Proceedings of the 17th Annual International Conference on Mobile Systems, Applications, and Services 2019
DOI: 10.1145/3307334.3326089
|View full text |Cite
|
Sign up to set email alerts
|

InternalBlue - Bluetooth Binary Patching and Experimentation Framework

Abstract: Bluetooth is one of the most established technologies for short range digital wireless data transmission. With the advent of wearables and the Internet of Things (IoT), Bluetooth has again gained importance, which makes security research and protocol optimizations imperative. Surprisingly, there is a lack of openly available tools and experimental platforms to scrutinize Bluetooth. In particular, system aspects and close to hardware protocol layers are mostly uncovered.We reverse engineer multiple Broadcom Blu… Show more

Help me understand this report
View preprint versions

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
1
1
1

Citation Types

0
41
0

Year Published

2021
2021
2024
2024

Publication Types

Select...
4
3
1

Relationship

1
7

Authors

Journals

citations
Cited by 43 publications
(41 citation statements)
references
References 8 publications
0
41
0
Order By: Relevance
“…To this end, there have been various research efforts [9,[13][14][15][16][17] working on simple and low-cost Bluetooth sniffing systems and their applications. These efforts are boosted with the introduction of an open source Bluetooth sniffing platform called Ubertooth [10].…”
Section: Related Workmentioning
confidence: 99%
See 1 more Smart Citation
“…To this end, there have been various research efforts [9,[13][14][15][16][17] working on simple and low-cost Bluetooth sniffing systems and their applications. These efforts are boosted with the introduction of an open source Bluetooth sniffing platform called Ubertooth [10].…”
Section: Related Workmentioning
confidence: 99%
“…Among several options, we utilize InternalBlue which can be used for the collection. InternalBlue [17] is a Bluetooth research and analysis framework that can analyze Link Management Protocol (LMP) packets by modifying the firmware of Broadcom Bluetooth chipset. Since AFH maps in Bluetooth Classic connections can be extracted through LMP packets with InternalBlue, we can successfully collect the actual AFH maps using InternalBlue.…”
Section: Related Workmentioning
confidence: 99%
“…Note that it is not possible to use the original version of Internal-Blue [19] for injecting different keys into the controller, because the controller would ask the host for a key belonging to a specific address, expecting a single response. Prior to the hooks we published along with this paper, InternalBlue only supported injecting commands but could not replace contents of existing commands.…”
Section: Hooking Into Bluetooth Stacksmentioning
confidence: 99%
“…We further analyze this by connecting the Samsung Galaxy Note20 5G to a Google Nexus 5. The Nexus 5 is rather old, but supports Link Management Protocol (LMP) sniffing via InternalBlue [19] and features SSP with BT 4.1. During the secure authentication phase, the initiator and responder can both end the connection with an LMP_DETACH packet containing the error code Authentication Failure [7, p. 622].…”
Section: Bluetooth Controllers and Lmpmentioning
confidence: 99%
“…The InternalBlue framework [4] takes advantage of some vendorspecific commands and allows to easily dump, analyse and patch firmware embedded in Bluetooth controllers from Broadcom and Cypress, which are common in the wild. First, it allowed us to dynamically instrument the firmware to understand its internals.…”
Section: Firmware Reverse Engineering 21 Internalblue Frameworkmentioning
confidence: 99%