) feel free to reach out to me! I am happy to discuss with you about your ideas :) If you already have a specific idea we will try to shape that into a thesis topic. Otherwise, we will fetch one from our own topic pool. Topics might include: Reverse Engineering of interesting or weird smartphone features. Measuring the prevalence of (anti-)tracking features in current browsers. Analyzing the advertisement ecosystem. ... Prerequisites depend on the kind of topic you choose, but in general it is highly recommended for you to bring some knowledge about your respective thesis topic and a good amount of motivation.

  2023 Completed

Continuous Fuzzing Integration Into State of the Art Development Processes for Improved Software Security

Supervisor: David Noel Breuer

...

  2022 Completed

Reverse Engineering and Emulating Broadcom's WiFi Real-Time Core Peripherals

Supervisor: Jakob Link David Noel Breuer

Broadcom/Cypress WiFi chips commonly hold a microprocessor, also called D11 core, that handles all real-time related 802.11 MAC tasks in form of a programmable state machine (PSM). It is directly connected to the chip's PHY components as well as its non-real-time related parts. Successful attacks on the D11 core would therefore pose a high risk on the whole device. Especially, as the chip is constantly exposed over its wireless interface. Although the D11 core's architecture and instruction set are mostly proprietary, disassembling and assembling of microcodes (D11's firmware) is possible due to previous reverse engineering efforts. This in turn allows analyzing, modifying and on-chip debugging of microcodes. However, the current related processes are error-prone and time consuming. To improve those tasks, a basic emulator that can interpret the proprietary instruction set and perform corresponding calculations and memory/register accesses was designed and implemented in prior work. But, in order to properly run microcodes on the emulator, several peripherals (e.g. timers, crypto engine, tx/rx engines, PHY interface, ...) that directly influence the PSM's flow need to be emulated additionally. In this thesis, we want to analyze peripherals that are directly connected to the D11 core and simulate their behavior to the existing emulator. C and Assembly skills are recommended, as well as experience and/or interest on reverse engineering, IEEE 802.11 MAC, and low-level programming.

Publications

No results match your search criteria.

  2023  17th ACM Workshop on Wireless Network Testbeds, Experimental Evaluation & Characterization (WiNTECH '23) Conference

Rolling the D11: An Emulation Game for the Whole BCM43 Family

Jakob Link David Breuer Francesco Gringoli Matthias Hollick

BibTeX DOI: 10.1145/3615453.3616520

Abstract
The D11 is Broadcom's proprietary IEEE 802.11 MAC implementation and an essential part of their WiFi chips. It is a microcontroller that orchestrates the Physical Layer and Radio Front-end implementation and is programmable through a custom microcode. We provide a new emulation framework for the D11 microcode and a corresponding firmware patch for the WiFi chip that enables essential debugging methods, including microcode breakpoints and D11 state extraction. This toolset allows researchers to analyze the D11 microcode in a controlled environment dynamically. To facilitate research on the D11, we provide an overview of state-of-the-art knowledge of the chip and publish all presented tools to the open-source community. We encourage everyone interested to enter the game, roll the D11, and provide new insights on Broadcom's MAC implementation.