 So, shall I start or shall we wait until 11? Probably you should wait until 11. Maybe 11 or 2, I would say, even. All right. I'll keep an eye on attendance so, you know, whatever we have critical mass, I'll let you know. But if you want to keep looking at the attendant list, you're sure free to do so. Meanwhile, I was looking in the chat, I know some people were experiencing issues with getting their environment set up. So, if anyone is going through this right now and they're in the chat, do you speak up? Maybe we'll be able to help you a bit more easier than by a text. Yeah, it's like I can answer a question orally, since like we were we will be 12 or so. I did practice with like 15 people and answering questions orally is usually doable with less than 20 on a stream. And also, I did allocate time to set up the ESP32 environment during the workshop. All right. So I'll wait one more minute and then I'll get started. All right. So welcome, everyone. Marc-André, I'll be hosting the automated contact tracing workshop on ESP32. Let me share the screen. Share. OK. So I was working as a system administrator at the McGill Genome Center. And then in 2016, I joined the ESP32 team at Desjardins as an infrastructure penetration tester. And these days, I'm doing research and testing on high OT devices. So I took I took a look at the Apple, Google Exposure Notification Procale. It's like this spring, it was developed in 2020 to help the contact tracing effort to deal with the COVID-19 pandemic. And I did that research with a focus on privacy, like the ad like the premises privacy to anyone who took part in that contact tracing effort. So I didn't want to look at it and look at the protocol itself and what's around it. It turns out that the protocol itself is pretty good for preserving privacy, like most issues that I found are related to the device themselves, the smartphone will gather data for other purposes. And also telemetry that has been done, but the protocol itself, it's pretty good, we'll look at it. So since there are a few of us, you can ask, question, horribly, any time and I'll answer them. Also, I will invite you to go at my GitHub repository. I'll paste it in the chat, where is zoom chat, chat, chat. So I can start sharing based, start sharing again. So yeah, so you can pull the GitHub repository and follow using the workshop.md file. So first, we'll look at the protocol itself. So that'd be like Terry and then we will install the war shark plugin for the Bluetooth sniffer here. If you don't have the Bluetooth sniffer, there is also the beacon scope Android application that you can use to see the exposure notification Bluetooth advertisement. Are there is also, there might be other application that will allow you to to see that. But for the workshop would be using this, the Bluetooth sniffer. And then the main part will be setting up the ESP32 tool strain, the environment development. And also, I discovered recently that this year, Northsek badge, to use the exact same MCU. So you might use a badge as well. The only issue is if you use the badge, you lose the original firmware of the badge. So it's like, if you want to play the game again, you'll have probably have to use JTAG on the badge to restore the original firmware. All right. So a bit of lexicon first. Like the protocol has three main parts, the Bluetooth part. So that's the scanning and advertising happening on your usually mobile device, but we'll implement it on the MCU. And the second part is the communication with the public health authorities. So we'll look into it. There is two type of communication. The first type is when you, when you have positive tests, you'll be sending your temporary exposure key to public health. And on Saturday, you will be pulling from pulling public health authority, the exposure keys of those who tested positive to do the key matching. And the key matching is the last part is the part that will determine if you have been in close contact with someone who has the disease. So you have to isolate and test. So first, the Bluetooth part. So we can see it with. Yeah, that's the beacon scope. So then there is a UID for the type of advertisement, which is FD6F. And you will be transmitting like two main part, the rolling proximity and then the fire that you transmit like every 250 millisecond and the metadata. The metadata is just for now the power at which you're transmitting and it's being used at key matching part to determine how close or how far you wear when you're rolling proximity and then the fire has been transmitted. So we can also see it with Warshark. With the configure Warshark later, you need a plugin to use the Bluetooth sniffer. But if I start Warshark and use that filter, I can see I have this is not me. These are my neighbors who do run the COVID alert application, the original one, so I can receive their advertisement. So we can observe within the advertisement, there's a few things. First, it is like advertisement for a service that doesn't support connections and also it uses a random MAC address. So the MAC address has to be random and it has to be rolled over like regenerated at every interval at the same time of the proximity identifier. We'll see it later. Prevent tracking. And then again, the UI ID for that identify the services FD6F. And we see the rolling proximity identifier and the metadata. Metadata is again just transmit power. So when you receive that, you can also store the receive power and determine the distance between you and the person who transmitted that. So any questions so far? It's like, I think you can unmute and ask questions. Just try it. I would like to see