Alligator 2018

BLE hacking workshop



In this workshop you will get familiar with the basics of BLE security. We will work on a dedicated, readily available BLE hardware nRF devkit device. In a minutes you will turn into embedded developer and learn how to program your own BLE device yourself, using a free web interface and ready templates. Next, from attacker’s perspective, we will cover among others: sniffing, spoofing, MITM, replay and relay. Having enough time, we will play with a collection of vulneraBLE smart locks, sex toys and other devices. The takeaway hardware included will allow you to experiment and repeat the exercises later at home.

The hardware pack includes:

  • nRF BLE devkit that can be flashed as a BLE RF sniffer, or a BLE device to attack
  • ST-Link debugger for flashing the devkit firmware
  • 2xBLE USB dongles

Please bring:

  • contemporary laptop that can run Kali Linux in VM (like 4 GB RAM, 20G disk space), with VM software of your choice installed (virtualbox or vmware), and at least 2 USB ports available
  • smartphone with BLE support, preferably Android (at least 4.3), or iPhone (at least 4s)
  • if you have Raspberry Pi 3 or BBC micro:bit, you can bring it too
  • you can also bring your own BLE devices

Rules of the Alligator

  • You do not talk about Alligator.
  • You do not talk about Alligator.

The venue address and the location of all parties will be revealed at the last possible moment only to those who were invited, and you should not reveal it to anyone else.

comments powered by Disqus