People used to do this at tech conferences, but using Twitter. Someone would start a hashtag and people would jump in. There was always a fun side-channel going with people commenting on what was being presented on the main stage.

Fun times, before… sigh

I tried to offer a gentler backgrounder on this HCI business: https://lemmy.ml/comment/17160273

The opcodes that actually jumped out at me more than the undocumented ones were the ones that erases the flash.

But the conclusion stands. None of this is a ‘backdoor’ unless you can secretly access it from the wireless side and nothing in the presentation points to that. If I had to guess, the opcodes are for QA and tuning on the manufacturing line.

ARM is a UK-based company. If they hadn’t dropped out of EU, it’s possible they would have settled on an ARM-based supercomputer design.

Chalk it up to another WIN for Brexit!

Pull up a chair and pour yourself a stiff beverage…

TLDR: Don’t Panic.

If you have a regular old processor (MCU) and want to give it wireless capability, you can buy a wireless chip and stick it next to the processor, then have the MCU talk to it through a wired connection (typically UART or SPI). Think of it as the old ATDT commands that had your PC control your old screeching modems.

To standardize this communication protocol, folks came up with the Host Controller Interface (HCI) so you didn’t have to reinvent that protocol for every new chip. This was handy for people on the MCU side, since they could write firmware that worked with any wireless chip out there, and could swap out for a cheaper/faster one with minimal change.

Fast forward to the era of integrated MCU+wireless, where you had a little ARM or other lightweight processor plus a little radio, and the processor could run programs in a high-level API that abstracted out the low level wireless stuff. Plus, you could use the same radio for multiple wireless protocols, like BLE, wifi, ANT, etc. Nordic and TI were early adopters of this method.

Typically, it was the vendor’s own processor talking to their own wireless module, but they still implemented the full HCI interface and let it be accessed externally. Why? So if your design needed an extra beefy processor and used the MCU+wireless chip as a simple communication module, this would still work. The teeny MCU could be used to run something extra in parallel, or it could just sit idle. A typical example could be a laptop or cell phone. The little MCU is too small for everything else, so you pair it with a big chip and the big chip drives the little chip through HCI.

Sure, it would be cheaper if you just went with a basic ‘dumb’ wireless chip, as folks from CSR, Broadcom, and Dialog kept pointing out. But the market demanded integrated chips so we could have $10 activity trackers, fancy overpriced lightbulbs, and Twerking Santas (https://www.amazon.com/twerking-santa-claus/s?k=twerking+santa+claus).

For integrated MCU+wireless chips, most vendors didn’t release the super low-level firmware that ran between them. There was no need. It was internal plumbing. They exposed SDKs so you could control the wireless chip, or high-level Bluetooth/wifi APIs so you could connect and talk to the outside world in a few lines of code. These SDKs were unique to each vendor (like Nordic’s nRF Connect library, or TI’s SimpleLink SDK).

Then along came Espressif out of Shanghai, China with a combo chip (ESP8266) that offered processor + wifi and was so cheap and easy to program that it took the hobbyist market by storm. Oh, god… so many LED light strips, perfect for Christmas and blinky EDM lightup outfits (hello, Adafruit: https://www.adafruit.com/category/65).

Fast forward and Espressif drops the ESP32. A bigger, faster Tensilica Xtensa processor, with built-in flash storage, plus wifi, Bluetooth, and BLE in one place. Plus lots of peripherals, busses, and IO pins. Also, running FreeRTOS and eventually Arduino SDKs, and MicroPython. All for less than $5! It took off like a rocket. So many products. Plus, you could run them as little webservers. Who doesn’l love a little webserver in their pocket?

It’s gone through a few variations, including swapping out the Tensilica with an open-source RISC-V MCU, but otherwise it’s a massive seller and the gateway drug for most IoT/Smarthome nerds.

So along come these Tarlogic researchers, looking to build a direct USB to bluetooth library. This way, you can drive the wireless from, say Linux, directly. There are already BLE to USB stacks, but this one is giving access at the HCI level, in a C library. Handy if you’re doing research or developing drivers, but not the sort of thing your typical DIY person needs.

As part of their process, the researchers decide to dump the really low level ESP32 firmware and reverse engineer it.

