@xenokovah.bsky.social
Interested in reverse engineering, firmware, bluetooth, trusted computing, and training. Founder of OpenSecurityTraining2 https://ost2.fyi
π€
βοΈπ§ βSummarization is the last refuge of the scoundrel!β
π
Added 24 summary slides to see how much work I have left to doβ¦current slide count is 266. Thoughts and prayers appreciated π (but realistically this deck will form the basis for a future βRE like me: Realtek editionβ class)
15.10.2025 13:01 β π 2 π 0 π¬ 1 π 0
#Doomscrolling
13.10.2025 11:53 β π 0 π 0 π¬ 0 π 0
And a new paid 3-day training with @veronicakovah.bsky.social where we take you from the bottom of the stack to the top, to build the next generation of Bluetooth Low Energy hackers! (hardwear.io/netherlands-...)
Anticipate many more BT hackers in a couple years, and prepare accordingly ;)
a free workshop (hardwear.io/netherlands-...) (where you get to borrow some of my hardware to get a taste of my free 1-day #OST2 class ost2.fyi/BT2222)β¦
13.10.2025 11:51 β π 1 π 0 π¬ 1 π 0
π§΅Alright! I pulled off the hat trick π© at hardwear.io this November! I've got a talk on 100% new firmware reverse engineering research (hardwear.io/netherlands-... tagline:SUFFERING BUILDS STRENGTH!)β¦
13.10.2025 11:50 β π 1 π 1 π¬ 1 π 0Thatβs it for now! LMK anything missing on the timeline!
13.10.2025 11:25 β π 0 π 0 π¬ 0 π 02024-06-06
"Breaktooth: Breaking Security and Privacy in Bluetooth Power-Saving Mode"
By Keiichiro Kimura et al.
Added to the Bluetooth Security Timeline: darkmentor.com/bt.html#Brea...
2024-12-27
"From fault injection to RCE: Analyzing a Bluetooth tracker"
By Nicolas Oberli
Added to the Bluetooth Security Timeline: darkmentor.com/bt.html#From...
π§΅And because apparently I can only thread to 10, the thread continues here!
13.10.2025 11:25 β π 1 π 0 π¬ 1 π 02025-03-20
"CVE-2024-58101" (Samsung Galaxy Buds 1/2)
By Antonio VΓ‘zquez Blanco & JesΓΊs MarΓa GΓ³mez Moreno
Added to the Bluetooth Security Timeline: darkmentor.com/bt.html#CVE-...
2025-06-24
"Using KT6368A-SOP8 Bluetooth Host Chip to Receive Tire Pressure Sensor Data on E-Bikes"
By Junluan Tsui
Added to the Bluetooth Security Timeline: darkmentor.com/bt.html#Usin...
2025-06-17
"Watch Out! Bluetooth Analysis of the COROS PACE 3"
By Moritz Abrell
Added to the Bluetooth Security Timeline: darkmentor.com/bt.html#Watc...
2025-07-03
Stealtooth: Breaking Bluetooth Security Abusing Silent Automatic Pairing
By Keiichiro Kimura et al.
Added to the Bluetooth Security Timeline: darkmentor.com/bt.html#Stea...
2025-07-21
"Firmware Analysis of the COROS PACE 3"
By Jan WΓΌtherich
Added to the Bluetooth Security Timeline: darkmentor.com/bt.html#Firm...
2025-08-21->09-04
"Start hacking Bluetooth Low Energy today! (parts 1-3)"
By Sam Thom
darkmentor.com/bt.html#Star...
2025-09-17
"The Cybersecurity of a Humanoid Robot"
By VΓctor Mayoral Vilches
darkmentor.com/bt.html#The%...
2025-09-20
"Unitree Robot BLE Service Command Injection Analysis"
By Andreas Makris, Kevin Finisterre
darkmentor.com/bt.html#Unit...
2025-09-25
"Hacking Furbo - A Hardware Hacking Research Project β Part 5: Exploiting BLE"
By Julian B.
darkmentor.com/bt.html#Hack...
π΅π¦·πππβΌοΈBluetooth Security Timeline Update 2025-10-11!π§΅
11 new talks from 2024-2025 added to the Bluetooth Security Timeline at
darkmentor.com/bt.html
WiFi security researchers: I want to get a TX amp to let my BT research tools connect back to further-away advertisers. Iβm considering www.digikey.com/en/products/... . Is there a better option thatβs used in the WiFi space that I could be considering?(Needs to work with USB BT dongles)
11.10.2025 17:15 β π 0 π 1 π¬ 0 π 0πWe're happy to announce OST2 now has over 31k students registered! π₯³ By the time we noticed we crossed the 30k mark, we were already at 30.5, so we figured we'd wait for 31k, which is now!π
πKudos to all the students taking and finishing classes!π
We have made Francesco Pollicino's "Fuzzing 1001: Introductory Fuzzing" class playlist public here: www.youtube.com/playlist?lis... for those who'd like to download the videos for offline consumption.
10.10.2025 11:53 β π 4 π 2 π¬ 1 π 0If elected to the role of Global Supreme Documentation Overlord Czar, I promise a chicken in every pot, and a README.md in every subfolder!
06.10.2025 22:39 β π 3 π 0 π¬ 0 π 0But I know some people would prefer to read rather than listen (and videos have poor random-access properties, even with subtitles). So I'll continue to think on it.
03.10.2025 11:06 β π 0 π 0 π¬ 0 π 0Iβm not sure if I want to create a whitepaper for this or not. I feel like slides with animations are a much more effective and succinct way to get across what Iβm trying to say, compared to e.g. taking a half-page to saying the same thing as 3-4 animated slides...
03.10.2025 11:06 β π 0 π 0 π¬ 1 π 0The good news is also the bad news: 2 days of slide-making and Iβm over 100 slidesβ¦to describe the first 5 days of the work π¬ Thereβs no way Iβm going to be able to include everything in the talk. Iβll post a βKovah Cutβ on the DarkMentor website like in the past, but may have to break into 2 talks
03.10.2025 10:59 β π 3 π 0 π¬ 1 π 1Mad props to the Realtek people for making their stuff Just Work in Linux in the first place, and of course the Linux contributors. (Of course...I'm not saying this completely-unverified firmware architecture is a good *security* architecture...but that's a point for a different time π)
01.10.2025 13:36 β π 0 π 0 π¬ 0 π 0I am quite simply gobsmacked that this worked on the first try! Nothing's ever this easy on Linux! π€―
01.10.2025 13:36 β π 0 π 0 π¬ 1 π 0When I compress the output file and put it in to /lib/firmware/rtl_bt/rtl8761bu_fw.bin.zst on Ubuntu 24.04, all attached RTL8761B-based USB BT dongles Just Work with a patched BDADDR and clear presence of the custom LMP packet logging capability!
01.10.2025 13:36 β π 0 π 0 π¬ 1 π 0
