| MIUI8's "Chip Level Pseudo Base Station Identification"
On May 10th, after a preliminary preheating and Weibo notification, Xiaomi Technology released the new Xiaomi Max mobile phone and MIUI8 system. Max's parameters look very good, but in the current situation of excessive hardware performance, it seems that there is no longer so high attraction, but MIUI8's various dazzling features are very interesting. As far as the author is concerned, I am most looking forward to the chain-start management function of "Gourd Baby".
At this conference, one feature is the "chip-level pseudo base station fraud SMS recognition" function of Max Mobile and MIUI8:
Figure: Xiaomi Max mobile phone with chip-level pseudo base station fraud SMS identification
Figure: Chip-level pseudo base station identification and triple protection of MIUI8
A careful reading of the function points on this promotional map gives you the following information:
The Xiaomi Max mobile phone using MIUI8 can identify pseudo base stations at the chip level.
In addition to chip-level identification, MIUI8 also has triple protection on the software: SMS program identifies pseudo base station text messages, identifies phishing URLs, and browser detects malicious URLs.
It is a bit strange. Why does the chip-level recognition of the pseudo-base station not directly avoid the pseudo-base station, but also combined with the application-level triple protection to prevent false base station SMS fraud? Application-level scam SMS prevention, isn't that all the major security butlers playing the rest? What is the secret of this MIUI8 chip-level identification pseudo base station?
With these questions, the author began to open his mind and try to see Xiaomi's "chip-level pseudo base station identification" black technology.
| Millet Max's chip-level black technology
In the article "Kirin 950 chip-level anti-counterfeit base station black technology, in the end more material? At the end of the article, the author once joked that Qualcomm, Samsung, and MediaTek chips also have interfaces. As long as they are willing, all mobile phone manufacturers can play "chip-level" support.
Is that the case?
The author later actually went to check the information, the answer is: Yes!
The Qualcomm Snapdragon 650/652 processor used in the Xiaomi Max mobile phone is estimated to use such technology.
The next content is a bit biased, and of course there is some guessing. If you don't feel satisfied with it, then the author will say it.
(Note: This is the author's self-importance, although it is "speaking", but it is also based on reasonable assumptions on the basis of technology)
Qualcomm has a wireless signal quality diagnostic tool running on a PC called QXDM (full name: Qualcomm eXtensible Diagnos TIc Monitor). Basically, all mobile phones using Qualcomm chips can be connected to a computer via a data cable, and the PC software can be used to detect the quality of the air signal to which the mobile phone is connected. As mentioned in the QXDM documentation: All over-the-air signaling messages are logged, that is, all wireless signal information can be recorded - of course, information about the communication between the mobile phone and the pseudo base station.
Max mobile phone is estimated to be the way to go.
Figure: QXDM software interface
It is known that the location area LAC value, transmission power, C1/C2 cell selection and reselection parameters of the pseudo base station are different from the data of the real base station of the operator. By analyzing the diagnostic information, it is possible to identify the pseudo base station.
So: Develop a program on the Max phone to analyze the diagnostic information output from the QXDM interface. This is basically done (you may need to adapt the driver).
Where is this interface, in fact, it is a Linux device file for Android, the path is /dev/diag. After searching online, I found that the driver source code of Qualcomm has been open source for some time. The related pseudo base station identification program also has an Android version of open source implementation by a security lab abroad (only applicable to Qualcomm chip rooted mobile phones). Including the identification algorithm model, also open source... Huawei estimates also draw on them...
Figure: Open source pseudo base station detection program, "chip level" black technology Oh!
Qualcomm's diagnostic interface (Diag Support module) is really just a diagnostic interface, and it can output signals for analysis. After quickly glanced at its source code, it did not seem to see the function of accepting the command to switch base stations. Therefore, this is why Xiaomiâ€™s propaganda only talks about â€œidentifyingâ€ pseudo-base stations, but does not mention the â€œrejection of connectionâ€ of pseudo-base stations (because it canâ€™t be done), and it also requires three-fold protection on software.
Therefore, the author irresponsiblely guess again: At present, Xiaomi's chip-level identification pseudo base station technology mainly relies on teammates. I would like to ask if there is any special support for Qualcomm on this Max mobile phone. I guess: Wood has... (Because it is very troublesome to change the chip! The ready-made diagnostic interface is topped up!) As for the final effect of the Max mobile phone, it remains to be seen. The results of the evaluation after you got the real machine.
Hey... I canâ€™t help but think about it here: I donâ€™t have a processor for my mobile phone. Itâ€™s really awkward!
Multifunctional High Speed Blender,Mute Wall High Speed Blenders,Household High-Speed Blender,Good High Speed Blender
JOYOUNG COMPANY LIMITED , https://www.globaljoyoung.com