-
Master Thesis (07/2018)
InternalBlue was initially developed and documented in the Masterthesis by Dennis Mantz. Afterwards the development was continued by SEEMOO. It was awarded with the CAST Förderpreis.
-
MRMCD Talk (09/2018)
The basic framework for Nexus 5 / BCM4339 was presented at the MRMCD Conference 2018 in Darmstadt. The talk was also recorded and includes an overview of the framework as well as two demo usages at the end (Following a Secure Simple Pairing procedure in Wireshark and implementing a proof of concept for CVE-2018-5383).
-
35C3 Talk (12/2018)
More extensions were presented at 35C3 2018 in Leipzig. New features include creating connections to non-discoverable devices. Moreover, we gave a demo of CVE-2018-19860, which can crash Bluetooth on several Broadcom chips. This talk was also recorded and gives a more high level overview.
-
TROOPERS Talk (03/2019)
-
WiSec Paper (05/2019)
Our WiSec paper Inside Job: Diagnosing Bluetooth Lower Layers Using Off-the-Shelf Devices on reversing the Broadcom Bluetooth diagnostics protocol was accepted, demonstrated and got the replicability label.
-
MobiSys Paper (06/2019)
Our MobiSys paper InternalBlue - Bluetooth Binary Patching and Experimentation Framework on the complete InternalBlue ecosystem got accepted.
-
REcon Talk (06/2019)
We gave a talk at REcon, Reversing and Exploiting Broadcom Bluetooth. It provides a first intuition on how to do binary patching in C with Nexmon to change Bluetooth functionality.
-
MRMCD Talk (09/2019)
Our talk Playing with Bluetooth focuses on new device support within InternalBlue and the Patchram state of various devices.
-
Bachelor Thesis (12/2019)
InternalBlue was ported to macOS as part of Davide Toldo's Bachelor Thesis, in which he explores how the Bluetooth stack works in macOS and how it is possible to send and receive HCI and ACL packets through unofficial APIs.
-
36C3 Talk (12/2019)
The rather generic talk All wireless communication stacks are equally broken points out a couple of new research directions and new Bluetooth projects coming up.
-
EWSN Paper & Demo (02/2020)
We did some work on improving blacklisting performance of BLE data connections. Currently in a separate blacklisting branch.
-
CiderSecCon Talk (03/2020)
TROOPERS was canceled, but we did a stream of a talk that was recorded on YouTube.
-
Easterhegg Talks (04/2020)
Easterhegg was canceled, but we streamed via DiVOC. The recordings for the talks about Random Number Generators and Frankenstein are online.
-
WiSec Paper (07/2020)
We looked into Apple's Bluetooth ecosystem, especially MagicPairing, which secures AirPods. For more details, read our paper MagicPairing: Apple's Take on Securing Bluetooth Peripherals.
-
Binary Analysis Research Workshop Paper (01/2021)
We built a tool that can diff raw firmware and benchmarked it on Broadcom/Cypress chips. The source code is on the Polypyus GitHub page. There's also a video and a paper.
-
WiSec Paper (07/2021)
New paper demonstrating that all major operating systems don't show warnings if Bluetooth keys break due to MitM attacks, presented at WiSec. Also see PoC scripts.
-
WiSec Tutorial (07/2021)
Tutorial revisiting the current state of InternalBlue. Basically an update from the REcon 2019 talk, but with more recent explanations, bypassing anti-patching, and explanations on all the operating system specific hooks.