Internship - Hack a Tooth: Proprietary Bluetooth stack analysis

About Quarkslab

Quarkslab builds cutting-edge cybersecurity solutions used by security-driven companies and institutions around the world. Our QShield product suite focuses on software protection and reverse engineering resistance across desktop, mobile, and embedded platforms.

We’re not in the cloud — we build real software, tested on real systems. If you enjoy diving deep into complex technical environments, automating smart test coverage, and owning quality end-to-end, read on.

Description

A vendor released a SoCs family that support IEEE 802.15.4 and Bluetooth 5.4 PHYs, as well as a set of proprietary stacks that can be installed on these chips to support Bluetooth Low Energy or ZigBee protocols. This SoC is used in the first version of FlipperZero, but its wireless capabilities are not fully leveraged due to limits imposed by the vendors on the RF capabilities.

The SoC provides a secure environment to run proprietary protocol stacks, combined with a pre-provisioned encryption key and a public key to authenticate any stack application pushed into its secure area. The internal RF hardware peripherals are unknown but these stacks could be extracted through a vulnerability found on the SoC family.

This internship is a journey of exploration of a proprietary stack on a wireless SOC.

What you will do

The goals of this internship are:

• Jailbreak a SoC devkit by exploiting a documented vulnerability to allow deployment of a modified stack.

• Reverse-engineer the SoC's RF hardware peripherals and corresponding registers through analysis of one or more stacks.

• Document the RF-related registers and, if identified, any other registers related to different peripherals.

• Implement basic 2.4GHz RX/TX primitives based on the reversed RF hardware peripheral using a devkit

• Setup a FlipperZero application to automate jailbreaking and/or to provide a basic 2.4GHz GFSK scanner/sniffer

At the end of the internship you are expected to present your research project internally to peers, and to communicate it publicly in a blog post, paper or conference talk.

Required Skills

• ARM reverse-engineering (intermediate)

• Embedded exploit development in C/C++ (basic to intermediate)

• Knowledge about how RF hardware peripherals are usually implemented (basic)

Assignment

Contact us to receive an internship challenge to apply.