BloomTech’s Downfall: A Long Time Coming

Finding New Bluetooth Low Energy Exploits via Reverse Engineering Multiple Vendors' Firmwares

Finding New Bluetooth Low Energy Exploits via Reverse Engineering Multiple Vendors' Firmwares

Black Hat via YouTube Direct link

Intro

1 of 25
Next

1 of 25

Intro

Class Central Classrooms beta

YouTube playlists curated by Class Central.

Classroom Contents

Finding New Bluetooth Low Energy Exploits via Reverse Engineering Multiple Vendors' Firmwares

Automatically move to the next video in the Classroom when playback concludes
  1. 1 Intro
  2. 2 Learning mode
  3. 3 BLE stack in dual chip configuration Host
  4. 4 BLE stack in single chip configuration Controller
  5. 5 New BLE low layer vulnerabilities!
  6. 6 Lab setup: targets
  7. 7 Lab setup: for basic HW debug 1
  8. 8 Lab setup: for fuzzer and convenience
  9. 9 Lab setup: sniffers
  10. 10 Lab setup: packet sending HW
  11. 11 Lab setup: JackBNimBLE, packet sending SW
  12. 12 Target #1: Texas Instruments WL1835 MOD
  13. 13 Static analysis
  14. 14 Dynamic analysis
  15. 15 Remote code execution bugs
  16. 16 Stack buffer overflow 1 CVE-2019-15948
  17. 17 Attack packet example 1
  18. 18 "Quiet Place" attack
  19. 19 Stack buffer overflow 2 CVE-2019-15948
  20. 20 Attack packet example 2
  21. 21 Target #2
  22. 22 Fuzzing extended advertisements
  23. 23 Difference from the target #1's RCE bug
  24. 24 RCE: heap buffer overflow CVE-2020-15531
  25. 25 Impact assessment

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Sign up for free
Someone learning on their laptop while sitting on the floor.