Hi, the specific commit which fixes all BrakTooth BT issues on ESP32 is this one:
https://github.com/espressif/esp-idf/co ... 598d9fc172

jki131 wrote: ↑

Sun Sep 05, 2021 7:42 pm

Is there any information how sniffer work? There is no source code for esp32 firmware in gtihub repo.

Yes. Check again the repo. It was just updated.

Dear, all Espressif has made available a patch for a BrakTooth Vulnerability which can trigger arbitrary code execution on ESP32 via Bluetooth Classic (BR/EDR) for those using Espressif dual mode stack or HCI-UART mode with a third-party stack. BrakTooth disclosure: https://asset-group.github.io/dis...

We actually have something in progress for BT interrupts internally. Should make it to the master branch shortly. From what I can see, it just saves all 64 registers plus WINDOWBASE and WINDOWSTART and switches to a new stack. Whatever state the registers are in will be saved that way. By the way, ...

We actually have something in progress for BT interrupts internally. Should make it to the master branch shortly. From what I can see, it just saves all 64 registers plus WINDOWBASE and WINDOWSTART and switches to a new stack. Whatever state the registers are in will be saved that way. Thank you, s...

Actually, that's not entirely true. The crux of the issue is that a high-level interrupt can pre-empt a windowing exception, meaning the register stack can be in an unknown state. C code assumes it can happily use the windowed ABI and would corrupt it. Oh My God!!! Thank you so much for this answer...

Dear all, I've seen on the oficial Espressif Documentation and also some comments around that High interrupt is not usually used or cannot be used with C functions. Is there a reason why? Is it because of the DPORT workaround which sometimes causes the cores to hang?