if it works if I can hear somebody. Testing? Yeah, I can hear you. Excellent. Thanks. So that's roughly the Bluetooth part. And we can also, there's a small issue that I saw. Okay, all right. So when I start to research into that, I found a different version of the Google specification for Bluetooth. So this is an old document. It's not current. So it's like, if you install the COVID alert app, it should not behave like this anymore. We'll see the new document just right after. But it has an issue like the, in the old document, they plan at tracing key. So your device will generate a key once per device. And from that key, it will generate the exposure key that will be derived from that key. And then everything else, like the rolling proximity and then the fire will be derived from tracing key. It's like they, they change the terminology as well. It's like, at that time, they call that the tracing key. So that caused the issue that it's by design that rolling proximity and then the fire has to be derived from the temporary exposure key. So the key matching can happen. But if that key had leaked for any reason and then people could, if they had, if they had capture your rolling proximity and then the fire for a period of time, knowing your tracing key, they could track you. They could know where you've been during like month or a year. So that, that was like, I'll say, pretty bad for a privacy standpoint. So this is not happening. It's like Google did a new document, like the, the updated the spec at some point closely after. So the new specification, this is the Bluetooth part. And we'll see from the cryptography part. So that's the current document. So what this is what they do now. And what they do is like, now they generate the temporary exposure key from a random number generator. So this is what's happening. It's like, once a day, the device will generate that key. And once every interval, it will generate from that temporary exposure key, the rolling proximity and then fire, which is being transmitted. And when you're, when you're scanning, you're around, this is what you, you get, you get these two. And like the next step is the, the communication with the public health authority. Zoom in a bit. So let's say you have symptom, you go, you go get tested, it has positive, then the public health authority will give you a code. Which allow you to communicate with the API. So you, you'll punch that code and you'll send it to the API. The API will give you a token and then we'll expect you to upload the last 14 temporary exposure keys that you generated and then the other tab. I want to get the other tab. Okay. Like, I disabled the waiting room, but yeah, please, someone managed the waiting room. I just wanted that menu to go away. It's like, when you, you test positive, these key you generated once a day on your device. So if you, you, you shall have a positive test. You will be uploading the last 14 ones. So it's like from the, the, the last two weeks, that is because like with that particular disease, you might be a symptomatic for several day, but still be contagious. So at two weeks buffer, it's like it has been deemed safe enough. So that means that before that, you might just delete these keys, so they won't be able to retrieve them. It's like, they will be lost forever. So they're rolling proximity and then the fire that you transmitted before will really be useless for tracking. Thanks to the trade device tracing key, not being there anymore. So you send them. You send them to the, that's not. What I want to see, I want to see the, you send them to the public health authority. Last 14, one of them that, that will bring us to the last step. The last step is the key matching part. So to predict privacy, it has to happen on the user device. It's not happening on the public health authority server. It has to happen on the device and like, you might have an issue with the ESP32, we'll see why. To do key matching and determine if you are exposed, it's like, as you use the system, you record rolling proximity and then the fire from other people who use the system around you and you store them on your device. So these, these advertisements, you're supposed to record and store them. And then once a day, you have to fetch, it's like the application will fetch zip file from the public health authority. And that's the file was format is described there and contains the key of the people who had a positive test that day in your area. So then once you have that file, you have, you have these keys, but the protocol is designed. So from these keys, you can generate regenerate rolling proximity and then fires that were transmitted. So you fetch the file from public health, and you will on your device on zip and recalculate all the rolling proximity and then to fire from these keys from the zip file. And you compare them from those that you store from Bluetooth advertisement. And if you have a match, that means that someone who tested positive has been around you. And that's why the, that's when the metadata comes in. It's like from the metadata, you are, you'll have like a transmit power measurement. And as you receive on the Bluetooth scanning, you can also capture like receive power and then determine the distance. So if you are in close contact, like less than two meter, then you, you will be deemed exposed and you'll get the notification that you are exposed and you shall then test and isolate. So I need questions so far. Okay, great. So let's move on. So yeah, the whole thing has been designed to be host on a modern cell phone. So a modern cell phone has like gigs of RAM and tens of gig of