Broadcom wireless card for mobiles devices, specifically BCM4325/29/30/34 are the most common wireless cards found on the most popular smartphones & tables (iPhone, Samsung, Nokia and Motorola among others). Even with such an installed base and being a key client component in any wireless network -at least any wifi network where mobile devices participate- not much has been said about such cards.
In a previous research collaboration with Andres Blanco, we presented an approach to modify the firmware to enable monitor mode and raw 802.11 traffic injection in popular smartphones. On that occasion most of our work was performed by static firmware reverse engineering. In this talk, we will describe how to get a more dynamic approach to analyse the behaviour of the firmware execution on the network card CPU.