Board is not visible as the impersonated device

[AntonFirc]

Hi,

I'm experimenting with BIAS using the CYW920819EVB-02 and experiencing some difficulties I cannot explain.

First off, the boards firmware got patched so a slight modification to the internalblue was needed (seemoo-lab/internalblue#44).

Instead of seeing the LMP packets, I see packets labeled as HCI_H4, with an description Sent Unknown HCI paket type 0x07, might this signalize that something does not work as intended to?

Finally, I'm able to patch the ROM of the dev-board, and also send the impersonation info. However, after the bias.py script finishes, there is no difference on how do the other devices see the board (name, MAC address). When I run the hciconfig hci1 name command, the name of the interface is correct, as in the impersonation file, but the MAC address is wrong. If I reload the hci device (hciconfig hci1 reset), new MAC shows up, but the name gets replaced by machine (host) name. If I check from a different machine I see the updated MA, but incorrect name as well.

Should the "impersonation results" be visible immediately after loading the info to board?

[francozappa]

Hi,

For the traffic, you need to install a Wireshark plugin to dissect LMP packets sent over H4. If you Google for it there are several plugin versions and you should install the version compatible with your version of Wireshark.

After running bias.py you should see spoofed info (e.g., BT address and name) from the victim device. From your laptop, you will keep seeing unmodified values because the script is patching the controller (BT firmware) without restarting the host (Linux OS)