A framework of tools for researching the interface connecting the iPhone's application processor with its baseband chipset and related functionalities.
Read more about the different baseband chips part of iPhones on The Apple Wiki.
The CellGuard iOS app for detecting rogue base station builds upon our insights gained from applying BaseTrace. The app is available in a dedicated GitHub repository.
iPhones with Qualcomm basebands use the Qualcomm MSM Interface (QMI) protocol for iOS-baseband-communication. Read more about the iPhone's baseband architecture in our paper "Catch You Cause I Can".
iOS-specific protocol extension for the library libqmi used by the QMI dissector and CellGuard.
A Wireshark dissector for iPhones with Qualcomm basebands.
Works with all iPhones.
A tool to establish a direct communication link with Qualcomm basebands in iPhones, enabling you to inject custom QMI packets and receive the baseband's responses.
Requires a jailbroken iPhone.
iPhones with Intel and Apple basebands use the Apple Remote Invocation (ARI) protocol for iOS-baseband-communication. Read more about the protocol in Tobias' bachelor thesis and his paper ARIstoteles.
ARIstoles is a Wireshark dissector for iPhones with Apple or Intel basebands.
Works with all iPhones.
iPhones with Apple basebands (C1, C1X, ...) use ARM-based firmware. Our loader for Binary Ninja enables you to decompile various binary firmware files. The directory contains the tool's installation instructions.
Apple's location database stores approximate locations for a Wi-Fi access points and cells part of the cellular network. Read more about how different open location databases compare with Apple's database in our paper "Catch You Cause I Can".
A standalone client for querying Apple's location database.
- Arnold L., Hollick M., Classen J. (2024): "Catch You Cause I Can: Busting Rogue Base Stations using CellGuard and the Apple Cell Location Database"
- Kröll T., Kleber S., Kargl F., Hollick M., Classen J. (2021): "ARIstoteles – Dissecting Apple’s Baseband Interface"
- Kröll T. (2021): "ARIstoteles: iOS Baseband Interface Protocol Analysis"