README

Repository about Bluetooth Impersonation AttackS (BIAS).

• Instruction to perform the BIAS attacks
• Code to patch linux-4.14.111 to enable H4 parsing
  • Make sure to install the relevant kernel modules to interface with the devboard. For example, USB serial drivers and device drivers for the Bluetooth subsystem.
• Code to validate the legacy authentication procedure
• Code to validate the secure authentication procedure

Related work:

• BIAS: Bluetooth Impersonatoin AttackS [S&P20]
• The KNOB is Broken: Exploiting Low Entropy in the Encryption Key Negotiation of Bluetooth BR/EDR [SEC19]

I'd like to thank Nils Glörfeld for his contributions to reverse-engineer and patch the CYW920819 development board's firmware, and to patch the Linux kernel.