NexMon is a firmware patching framework for the BCM4339 WiFi firmware of Nexus 5 smartphones.
Joined August 2016
- Tweets 156
- Following 74
- Followers 755
- Likes 87
7 Photos and videos
Meet the MASTERS of wireless reverse engineering! @kalilinux NetHunter Episode 2 is out now! It was a pleasure to have the @nexmon_dev team on 📱⌚📡 @offsectraining youtu.be/6FNd77iu2W0
1
4
42
18,895
NexMon retweeted
17 May 2022
We just won the @acm_wisec best paper award for our paper about @AirGuardAndroid 🥳
9
41
NexMon retweeted
25 Feb 2022
We published a pre-print paper about AirGuard. How does the app work? How does it perform against the iOS tracking detection and what can we learn from the anonymous data shared by the user?
arxiv.org/abs/2202.11813
10
21
NexMon retweeted
29 Apr 2021
The remaining @acm_wisec tutorials are online: open-sourcing research projects by Milan (@seemoolab), firmware reverse engineering with Ghidra by @ghidraninja, firmware rehosting with avatar2 by @nSinusR and details on a 5G testbed by @gvinevere (@5g_lab & @ComNets_TUD).
5 Mar 2021
A new tutorial format at @acm_wisec features practical tools for wireless research. 👩💻📱📶
SDR intro by @bastibl, baseband fuzzing by @domenuk, iOS in-process fuzzing by @ttdennis & Bluetooth firmware mods by me. Ping me if you want to join as speaker.
sites.nyuad.nyu.edu/wisec21/…
13
37
NexMon retweeted
29 Apr 2021
The paper is online – reverse engineered details on WiFi password sharing and Handoff on Apple devices.
usenix.org/system/files/sec2…
9 Dec 2020
Our paper “Disrupting Continuity of Apple’s Wireless Ecosystem Security” has been accepted by Usenix Security 21.
It details in reverse-engineering private protocols on Apple‘s Hard- & Software and it includes two reversed protocols: Handoff and WiFi Password Sharing.
#usesec21
11
18
24 Apr 2021
Very nice that you finally found the shared memory regions between Wi-Fi and Bluetooth chip. As nexmon just patches the Wi-Fi firmware before loading it, we could try to load a patched Wi-Fi firmware using the Bluetooth chip and then reset the Wi-Fi chip to start it.
24 Apr 2021
Code execution on a Broadcom Bluetooth chip leads to code execution within Wi-Fi. This has a couple of interesting implications for utilizing Wi-Fi without @nexmon_dev 📱, Wi-Fi debugging 🐛, and exploitation 💥
More details on CVE-2020-10367 (unpatched): naehrdine.blogspot.com/2021/…
6
4 Apr 2021
Happy Easter! Today I published our monitor mode and frame injection patches for the BCM4375 Wi-Fi chips installed in Samsung Galaxy S10 and S20 smartphones.
I am still looking for access to a Galaxy S21 to analyze its firmware. nexmon.org #nexmon
1
7
27
NexMon retweeted
4 Mar 2021
We reverse-engineered @Apple's Find My network for tracking offline #Bluetooth devices. Corresponding paper at @PET_Symposium. Create your own #AirTags today: github.com/seemoo-lab/openha…
1
35
58
6 Feb 2021
Who has a Galaxy S21 and could give me access to the BCM4389 WiFi 6e firmware files? And maybe remotely to the device to dump the chip's ROM?
4
3
9
24 Aug 2020
Take a look at github.com/reinhardh/dna_rs_… to decode the first episode of biohackers encoded in DNA on de.biohackersnetflix.com/
NexMon retweeted
21 May 2020
It's online! Bluetooth RCE == Wi-Fi RCE. Say hello to Spectra, the concept of breaking wireless chip separation as they share the same spectrum. #BlackHat
blackhat.com/us-20/briefings…
5
134
344
NexMon retweeted
27 Apr 2020
Since people were asking how it works internally, here is Jan's final presentation, which covers the most important aspects why ARM Thumb2 disassembly was problematic and how the binary-only approach works. (9/8)
github.com/seemoo-lab/polypy…
1
2
6
NexMon retweeted
10 Apr 2020
Jan just released Frankenstein, the Broadcom/Cypress Bluetooth firmware emulator that enables fuzzing and further kinds of debugging. It works within a fully-functional Linux BlueZ stack and features virtual modem input. (1/2)
github.com/seemoo-lab/franke…
3
110
244
29 Mar 2020
Someone turned the Raspberry Pi into a GSM text message sniffer without any extra hardware using the Broadcom Bluetooth chip:
heise.de/select/ct/2020/8/20…
github.com/huhtikuu/huhtikuu
1
5
10
29 Mar 2020
:-( Unfortunately only an April Fool, it would have been so nice ...
3
7
NexMon retweeted
26 Mar 2020
Qualcomm QCACLD with monitor mode is served.
Brings sniffer capabilities to a bunch of Android devices.
I'll update the paper as we go this week,
but now, ENJOY!
@aircrackng @kalilinux @nexmon_dev
@digi_no @TheHackersNews
github.com/kimocoder/qualcom…
22
37
104
20 Jan 2020
Jiska finally defended her PhD today. If you are into Bluetooth Firmware hacking, read her thesis ;-)
20 Jan 2020
My PhD hat has Bluetooth. The implementation is trustworthy because Milan, our AirDrop hacker, built it 😍 #phdjiska
2
1
8
NexMon retweeted
5 Jan 2020
While you are all about hacking and breaking things, we built some cool wireless stuff with InternalBlue and @nexmon_dev, which we will present at #EWSN2020, February 17-19, Lyon, France. Happy to meet and chat if you are around, either at the conference or in Lyon.
1
3
7
NexMon retweeted
29 Dec 2019
36C3: Vertraue keinem Bluetooth-Gerät – schon gar nicht im vernetzten Auto heise.de/newsticker/meldung/… #36c3 #36C3
1
39
55