Hacking Bluetooth Firmware of WiFi Combo Chips in Smartphones

Master Thesis

in progress

Analysis: 6
Empiricism: 4
Implementation: 10
Literature Research: 5


After reverse engineering the firmware of BCM4339 WiFi chips, we now intend to continue with the Bluetooth tranceiver that is included in the chip. In this thesis, you will extract the Bluetooth firmware, analyze how it interacts with the WiFi core and how we can use it to perform attacks or extend the capabilites of Bluetooth in a smartphone.

Here are some references, of our previous work:

[1] M. Schulz, D. Wegemer, M. Hollick. DEMO: Using NexMon, the C-based WiFi firmware modification framework, Proceedings of the 9th ACM Conference on Security and Privacy in Wireless and Mobile Networks, WiSec 2016, July 2016. [pdf]

[2] M. Schulz, D. Wegemer and M. Hollick. NexMon: A Cookbook for Firmware Modifications on Smartphones to Enable Monitor Mode, CoRR, vol. abs/1601.07077, December 2015. [bibtex]


Student: Dennis Mantz

Research Areas: Sichere Mobile Netze



Prof. Dr.-Ing. Matthias Hollick

Technische Universität Darmstadt
Department of Computer Science
Secure Mobile Networking Lab 

Mornewegstr. 32 (S4/14)
64293 Darmstadt, Germany

Phone: +49 6151 16-25472
Fax: +49 6151 16-25471


A A A | Drucken Drucken | Impressum Impressum | Sitemap Sitemap | Suche Suche | Kontakt Kontakt | Webseitenanalyse: Mehr Informationen
zum Seitenanfangzum Seitenanfang