A typical HCI implementation is a giant event loop that handles HCI opcodes and parameters. Host wants to talk to the outside world, it sets up some registers, configures the unique MAC address, then opens a channel and starts sending/receiving (hopefully without the modem screeching tones). There are typical packet encoders and decoders, multiple ISO/TCP layers, and the sort of thing that most people assume somebody else has gotten right.

For fancier implementations, there may be interrupt or DMA support. Sometimes, there’s a multi-tasking part under the hood so they can time-slice between wifi, bluetooth, and ble (aka Fusion or Coexistence support). Not that you should care. The internals of this stuff is usually nobody’s business and the vendors just include a binary blob as part of their SDK that handles things. The host systems just talk HCI. The wireless side talks HCI on the wired side, and wireless on the radio side. Everyone’s happy.

In the process of reverse engineering the low-level HCI blob, these researchers found a few extra undocumented HCI opcodes. They’re not sure what they’re for, but according to their presentation (https://www.documentcloud.org/documents/25554812-2025-rootedcon-bluetoothtools/) if my super rusty Spanish holds up, it has to do with setting MAC addresses and handling low-level Link-Level Control Protocol communications (https://www.ellisys.com/technology/een_bt10.pdf).

Now in an of itself, this is no big deal. ESP32s already let you easily set your own temporary MAC address (https://randomnerdtutorials.com/get-change-esp32-esp8266-mac-address-arduino/), so there has to be a way to override the manufacturer one. And LLCP management is a totally geeky low-level thing that the MCU needs when handling wireless packets. There are perfectly good reasons why the opcodes would be there and why Espressif may not have documented them (for example, they could be used only during manufacturing QA).

So the original presentation is a teeny bit of an exaggeration. Yes, the opcodes exists. But are they nefarious? Should we stick all our ESP32s inside Faraday cages? Is this a secret plan for the CCP to remotely control our lights and plunge the world into chaos?

As I said before, ONLY if there’s a secret as-yet-undiscovered wireless handshake that gives remote wireless access to these (or really, pretty much any other published HCI opcode). That presentation most definitely doesn’t claim that.

To see if there is a REAL backdoor, you should wait for an analysis from fine professional wireless debugging vendors like Ellisys (starting models run $30K and up), Frontline, or Spanalytics.

Incidentally, Tarlogic, the group that put out that paper have their own BLE analyzer product (https://www.tarlogic.com/es/productos/analizador-bluetooth-le/). They look to know their stuff, so they should know better than putting out clickbait-y hair-on-fire reports. But come on, who can resist a good CCP/backdoor headline? Will media run with this and blow it out of proportion? No way!

If you’ve read this far, you must safely be on your third drink or the edible’s just kicked in. Stop panicking, and wait until the pro sniffer and Bluetooth forum people give their opinions.

If it turns out there is an actual WIRELESS backdoor, then by all means, feel free to panic and toss out all your Smarthome plugs. Go ahead and revert to getting up and flicking on your light switch like a peasant. Have a sad, twerk-free Christmas.

But over a few undocumented HCI opcodes? Have another drink and relax.

Happy Sunday.

PS: controversy already up on wikipedia: https://en.m.wikipedia.org/wiki/ESP32

PPS: you may want to stock up on ESP32s for your light-up Christmas light project. Don’t be surprised if Espressif gets smacked with some hard tariffs or an outright ban, based on these ragebait headlines 🤷🏻‍♂️

Edit: DarkMentor offers a little more detail on the nature of the opcodes: https://darkmentor.com/blog/esp32_non-backdoor/

This sounds like there are some undocumented opcodes on the HCI side – the Host Computer Interface – not the wireless side. By itself, it’s not that big a deal. If someone can prove that there’s some sort of custom BLE packet that gives access to those HCI opcodes wirelessly, I’d be REALLY concerned.

But if it’s just on the host side, you can only get to it if you’ve cracked the box and have access to the wiring. If someone has that kind of access, they’re likely to be able to flash their own firmware and take over the whole device anyway.

Not sure this disclosure increases the risk any. I wouldn’t start panicking.

I live in an earthquake zone and have been taking CERT emergency training courses. Have been looking at these as part of a neighborhood emergency network.