physical, like non-volatile storage and pretty good multi-core CPUs. The MCUs, like they have more like limited physical resources, hardware resources, but can still be sufficient. And in the ESP32 case, I discovered that it's possible to attach an additional RAM chip on the SPI bus. And also the resources you need are correlated with the intensity of the spread of the disease in your area. So the protocol allows for each day, you can fetch up to 15 zip files and each zip file will contain, I think they could contain up to a million of temporary exposure key. So it's like you can have like one system for the old United States and it will still work. Like it will support really, really intense spread. But if you have like more limited resources, and let's say you are in Quebec, it's like so far in a single day, we had a bit over 3,000 cases. So that's mean that day that zip file, assuming 100 person people taking part in the automated contact tracing, that's if I will have contain like 42,000 keys. And from these, you have to have like hardware resources to recalculate the RPI. And for a single key, you have up to 144 rolling proximity identifier. That's why you have to roll them every 10 minutes. And there is 144 period of 10 minutes during a day. And the next day, you generate another key. So it's like, take some memory. It's like some RAM to do this calculation for the key matching at the end. And Canada is like, I don't know if the system allow for like contact tracing between provinces, or if the isolated, let's say the system in Quebec and Ontario has their own and Alberta and everything. So I'm not sure how they are connected together. So if we fetch keys, we fetch key only for our province or for the whole country. But the whole country is like, you have like five time more key site. And I think at the time I wrote this, that were, that was our worst day, January the third. But I think we had actually in April, even more cases, it's like 12,000 or so. So that's for the theory. So now we are getting to setting up the sniffer. So any question about how the protocol will work? About the key matching or communication with public health? It's all clear. Yeah, I'll try to see the chat. Can I see it? All right, let's say it's clear. And so let's go back to setting up the sniffer. So unfortunately, it's like if you use Ubuntu, Ubuntu by default, the wire shark will be too old to properly parse the Bluetooth advertisement. So it won't appear at Google Apple exposure and notifications like it will appear just as service data. So we need version 3.4, I think of wire shark. So if you have Ubuntu, you can get it through PPA. So you run these commands to install wire shark. Just like try it, if you have Windows, then you can just pull wire shark from the official website. Same if you have a Mac. It should work like the ESP32 toolchain can be installed. As far as I know on Windows and on Mac and on Linux, it's for call 3, wire shark as well. And I think the Nord Zik plugin also. So try it and let me know how it goes. So on Linux, for things to work properly, you need to add your user to these groups. You need to be part of the dialogue group so you can communicate with the ESP32 that the chip or the badge over the serial port. If you want to send and receive, you have to be part of the dialogue group. And wire shark, you have to be part of the wire shark group to do traffic capture. If you want to update your group membership without leaving the stream, it's like without logging off. You can use SU as your user to log in again. And then your new groups will be applied and you'll have permission to communicate with both the Bluetooth sniffer and the MCU. Also to make the Bluetooth sniffer work, I install screen to just to troubleshoot serial communication. It's not required, but the Python 3 serial is required by the plugin. It's a dependency of the Nordic Bluetooth sniffer plugin. So you can get it from the Nordic website. Just pick the version for the operating system you use. You see whole support, Windows, Linux and Mac. So you're finding either cases. And once you download that plugin, you see from wire shark, if you go to L, about and then folder, you want to install it in the xtcap folder. So it should be in your home. Where is it? Plug in. Yeah, yeah. Okay. Only next should be in home, your user.config, wire shark and xtcap. So it's a personal xtcap app. So this is where you want to download and unzip the Nordic plugin. So the install instructions are there. So that's what they tell you to do. Open wire shark. Look at the xtcap folder. And you unzip the plugin there. And you can do that to test if it works. So let's do it. So if I go to .config, wire shark, xtcap. So I have the zip file from Nordic. I just unzip it. And it should have unzipped.sh file, a bad file for Windows, a Python script and some more files in that folder. So I can test if it works. Using the nrfsniffer.sh. Let's run it. One, two. Right. So you get the path of the serial device associated with the sniffer. If you have the sniffer connected to one of your USB port and after you install the plugin, you stop wire shark, you restart wire shark and then the sniffer device should appear. So let's do it. I stop wire shark. Start it. It's running already. And I'll just jump in while you do this. So do you recommend version 3.1 for everyone or is there any benefit to not going with the latest and greatest? I'll say go with the latest and greatest. Go with this one, the 3.1. Because it's like older version will support only Python 2. And they only recently upgraded their plugin to support Python 3.1. So I would recommend the latest and greatest. That's the one that I used. I know it works. So go with the 3.1. Excellent. So if everything is working, you should get that new capture device. So if you click on it, you'll see it's like Bluetooth advertisement of like any kind. And here I'm in a building and we are like 50, it's like 50 co-owner of the building. So that's a lot of people and my neighbors to buy. So if you click on it, you'll see that every high OT device they can find, so that makes a lot of advertisement. So we need to filter them. So here's the filter. It's in the workshop.md file. Filter that you should use. So that will filter. So you see only the Apple, Google kind of of Bluetooth advertisement and not everything else. So I have it here. If I do apply the filter, I still see a lot of traffic. Maybe if you live in the countryside, you have your own home, no neighbors, you won't see anything. When you'll run the code and the ESP32 fully, you'll see your own transmissions or what you may also do if you don't see anything, if you want to generate traffic, you might pull the official app. So that's the link. Worst case you can go on, install the official app. I can install it after if you need to generate traffic. But here it's not an issue. I have plenty of people around me who runs it. So I can see their advertisement with their rolling proximity identifier. We have a question in the chat about the type of range you can reach with DLE. I think it's at least 50 meters. I don't know for sure and I don't know the impact of dry walls, wooden walls, concrete walls and open space. But it's at least 40, 50 meters. I think what I'm seeing is not the neighbors above and below because the ceilings, the floors are reinforced concrete, so that's metal and a thick layer of concrete and also a quarter inch layer of steel. It's like a steel plate. So I don't think I'm seeing the upper neighbor or lower neighbor but I have huge glass windows and my neighbors are across the street. I think that's what I'm seeing and they are at least 20 meters, 30 meters away. So I'll expect up to 40 meters maybe. So that's the range. It's like if my neighbor across the street do test positive, it's like I will still record is RPI but I'm not really exposed. So that's why the protocol allow in the metadata I record of the power the output power when you're transmitting so it can calculate the distance a bit better to reduce the amount of false positive. It's like when you have exposure notification the application wants to make sure that you are really close to someone. So they had it like the first document that I showed you they didn't plan it but they had it shortly after in April 2020 in version 1.2. Any other questions? So that's pretty much it at this point the sniffer should work so we'll install the connection itself. This step can take like I would say on my machine I have pretty good machines like fast R drive and fast internet connection it takes like 3 minutes so it can take like 5-10 minutes if you have R drive like less internet bandwidth so you may just follow the instruction on the ExpressIF website so first you clone the repository I'll do it so I'll see how fast it goes I'll do it again I'll make folder test2 test2 and let's clone it again so it takes a bit I hope it won't if it does disturb the zoom just tell me I'll stop it so once it's done you go inside that ESPDF folder and you run the install script it will pull some more code and pull Python modules and then it will be ready to run so that's what it might look like on windows and then the last step is to run the export.sh where is the export.sh yeah it's there so the export.sh script will load your environment it will create a Python virtual environment as well then you'll have access to the edf.py script that you run to build and flash and monitor the device so it's 11.43 I think we can have a question answer or discussion or we can take a break until 11.50 so everyone can pull and install it seems to be done on my side if I run the install script because it does store code in a dot folder it was pretty fast on my machine because I did it yesterday but yesterday when I tried my own workshop it took like 5 minutes so if you wish I have a discussion or take a break until 11.50 so everyone will have like ESP32 install and will be ready to go and try the last step which will be building and running the actual code we will do a walk and look at the source file there is one file that's the read me I need to go back to workshop the code is split and four files so we'll go through them at 11.50 and we'll see what are the important the data structure that you might want to look at to really understand how it works on the ESP32 so any questions or comments so far I'm also keeping an eye on Discord but do ask your questions and if you want to ask them with a mic it's even easier if not it's a good time also if you've got everything just getting set up grab some migration it's very tropical weather in Montreal right now wherever you may be it's always a good idea to stay hydrated yeah so let's take a break and go back at 11.50 it should be done it should take like 5 minutes so I will stop video and mute and unmute at 11.50 is that correct for everyone excellent so see you at 11.50 alright yeah I got a question it's like if you have the error message normal module name serial that module is actually python tree serial so the python code can communicate with the SNFER device using serial port it should be like something like TTY USB 0 so you have to install that package oh that's strange so one can install using PIP but what I did is I installed it using the package if it did work on Ubuntu if it still doesn't work let's say you use the package manager to install because there is python serial and python tree serial so make sure you have the 3.1 version of the Nordic plugin and try it's like on my Ubuntu machine the packages name python tree serial it might also be named on the front operating system python serial if the operating system like maintainers do assume that python means python tree otherwise I'm not sure but maybe you can try to pull python serial yourself and put it in config more shark set of this work it tries to import serial so just make sure if you run python tree here that you can do the same thing and import serial without getting an error message so that's how you test it if it installs properly then import serial should work also on windows I didn't test it on windows it should work as well I just don't know exactly how you get additional python module installed on windows import serial work you might try a virtual machine if you do it on a virtual machine then it's possible using whatever app provider software to assign USB devices to the virtual machine so it will disappear from the host and appear under the virtual machine so if you want to see if it's there I'll do it as USB I should see that's the sniffer and if I do connect the badge should see the badge as well so if you decide to run the whole thing on a virtual machine yeah that's the badge and if I do connect this thing the the before dive bot for the workshop yeah I think this is the silicone lab cp210 so that's that controller alright excellent so at this point it's like you should have the ESP32 environment development installed so to test it I didn't install the ESP ESP IDF you need to load export the sage and from there you should have like IDF.py in your path so once it's done you can go into CTF if you want to build a thing go into the mcu trace folder that you should have pulled from github and build it so when you do it from the first time it will take like 30 seconds it's like I've did it before so it's just done it will show the message so that if I want to flash the device then I should run IDF.py with the port since I got the sniffer connected as CTY USB 0 then I connect ESP32 as CTY USB 1 few years windows that will be port com 1, com 2, com 3 and so on so before we do build and flash the device let's do the walkthrough of the code it's not done yet it's not following the specification it's like I did the experiment I did it as an experiment if the pandemic drags on because of variance I will finish it I would like to finish it to have it if there is another another pandemic shortly in the future but for now I did the Bluetooth part so I will go through it but communication with public health is still missing although I could reuse a lot of code from Google because I think they use the Apache or MIT license so it's loud and the same thing they did the key matching part in C++ because it was faster than doing it in Java so when before Google do the key matching here it's like the C code is called from Java by the application using GNI so I could probably borrow that code Apache license to do key matching on the device but so far it's only Bluetooth and it's not up to spec for two reasons like I'm missing the real time clock so it's like for some part of the crypto code I will need to set the clock so for example you have to have Wi-Fi on and connect to an access point and either use NTP or you can even use TLS to get the time so that part still needs to be done and also instead of storing the exposure key for up to 14 days it's like right now the code will generate one every interval period so every time the code regenerates the rolling proximity and then the fire and the Bluetooth MAC address will also generate the exposure key but it should not do that in real life in real life they should be generated once and stored for 14 days so let's go to the first file go in the main folder so the first file to look at will be ESP exposure API.C so this is borrowed from the iBeacon example on the ES express IF repository so I took iBeacon and I turned it into exposure notification so these are the two critical data structure so the service header what really does is it will set this the service data but this part of the other so we'll have the length of the other itself we'll have the service UID which is exposure notification UID which is again FD6F so you set it and you pretty much forget this is static this won't change the next part though the payload that will change every 10 minutes so I set the interval at 10 seconds every 10 seconds we regenerate the rolling proximity and then to fire the metadata the temporary exposure key so we can look at it without waiting for 10 minutes but they call that the exposure so about that we'll have the this one oops yeah this ND so this is the crypto codes I want to have the schematic ND to help you understand how it works so this has to be changed every time the notification to all which is usually 10 minutes so this function will roll proximity and then to fire will receive both the RPI and the metadata from the crypto part of the code and update the structure here and this function is called by a scanning event so you run the scanner as well and every time a scanning event receive something will trigger an event and send you the payload from the scanner then this function will parse it to determine if really is exposure and it's not complete doesn't really check everything but they will show just print out the rolling proximity and then to fire that was received but really what should be done is these should be stored on the device to do the key