hacking_ble_smartwatch @idsecconf2019 cirebon

Information about hacking_ble_smartwatch @idsecconf2019 cirebon

Published on March 18, 2019

Author: Ramaporter

Source: slideshare.net

Content

1. Hacking BLE SmartWatch IDSECCONF 2019, Cirebon SMRX86

2. Agenda   Basic BLE Relevan Research Amazfit BIP Authentification   Exploitation

3. #whoami   Independent security researcher.   My job is doing trick to impress client.   Speaker Idsecconf 2013, 2014, 2015, etc.

4. Relevan Research   Leo Soares. “Mi Band 2, Part 1: Authentication.”, Internet: https:// leojrfs.github.io/writing/miband2-part1-auth/, Nov. 25, 2017.   David Lodge, “Reverse Engineering BLE from Android apps with Frida”, Internet: https://www.pentestpartners.com/security-blog/reverse-engineering- ble-from-android-apps-with-frida/, Feb 23, 2018.

5. BASIC BLE IDSECCONF 2019, Cirebon SMRX86

6. BLE Communication Layer

7. Characteristic & Handle

8. Characteristic & Handle

9. Trial & Error/Succes IDSECCONF 2019, Cirebon SMRX86

10. GATTACKER (active sniffing)

11. (Unseccesful) GATTACKER

12. Android_hcidump

13. Android_hcidump

14. (Active Sniffing) FRIDA

15. (Active Sniffing) FRIDA

16. (Active Sniffing) FRIDA

17. (Active Sniffing) FRIDA

18. (Active Sniffing) FRIDA WHERE IS CHAR UUID & HANDLE

19. FRIDA + Android_hcidump

20. Mapping Authentification IDSECCONF 2019, Cirebon SMRX86

21. Authentification Procedure

22. POC

23. POC script is adjustment of recent @leojrs (0x08 > 0x00)

24. POC

#whoami presentations

Zer 0 no zer(0 day)   dragon jar
25. 09. 2020
0 views

Zer 0 no zer(0 day) dragon jar

Related presentations