# InternalBlue - Bluetooth Binary Patching and Experimentation Framework

**Authors:** Dennis Mantz, Jiska Classen, Matthias Schulz, Matthias Hollick

arXiv: 1905.00631 · 2019-05-03

## TL;DR

InternalBlue is a comprehensive framework for reverse engineering, modifying, and testing Bluetooth chipsets, enabling security research, vulnerability discovery, and firmware customization on a wide range of devices.

## Contribution

The paper introduces InternalBlue, a novel open-source framework for deep Bluetooth chipset analysis and modification, surpassing existing tools by enabling hardware-level experimentation and security testing.

## Key findings

- Discovered a critical security vulnerability in Broadcom Bluetooth chipsets.
- Developed a versatile framework capable of patching and enhancing Bluetooth firmware.
- Demonstrated practical applications including vulnerability testing and firmware fixing.

## Abstract

Bluetooth is one of the most established technologies for short range digital wireless data transmission. With the advent of wearables and the Internet of Things (IoT), Bluetooth has again gained importance, which makes security research and protocol optimizations imperative. Surprisingly, there is a lack of openly available tools and experimental platforms to scrutinize Bluetooth. In particular, system aspects and close to hardware protocol layers are mostly uncovered.   We reverse engineer multiple Broadcom Bluetooth chipsets that are widespread in off-the-shelf devices. Thus, we offer deep insights into the internal architecture of a popular commercial family of Bluetooth controllers used in smartphones, wearables, and IoT platforms. Reverse engineered functions can then be altered with our InternalBlue Python framework---outperforming evaluation kits, which are limited to documented and vendor-defined functions. The modified Bluetooth stack remains fully functional and high-performance. Hence, it provides a portable low-cost research platform.   InternalBlue is a versatile framework and we demonstrate its abilities by implementing tests and demos for known Bluetooth vulnerabilities. Moreover, we discover a novel critical security issue affecting a large selection of Broadcom chipsets that allows executing code within the attacked Bluetooth firmware. We further show how to use our framework to fix bugs in chipsets out of vendor support and how to add new security features to Bluetooth firmware.

## Full text

_Full body text omitted from this summary view._ Fetch the complete paper as Markdown: https://tomesphere.com/paper/1905.00631/full.md

## Figures

12 figures with captions in the complete paper: https://tomesphere.com/paper/1905.00631/full.md

## References

36 references — full list in the complete paper: https://tomesphere.com/paper/1905.00631/full.md

---
Source: https://tomesphere.com/paper/1905.00631