Turns out SeedStudio sells these with a base that comes with a display and a bunch of grove connectors, as well as a cheap GPS module. Will have to think a bit more on what else may be needed (keyboard, display, battery, vibration, or other environmental sensors?)

It may be possible to build one of these for < $50USD and hopefully cheaper, then have each emergency sector in the city keep one as part of their emergency cache. Would be useful if cell networks and power go out.

All that CGA-quality porn, gone like dust in the wind.

Remember to break this news gently to your elderly parents.

Pretty funny seeing what is after all, a ‘romantic’ venture (dating apps) broken down in a completely utilitarian analysis. Also helps to have a brook-no-shit writing style.

Years ago, was asked to do dev work on a clone of a dating app. Ended up looking at all the things these kinds of apps did to get people to pay. Two features I remember were giving new users option to buy top profile placement for a limited time, so they showed up as a first choice for everyone for the next hour.

Another was sending paid ‘virtual’ gifts, which turned out were badly ripped off clipart of flowers and jewelry. This was when Tinder was first starting so none of the fancy retention methods described here or AI filters.

I passed on working on the app, but made sure my wife knew exactly why I had installed all those dating apps on my phone. It really was for research.

Just to be clear… I’m a massive Fediverse fan, and have concerns about BSKY’s governance. But many communities streaming off Twitter seem to be heading toward BSKY because it’s a shallower on-ramp.

Mastodon people recognize this and are working to smooth down the friction points.

What happens when their server expenses aren’t covered, or bad people move in and every message has to be moderated, or the site moderators ban you?

And getting a whole community moved over… oof.

I moved a private mailing list to a WhatsApp group, then they changed their privacy policies. It took two years to convince people on to Signal, and 2/3 of the people didn’t make the jump. And this was with a small group of people who knew each other IRL. Imagi e doing that for tens or hundreds of thousands worldwide.

This is why people are hesitant to get off Meta/Twitter. They’re not going to do it again.

Your email server doesn’t also run the group email list and all the join/drop/approve/ban operations. And if you bring your own email domain name, you can go somewhere else and get no disruption. But if you sign up for me@hotmail.com and hotmail bans you, you’ll lose all your connections and conversation history.

The canonical list of operations on a social media platform far exceed that of an email service, a bulletin board, or a messaging service group. It’s apples and rocket ships.

Bluesky is offering simple one-stop answers to a lot of these concerns. Fediverse needs to answer all these, plus address the whole long-term financial sustainability question.

The Fediverse experience starts with an unanswerable question: what server do you want to be on?

Most people will not have any way to answer that without knowing what the downstream impact will be. Mastodon people are working on smoothing that down, but it’s still a pretty fraught question. And if half a given community ends up on one server and half on another, they get fragmented and conversations and followers fizzle out.

Bluesky wants to tell people they’re not a single-node lock-in to avoid the Twitter effect, but it turns out that’s their key advantage.

The only thing that will guarantee they don’t end up like Twitter is if they revamp their corporate governance mechanisms, but they had to take VC money and haven’t come up with a long-term revenue model, so it’s not clear how they can avoid it.

1000 charge cycles. If you charge twice a week, that’s 500 weeks or a little less than 10 years. There’s no mention of degradation over time.

But back-of-the-napkin, it means for this to be cost-effective, they may want to come up with some sort of replaceable or battery swap system. Not sure anyone will want to buy a vehicle that needs a massive battery retrofit every 8-10 years.

Who the hell is waiting till 10am?

Cut-off date for training must have been when eggs prices were jacked.

So… Hyundai Automotive signed a deal with Hyundai Electric to supply them with electricity.

🤔

This is pretty sad.

I have a number of elderly relatives. The one thing I keep telling them is if they ever get approached, to contact their kids, or check with another family member before responding. So far, there haven’t been any problems.

But I heard an in-law’s parents in a different state lost a big chunk of money to one of these scams and may now lose their home.

Not a WP dev. Just a (techie) user.

This whole thing seems so unnecessary. FOSS devs would love to get a fraction of the goodwill being squandered here.

All the deserved ribbing aside, if you had to design a removable, R/W, high-capacity, environmentally tolerant, secure, fault-tolerant, mission critical storage system that could last 25 years, starting NOW…

What would you pick?

That’s a tough one, even if you design future hardware upgrades into the system.