Hacking Bluetooth Low Energy devices with Btlejack
2019-10-22, 10:30–12:00, Hollenfels

This workshop will dive in the Bluetooth Low Energy specifications and teach you how to use Btlejack and its features to hack various BLE devices.

You will learn about the various versions of Bluetooth Low Energy (from 4.0 to 5.1), how to effectively perform reconnaissance, how to sniff and analyze any BLE connection but also many tricks and techniques you can use to ease your analysis. Last but not least, you will also learn how to hijack and disconnect devices and how to manually test any BLE stack for vulnerabilities.

All of this by using (mostly) Btlejack \o/


I. Bluetooth Low Energy 101
I.1. Protocol overview
I.2. Channel map and channel selection algorithms
I.3. Basic PDUs you must know
I.4. Required hardware

II. Reconnaissance
II.1. BLE advertisements
II.2. Enumerating active connections
II.3. (some kind of) Fingerprinting

III. Passive attacks
III.1. Sniffing with Btlejack
III.2. How to determine the chipsets (vendor/version) and BLE version supported by a device
III.3. How to capture and analyze unencrypted BLE communications
III.4. How to break encrypted communications (when possible)

IV. Active attacks
IV.1. Jamming an active BLE connection
IV.2. BLE hijacking
IV.3. Manually testing a BLE stack