Session:Customizing Bluetooth and Wi-Fi Firmware

Description Introduction talk to binary patching with Nexmon for Wi-Fi and Bluetooth. Followed by a practical part with a focus on patching Bluetooth on off-the-shelf smartphones and laptops with a Broadcom Bluetooth chip.
Website(s)
Type Workshop
Kids session No
Keyword(s) hardware, software, inside, embedded, network, hacking, coding, security
Processing village Village:Chaoswelle
Person organizing
Language de - German, en - English
de - German, en - English
Other sessions... ... further results

Subtitle Binary patching for Broadcom Wi-Fi/Bluetooth combo chips
Starts at 2019/08/23 19:30
Ends at 2019/08/23 20:00
Duration 30 minutes
Location Village:Chaoswelle

Broadcom combo chips run two ARM cores, one for Bluetooth and one for Wi-Fi. With Nexmon, firmware for both cores can be patched. This can be used to observe and modify lower layer traffic on the chip. Build whatever you want into your chip to improve security and performance or hack the next big thing.

It is very likely that you already own a device with a Broadcom Wi-Fi/Bluetooth combo chip. Any Apple device has them (iPhone/Apple watch/Macbook/iPad), they are on Raspberry Pi 3/3+, and also on quite a lot of Android smartphones (i.e. Nexus 5/6P, Samsung Galaxy S6/S8/S9/S10*/Note 9). If not, there are also some evaluation boards available. Best support for our patching framework is currently available in the Linux and Android world (requires root access), but iOS and macOS are work in progress projects with rudimentary support (iOS requires jailbreaking). We will bring a selection of hardware to the workshop.

In the beginning of the workshop there will be a brief walkthrough on binary patching for Wi-Fi and Bluetooth with a Bluetooth example to extract encryption keys from the host.