Existing baseband emulators struggle to match over-the-air testing due to missing emulation of complex peripherals like DSPs, SIM cards, and RF frontends. This limits fuzzing to only shallow-level bugs. BaseBridge, an extension to FirmWire, boosts emulation accuracy by restoring relevant connection state from memory dumps, obtained from physical phones. Supporting MediaTek and Samsung firmware, BaseBridge greatly expands fuzzing coverage — by a factor of up to 5x for MediaTek. It also passes LTE conformance tests and enables deeper, faster bug discovery, uncovering 5 new vulnerabilities in the process.
The paper linked above is © 2025 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.