Secure Localization and Distance Bounding with IEEE 802.11

Master Thesis


Analysis: 6
Empiricism: 4
Implementation: 10
Literature Research: 5


Each Broadcom WiFi Chip contains a D11 core that is a programmable state machine used to control the low level WiFi frame handing (you can find more information in the BCM4330 datasheet [3]). For this b43 architecture assemblers and disassemblers already exist [4]. However, it is hard to go through the assembler code to analyze the D11 firmware. In this masterthesis you will create an analysis framework that allows to represent the code in a graph that can be used for further analysis and decompilation or transfer into an immediate representation of the LLVM compiler. You will also create a decompiler and a compiler to convert between program code in C and b43 assembly.

[1] M. Schulz, D. Wegemer, M. Hollick. DEMO: Using NexMon, the C-based WiFi firmware modification framework, Proceedings of the 9th ACM Conference on Security and Privacy in Wireless and Mobile Networks, WiSec 2016, July 2016. [pdf]

[2] M. Schulz, D. Wegemer and M. Hollick. NexMon: A Cookbook for Firmware Modifications on Smartphones to Enable Monitor Mode, CoRR, vol. abs/1601.07077, December 2015. [bibtex]






Student: Michael Palm

Research Areas: Sichere Mobile Netze



Prof. Dr.-Ing. Matthias Hollick

Technische Universität Darmstadt
Department of Computer Science
Secure Mobile Networking Lab 

Mornewegstr. 32 (S4/14)
64293 Darmstadt, Germany

Phone: +49 6151 16-25472
Fax: +49 6151 16-25471


A A A | Drucken Drucken | Impressum Impressum | Sitemap Sitemap | Suche Suche | Kontakt Kontakt | Webseitenanalyse: Mehr Informationen
zum Seitenanfangzum Seitenanfang