0

This post refutes the claim that researchers found a “backdoor” in ESP32 Bluetooth chips. What the researchers highlight (vendor-specific HCI commands to read & write Controller memory) is a common design pattern found in other Bluetooth chips from other vendors as well, such as Broadcom, Cypress, and Texas Instruments. Vendor-specific commands in Bluetooth effectively constitute a “private API”, and a company’s choice to not publicly document their private API does not constitute a “backdoor”.

4 day class covering the full Bluetooth Low Energy (BLE) protocol stack from the bottom (PHY) up to the top (GATT). The core of the class is built around playing with a game application on an Android phone, talking via Bluetooth to an IoT-type piece of hardware, and analyzing the communication between them. The 4th day is focused on assessing a cutomized Ultra-Vulnerable Peripheral firmware, running on Zephyr RTOS, which has had vulnerabilities introduced into it which are representative of vulnerabilities found in the past across many other platforms.

3 day class covering RISC-V RV32I/RV64I assembly, including the “M” extensions. Class is built on Linux with a QEMU RISC-V emulated environment, with code debugged by GDB. Option also exists to use real RISC-V hardware. Option also exists to use Ghidra Software Reverse Engineering (SRE) tool as a debugger.

Variable-length class (1-5 days). This class teaches how to find vulnerabilities in source code, and then how to prevent, detect, or mitigate them. The class teaches vulnerability pattern recognition by walking students through real CVEs. The class structure was originally created for Apple’s internal training for their developers when Xeno worked there.

2 day class covering Intel x86-64 firmware. Class is focused on exploring the baseline security mechanisms provided by Intel to protect the Serial Peripheral Interface (SPI) flash chip where the Unified Extensible Firmware Interface (UEFI) Basic Input Output System (BIOS) is stored on modern systems.

2 day class covering Intel x86-64 OS Internals like privilege rings, model-specific registers (MSRs), segmentation, paging, system calls, interrupts, port IO, and breakpoints. Class is run in Windows with WinDbg-based kernel debugging.

3 day class covering Intel x86-64 assembly. Includes options to run with Windows and WinDbg or Linux and GDB. Option also exists to use Ghidra Software Reverse Engineering (SRE) tool as a debugger.