Explore the intricacies of Bluetooth firmware analysis and exploitation in this conference talk from Recon 2019. Dive into the world of InternalBlue, a powerful framework for analyzing and patching Broadcom Bluetooth chips. Gain insights into the challenges of reverse engineering complex firmware with thousands of undefined functions, and learn how to port features across different firmware versions. Discover practical examples of writing custom patches using both assembly and C, leveraging the Nexmon project for extended functionality. Examine two critical vulnerabilities, CVE-2018-19860 and CVE-2019-6994, uncovered during the research process. Understand the practical implications and difficulties of patching Bluetooth firmware in real-world scenarios, making this talk invaluable for security researchers and Bluetooth enthusiasts alike.
Reversing and Exploiting Broadcom Bluetooth
Overview
Syllabus
Recon 2019 - Reversing and Exploiting Broadcom Bluetooth by Jiska & Dennis Mantz
Taught by
Recon Conference
Related Courses
-
Dissecting Broadcom Bluetooth
-
Hackable Security Modules - Reversing and Exploiting a FIPS 140-2 Lvl 3 HSM Firmware
-
Bluetooth - Does It Spark Joy?
-
DIY ARM Debugger for Wi-Fi Chips
-
Create Your Own Fitness Tracker Firmware
-
Reversing an M32C Firmware - Lessons Learned from Playing with an Uncommon Architecture
