Session:Customizing Bluetooth and Wi-Fi Firmware
|Description||Introduction talk to binary patching with Nexmon for Wi-Fi and Bluetooth. Followed by a practical part with a focus on patching Bluetooth on off-the-shelf smartphones and laptops with a Broadcom Bluetooth chip.|
|Keyword(s)||hardware, software, inside, embedded, network, hacking, coding, security|
|Language||de - German, en - English |
de - German, en - English
|Subtitle||Binary patching for Broadcom Wi-Fi/Bluetooth combo chips|
|Starts at||2019/08/23 19:30|
|Ends at||2019/08/23 20:00|
Broadcom combo chips run two ARM cores, one for Bluetooth and one for Wi-Fi. With Nexmon, firmware for both cores can be patched. This can be used to observe and modify lower layer traffic on the chip. Build whatever you want into your chip to improve security and performance or hack the next big thing.
It is very likely that you already own a device with a Broadcom Wi-Fi/Bluetooth combo chip. Any Apple device has them (iPhone/Apple watch/Macbook/iPad), they are on Raspberry Pi 3/3+, and also on quite a lot of Android smartphones (i.e. Nexus 5/6P, Samsung Galaxy S6/S8/S9/S10*/Note 9). If not, there are also some evaluation boards available. Best support for our patching framework is currently available in the Linux and Android world (requires root access), but iOS and macOS are work in progress projects with rudimentary support (iOS requires jailbreaking). We will bring a selection of hardware to the workshop.
In the beginning of the workshop there will be a brief walkthrough on binary patching for Wi-Fi and Bluetooth with a Bluetooth example to extract encryption keys from the host.