CalvinBackup/Insecure-By-Design
1
0
Fork 0
mirror of https://github.com/JGoyd/Insecure-By-Design.git synced 2026-02-12 23:52:50 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update README.md

Browse Source
This commit is contained in:
Joseph Goydish II
2025-12-27 11:16:42 -05:00
committed by GitHub
parent 7782150950
commit 2f81def0ca
1 changed files with 24 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

39
README.md
View File

@@ -81,10 +81,19 @@ Modern WiFi chipsets from all major vendors (Broadcom, Qualcomm, Intel, MediaTek
| **802.11 Protocol** | Full stack implementation | Universal (all WiFi chips) |
| **Bluetooth Integration** | 24 coexistence references | High (combo chips) |
| **Proximity Detection** | proxd (WiFi FTM/RTT) | Universal (802.11mc) |
| **Olympic Project** | Firmware branch name | Vendor-specific |
| **Project Olympic** | Confirmed Exploitation Window: 36.7% correlation between AP Sleep & Critical State | Vendor-specific (BCM4387c2/4388) |
| **1,374 Functions** | ARM Thumb disassembly | Vendor-specific |
**Complete technical analysis:** See `BCM4387c2_Analysis.md`
---
## The Smoking Gun: Project Olympic
While architectural features are universal, the `Project_Olympic/` folder provides **undeniable proof of active, unmonitored exploitation and state-machine failure** in the BCM4387c2/4388 family.
**Key Evidence Surfaces:**
- **The Temporal Window:** Forensic analysis of `bluetoothd-hci-2025_01_02.pklg` demonstrates that **36.7% of critical hardware warnings occur during host sleep transitions**.
- **State Machine Collapse:** Discovery of `scan core sleep state:10` shows the "Shadow OS" (`Poppy_CLPC_OS`) enters undefined logic branches when the primary iOS/Android kernel is suspended.
- **Privileged Memory Access:** 10 independent DMA channels (`wl0:dma0-9`), mapped from offset `0x1a99c0`, provide direct physical memory access, bypassing the host OS.
---
@@ -283,25 +292,25 @@ md5sum SoC_RAM.bin
---
## Repository Contents
### Files
1. **README.md** (this file)
- Industry-wide architectural analysis
- Architectural analysis
- Cross-vendor risk assessment
- Verification methodology
- Integrated exploitation evidence (Project Olympic)
2. **BCM4387c2_Analysis.md**
- Complete technical evidence report
- Detailed findings with byte offsets
- Reproducible verification commands
- Cross-vendor architecture comparison
2. **Project_Olympic/**
- **Undeniable Proof of Exploitation:** Correlation between host power states and autonomous chipset errors.
- **DMA Channel Maps:** Physical memory offsets for all 10 verified DMA paths.
- **Shadow OS Logs:** Extraction of `Poppy_CLPC_OS` and persistent modules (`Oly.Nash`).
- Full forensic log files, PoC traces, and state analysis reports.
3. **SoC_RAM.bin**
- Primary source artifact (2,068,480 bytes)
- MD5: 28d0f2a6eb5ea75eb290b6ef96144e5b
- SHA256: 0b29a1942be18c459bfee03a30d9f891adfd7e957f74acc2188f455f659643f3
3. **BCM4387c2_Analysis.md**
- Technical evidence report (reference)
- Detailed findings and verification commands
4. **SoC_RAM.bin**
- Firmware dump for architectural analysis
### Analysis Tools Required