Modern smartphones are made of two parts: The “smart” part and the “phone” part. They are very independent from each other, on iPhone for example MacOSX can crash during a call but user will still be able to pursue a conversation. Those two part use separate boards, processors, run different operating system started with different bootloader and of course don't use the same RAM. More interesting is that they are “poorly” coupled and communicate with each other via an UART serial line to pass commands, the same old way a 386 was communicating with a modem plugged on a port COM 14 years ago. The protocol (Hayes Command Set) is 30 years old, human readable and extendable: even relatively new function such as “unlocking” are done over AT-Commands.
Article about HOWTO to create middle layer between AP and BP: Part 1, Part 2
Injecting SMS messages into Smartphones for the Security Analisys article
Open Source implementation of GSM stack osmocom
GSM protocol analysis A5
Wrigley 3G use RTXC as baseband RTOS Manual and SDK and headers, on the Droid - Rex RTOS
Open source mux driver 3GPP 27.010 mux0710
Code, interacting with modem (needed to be reversed):
libmotdb.so libmot_mead_jni.so libmot_atcmd_mflex.so libmod_atcmd.so libril.so libril-moto-umts-1.so location opprofdaemon protocol_driver tcmd ril_tcmd bplogd_daemon nvm_daemon panic_daemon ssmgrd