ESP32 Forum

Dear, all

Espressif has made available a patch for a BrakTooth Vulnerability which can trigger arbitrary code execution on ESP32 via
Bluetooth Classic (BR/EDR) for those using Espressif dual mode stack or HCI-UART mode with a third-party stack.
BrakTooth disclosure: https://asset-group.github.io/disclosures/braktooth/

ESP-IDF commit with the patch: https://github.com/espressif/esp-idf/tr ... 598d9fc172
Advisory from Espressif: https://www.espressif.com/sites/default ... visory.pdf

Video of the attack: https://www.youtube.com/watch?v=F7VjuOiUsNk

Thanks for info.

This is also nice:

As part of our work of reverse engineering ESP32 BT stack, we are releasing to the community a low-cost BT Classic (BR/EDR) Active Sniffer which is available at the following URL:

https://github.com/Matheus-Garbelini/es ... ic_sniffer

Is there any information how sniffer work? There is no source code for esp32 firmware in gtihub repo.

jki131 wrote: ↑

Sun Sep 05, 2021 7:42 pm

Is there any information how sniffer work? There is no source code for esp32 firmware in gtihub repo.

Yes. Check again the repo. It was just updated.

Thanks for posting the link to the advisory from Espressif. This was the only place I could actually find it.

Do you know how these get published by Espressif? Is there some list I can subscribe to to be alerted when one of these advisories is posted? I can't see if in their website's news section.

Subscribe the "Advisories" via https://www.espressif.com/en/subscribe