Marc-andre Labonte

Penetration tester

Back to the list of Speakers and Sessions

Marc-andre Labonte Penetration tester, Desjardins

Former system administrator at a genomic research lab at McGill University.

Penetration tester, member of the ETTIC team at Desjardins since 2016.

Currently doing research and testing on IOT devices.

Workshop: Automated contact tracing experiment on ESP Vroom32

Workshops are first-come first-serve and have a participant limit. Tickets will be distributed (for free) via Eventbrite starting on May 10, 2021.

This workshop aim to teach practical knowledge of automated contact tracing protocols by implementing the Apple-Google one for Covid19 on a ESP Vroom 32 MCU. A Bluefruit LE sniffer will also be used to observe advertisements sent by devices using the Apple-Google exposure notification protocol.

Workshop should go as follows:

Part 1: Quick review on the Apple-Google exposure notification protocol, split into 3 main parts

1- Broadcast of rolling proximity identifiers over Bluetooth LE and scanning for such identifiers transmitted by nearby devices.

2- Transmission of temporary exposure keys, from which rolling proximity indentifiers are generated, to public health authorities upon diagnosis.

3- Key matching protocol occurring on device to determine if the owner was in close proximity to another user who then tested positive, triggering the notification.

Part 2: Setting up and test the Bluefruit LE sniffer

Part 3: Walk-through of the Bluetooth portion of the protocol code that is to be compiled and flashed on the ESP Vroom 32. That covers the scanning code, the advertising code and critical data structures involved.

Part 4: Build, compile and flash the ESP Vroom32. Run the Bluefruit sniffer to see rolling proximity identifiers being transmitted. Play with timeouts to see identifiers being rotated.

Part 5: Conclusion

Participants should prepare by:

Review of the Google and Apple Documents, procure ESP Vroom 32 and Bluefruit LE sniffer, setup the ESP IDF tool chain.

Setting up the ESP IDF tool chain:

Google and Apple Documents:

Participants must have the following equipment: