This workshop will guide attendees through a series of common vulnerabilities in cheap Chinese smart padlocks. We will cover the process of reverse-engineering of Android applications, capturing and analysing Bluetooth Low Energy (BLE) traffic, and putting together a simple script to exploit our findings.

This workshop will be laid-back and easy to follow, intended for beginners with a working understanding of Java. We’ll bring the locks and mobile phones to control them.

Prerequisites:

• Some familiarity with Java and Python will be very helpful, but a working knowledge of another OOP language should suffice. Advanced proficiency is not required
• A laptop capable of running a standard Kali VM and able to connect to other devices via Bluetooth (we’ll bring a couple of Bluetooth adapters for those who need them)
• Familiarity with Burp Suite and Wireshark will he helpful