We hold this truth to be self-evident&#58; SUFFERING BUILDS STRENGTH! In this talk I will walk you through the trials, tribulations, and triumph(!) of the worst debugging setup I've ever hacked together, which I used to reverse engineer the Realtek RTL8761B* family of Bluetooth chips.<p>This work was done because Bluetooth security tools are in an abominable state. We use "CSR4" (Cambridge Silicon Radio) dongles that don't support packets newer than Bluetooth 4.0 (released in 2010!), just to be able to spoof the Bluetooth Device Address (BDADDR) for MitM attacks.<p>Veronica Kovah & I have been creating Bluetooth security classes for <a href="https://ost2.fyi/">OpenSecurityTraining2</a>. And we wanted to use better hardware; ideally something that supports BT 5.4 (released in 2023). So I bought a bunch of cheap dongles off Amazon, and found that most of them used the same RTL8761B chip. So the goal was clear&#58; at a minimum, figure out a way to spoof the BDADDR on these dongles. But I also a set out a nice-to-have stretch goal - to figure out how to use these dongles to send custom LMP packets (which are architecturally not meant to be under full user control.) That way, could replace a bulky and expensive $55 dev board (that is only used for BT Classic), with a cheap and small $14 USB dongle (which has a better antenna to boot!) This would make Blue2thprinting (released at Hardwear.io 2023), and thus Bluetooth reconnaissance & vulnerability assessment, cheaper & better.<p>Bloodied (but not broken) by the ordeal, I achieved my goals and stretch goals. And given that there are no public descriptions of how Realtek Bluetooth chips work, I look forward to sharing hitherto-unknown information about how to navigate and understand these mostly-16-bit-MIPS-code systems. And I'll discuss how their ROM-"patch"ing firmware update mechanism works, how you can patch it to change its code too, and the security implications thereof.

Now in private beta: an AI agent that thinks like a security researcher and scales to meet the demands of modern software.

​The Pwn2Own Ireland 2025 hacking competition has ended with security researchers collecting $1,024,750 in cash awards after exploiting 73 zero-day vulnerabilities.

AWS outage has taken down millions of websites, including Amazon.com, PrimeVideo, Perplexity AI, Canva and more.

A Turing collaboration with the AI Security Institute and Anthropic will help to protect AI models from misuse

Microsoft is disabling the best local account workarounds

What happens when quantum computers can finally crack encryption and break into the world’s best-kept secrets? It’s called Q-Day—the worst holiday maybe ever.

Apple has released a security update for macOS, iOS, iPadOS, and visionOS to patch a serious bug (CVE-2025-43400) in how devices handle fonts.

Contribute to Bin4ry/UniPwn development by creating an account on GitHub.