Hacking ble smartwatch
0 likes281 views
The document discusses hacking a BLE smartwatch. It begins with an introduction of the speaker as an independent security researcher. It then covers relevant research on authenticating Mi Band 2 and reverse engineering BLE from Android apps. The rest of the document discusses the speaker's process of discovering the authentication procedure of a smartwatch by using tools like GATTACKER, Android hcidump, and FRIDA to actively sniff the communication and map out the characteristic UUIDs and handles. It concludes with a proof-of-concept script to demonstrate altering the authentication by adjusting a recent proof-of-concept from another researcher.
Hacking ble smartwatch
- 1. Hacking BLE SmartWatch IDSECCONF 2019, Cirebon SMRX86
- 2. #whoami Independent security researcher. My job is doing trick to impress client. Speaker Idsecconf 2013, 2014, 2015, etc.
- 3. Relevant Research Leo Soares. “Mi Band 2, Part 1: Authentication.”, Internet: https:// leojrfs.github.io/writing/miband2-part1-auth/, Nov. 25, 2017. David Lodge, “Reverse Engineering BLE from Android apps with Frida”, Internet: https://www.pentestpartners.com/security-blog/reverse-engineering- ble-from-android-apps-with-frida/, Feb 23, 2018.
- 4. BASIC BLE IDSECCONF 2019, Cirebon SMRX86
- 9. Trial & Error/Success IDSECCONF 2019, Cirebon SMRX86
- 13. Android_hcidump
- 14. (Active Sniffing) FRIDA (mifit ver 3.3.2)
- 15. (Active Sniffing) FRIDA (mifit ver 3.3.2)
- 18. (Active Sniffing) FRIDA WHERE IS CHAR UUID & HANDLE
- 22. POC
- 23. POC script is adjustment of recent @leojrs (0x08 > 0x00)
- 24. POC
- 25. Thanks…