Watch the stream
Workshop should go as follows:
Part 1: Quick review on the Apple-Google exposure notification protocol, split into 3 main parts
1- Broadcast of rolling proximity identifiers over Bluetooth LE and scanning for such identifiers transmitted by nearby devices.
2- Transmission of temporary exposure keys, from which rolling proximity indentifiers are generated, to public health authorities upon diagnosis.
3- Key matching protocol occurring on device to determine if the owner was in close proximity to another user who then tested positive, triggering the notification.
Part 2: Setting up and test the Bluefruit LE sniffer
Part 3: Walk-through of the Bluetooth portion of the protocol code that is to be compiled and flashed on the ESP Vroom 32. That covers the scanning code, the advertising code and critical data structures involved.
Part 4: Build, compile and flash the ESP Vroom32. Run the Bluefruit sniffer to see rolling proximity identifiers being transmitted. Play with timeouts to see identifiers being rotated.
Part 5: Conclusion
Participants should prepare by:
Clone the repository on GitHub https://github.com/Marc-andreLabonte/MCUTrace
Review of the Google and Apple Documents, procure ESP Vroom 32 and Bluefruit LE sniffer, setup the ESP IDF tool chain.
Setting up the ESP IDF tool chain: https://docs.espressif.com/projects/esp-idf/en/latest/esp32/get-started/
Google and Apple Documents:
Participants must have the following equipment:
- Bluefruit bluetooth sniffer, e.g. this one from Mouser -The Android application "Beacon Scope" would work for those who don't have the sniffer.
ESP Vroom 32 development board, e.g. this one from Amazon
The NSEC 2021 badge is also using the ESP32 and works for the workshop
Marc-andre Labonte Penetration tester, Desjardins
Marc-andre Labonte was a system administrator for more than a decade at the McGill Genome Center while it was known as the McGill University and Genome Quebec Innovation Center. There, he took part in the design, deployment, operation and maintenance of the data center as it went through multiple upgrade cycles to accommodate ever powerful high throughput genome sequencers coming to market.
Then, he joined the ETTIC team at Desjardins in 2016 as infrastructure penetration tester. Currently doing research and testing on IOT devices, he also presented "Leveraging UART, SPI and JTAG for firmware extraction" workshop at NSEC in 2019. His work is motivated by curiosity and a strong sense of personal privacy in a world of connected devices and data hungry organizations.