Mobile schematics and hardware automation |
Abstract
I loved my Xperia Play - an Android Phone with a gaming controller. But then it stopped getting updates, and the hardware went out of date. It made me think "Couldn't I just replace the motherboard? Isn't that what we do with PCs?". This lead me down a path to find a phone with a credit-card (small) size motherboard that I could re-purpose. But how would I know what-was-what on a phone's motherboard? Enter the leaked electrical schematic. With a Xiaomi Mi 9 phone and full set of detailed schematics I had everything you could ever want for such a project. This talk will dive into how to read a mobile phone electrical schematic and locating those parts on physical hardware. Not only that, but how to interact and control the phone for hardware hacking including Buttons, Voltage, Battery, UART, Emergeny Download Mode (EDL) and USB. Using cheap components (Relays, Tri-state, Muxes) you can gain full automation of phone hardware for flashing (Recovery, fastboot, EDL), simulating battery removal, adb over your own UART connection and the ability to control with a mouse/keyboard over USB. There will also be addition topics discussed such as display interfaces including MIPI DSI. Speaker Bio: Peter is a secure software developer and vulnerability researcher for Interrupt Labs. Outside of work he enjoys making devices do things they shouldn’t and then never using them. Peter has previously worked as a vulnerability researcher at Azimuth Security, Penten and Australian Department of Defence. He has volunteered for the Bsides Canberra security conference for the last 5 years and has developed badge firmware and hardware including the 2019 “Nopia 1337” and 2023 “bPod”. |