InternalBlue - Bluetooth Binary Patching and Experimentation Framework

Bluetooth is one of the most established technologies for short range digital wireless data transmission. With the advent of wearables and the Internet of Things (IoT), Bluetooth has again gained importance, which makes security research and protocol optimizations imperative. Surprisingly, there is a lack of openly available tools and experimental platforms to scrutinize Bluetooth. In particular, system aspects and close to hardware protocol layers are mostly uncovered. We reverse engineer multiple Broadcom Bluetooth chipsets that are widespread in off-the-shelf devices. Thus, we offer deep insights into the internal architecture of a popular commercial family of Bluetooth controllers used in smartphones, wearables, and IoT platforms. Reverse engineered functions can then be altered with our InternalBlue Python framework---outperforming evaluation kits, which are limited to documented and vendor-defined functions. The modified Bluetooth stack remains fully functional and high-performance. Hence, it provides a portable low-cost research platform. InternalBlue is a versatile framework and we demonstrate its abilities by implementing tests and demos for known Bluetooth vulnerabilities. Moreover, we discover a novel critical security issue affecting a large selection of Broadcom chipsets that allows executing code within the attacked Bluetooth firmware. We further show how to use our framework to fix bugs in chipsets out of vendor support and how to add new security features to Bluetooth firmware

Detoxification of water by semiconductor photocatalysis

An overview of the use of semiconductor photocatalysis for water purification is given. The basic principles of semiconductor photocatalysis are described along with the current understanding of the underlying reaction mechanism(s) and how it fits in with the major features of the observed Langmuir-Hinshelwood-type kinetics of pollutant destruction. These features are illustrated based on literature on the destruction of aqueous solutions of 4-chlorophenol as a pollutant, using titanium dioxide as the photocatalyst. The range of organic and inorganic pollutants that can be destroyed by semiconductor photocatalysis are reported and discussed. The basic considerations that need to be made when designing a reactor for semiconductor photocatalysis are considered. These include: the nature of the reactor glass, the type of illumination source, and the nature and type of semiconductor photocatalyst. The key basic photoreactor designs are reported and discussed, including external illumination, annular, and circular photoreactors. Actual designs that have been used for fixed and thin falling film semiconductor photocatalyst reactors are illustrated and their different features discussed. Basic non-concentrating and concentrating solar photoreactors for semiconductor photocatalysis are also reported. The design features of the major commercial photocatalytic reactor systems for water purification are reported and illustrated. Several case studies involving commercial photocatalytic reactors for water purification are reported. An attempt is made briefly to compare the efficacy of semiconductor photocatalysis for water purification with that of other, more popular and prevalent water purification processes. The future of semiconductor photocatalysis as a method of purifying water is considered

Thermocouple for heating and cooling of memory metal actuators

A semiconductor thermocouple unit is provided for heating and cooling memory metal actuators. The semiconductor thermocouple unit is mounted adjacent to a memory metal actuator and has a heat sink attached to it. A flexible thermally conductive element extends between the semiconductor thermocouple and the actuator and serves as a heat transfer medium during heating and cooling operations

Low defect, high purity crystalline layers grown by selective deposition

The purity and perfection of a semiconductor is improved by depositing a patterned mask of a material impervious to impurities of the semiconductor on a surface of a blank. When a layer of semiconductor is grown on the mask, the semiconductor will first grow from the surface portions exposed by the openings in the mask and will bridge the connecting portions of the mask to form a continuous layer having improved purity, since only the portions overlying the openings are exposed to defects and impurities

Non-analytic behavior of the Casimir force across a Lifshitz transition in a spin-orbit coupled material

We propose the Casimir effect as a general method to observe Lifshitz transitions in electron systems. The concept is demonstrated with a planar spin-orbit coupled semiconductor in a magnetic field. We calculate the Casimir force between two such semiconductors and between the semiconductor and a metal as a function of the Zeeman splitting in the semiconductor. The Zeeman field causes a Fermi pocket in the semiconductor to form or collapse by tuning the system through a topological Lifshitz transition. We find that the Casimir force experiences a kink at the transition point and noticeably different behaviors on either side of the transition. The simplest experimental realization of the proposed effect would involve a metal-coated sphere suspended from a micro-cantilever above a thin layer of InSb (or another semiconductor with large $g$-factor). Numerical estimates are provided and indicate that the effect is well within experimental reach.Comment: 5 pages + 6 page supplement; 5 figure

Method for growing low defect, high purity crystalline layers utilizing lateral overgrowth of a patterned mask

A method for growing a high purity, low defect layer of semiconductor is described. This method involves depositing a patterned mask of a material impervious to impurities of the semiconductor on a surface of a blank. When a layer of semiconductor is grown on the mask, the semiconductor will first grow from the surface portions exposed by the openings in the mask and will bridge the connecting portions of the mask to form a continuous layer having improved purity, since only the portions overlying the openings are exposed to defects and impurities. The process can be iterated and the mask translated to further improve the quality of grown layers

Localization of superlattice electronic states and complex bulk band structures

The relative lineup of the band structures of the two constituents of a semiconductor superlattice can cause charge carriers to be confined. This occurs when the energy of a superlattice state is located in an allowed energy region of one of the constituents (the "well" semiconductor), but in the band gap of the other (the "barrier" semiconductor). A charge carrier will tend to be confined in the layers made from the semiconductor with the allowed region at that energy. It will have an exponentially decaying amplitude to be found in the semiconductor with a band gap at that energy