matching protocol if when you receive temporary exposure key from public health authority of those who test positive then you run the key matching algorithm and after a while it's like you just drop after 14 days because after 14 days they're really useless so this function should parse the advertisement received from the scanner and then determine there are probably like bad exposure and notification advertisement stored them for key matching but so far it's not done just print them so the last part will configure the advertiser so it's called forward from the the main file and when the advertiser is turned on will update the data structure that are used by the Bluetooth code so if you update this one with your new identifier then turn on advertising again so far so good any question about this part of the code right so the next file that is just click into the header file just define the structure so the next file that is interesting is the timer again this is borrowed code from the timer example so what's really interesting about the timer two things first the interval so it tricks every 10 seconds but should trigger every 600 seconds or 10 minutes and will trigger will call that function from the main file so the rolling proximity identifier can be regenerated and the MAC address for the advertisement should also be regenerated so every time the timer tricks that function get call pretty much it for the timer and the last part that's the crypto code yeah this make use of the embed tls library which is part of the ESP32 tool chain so when you pull the code from expressIF you get this tls library had to turn on the hash key derivation function it's not like enabled by default but when you pull the github repository there is a file called sdkconfig and that config file the hash key derivation function has been enabled but if you start from scratch and try to use this you will get a linker error and if you look it up it will tell you that you should enable this if you want to enable additional function from the ESP32 tool chain you can use edf.py yeah this is if you want to enable some other part of the tool chain that has to offer so I'll have to do it at some point if I want to do everything including the key matching I'll have to use wifi so enable wifi probably enable the NTP protocol as well to keep track of the time oops let's go back to main and then crypto so this hash key derivation function is used there and there so you generate your temporary exposure key and you also have the spec have you keep track of the timestamp at which the key is being generated what is really interesting is the use 32 bit value for the timestamp so we'll have a problem within two decades like we'll roll over so if that contact tracing protocol keeps being used at some point they will have to update to a 64 bit timestamp I think and the interval which is like 144 period of 10 minutes you have to keep track of that as well and the code still not doing it I'll do it in the future and get the temporary temporary exposure key from random number generator so when you call this you have to also call it with the static string which exposure notification RPI key since a static string is being used that means that someone who knows the key can regenerate all the rolling proximity in them to fire from that key and that is critical for the key matching so when you upload your key to public health it's like the only time that you disclose this key is if you test positive and you decide to contribute to the contact tracing so that the official application will still have to ask for your permission to upload the keys otherwise they always should stay in the device so when you upload them they will get distributed to everybody who use the contact tracing and from this key they will run the key derivation function with the static value and they will be able to calculate the RPI so we do it once we do the key derivation function then from that you get the RPI key and from the RPI key you have to generate like a plain text using again this is known from the interval number so 1 to 144 and it's like padding data which is like a bunch of zeros and again a static string so this plain text it's really it's known as well so from that EES output you get really the rolling proximity and identifier which goes over Bluetooth so in the code I'm using EES in ECB mode it's like if you look into EES and like symmetric and mode of operation it's like you won't like this mode because it will create like huge issues if you use more than you use that for more than one block but here since we only have one block to encrypt embed TLS doesn't expose EES directly so I have to use ECB mode to do this but it's okay since I use it only for a single 16 byte block and it's really to get the RPI from that key but the thing that is critical here is like someone who run like a Bluetooth capture device that's in shopping center cannot track someone by recording to the Bluetooth traffic so as long as these are not these secrets as long as you don't test positive it's like no one can do the calculation reverse so the only way you can be known if you have to publish these then your RPI for the last 14 days will be known as well but otherwise it is safe the last part of the critical code is to protect the metadata so that's the output power measurement so again you do key derivation function with another static string which is in this spec here and that gives you the associated metadata key and from the proximity identifier you use it as a nonce input in the AES and counter mode and the reason here why the counter mode is being used is the size of that associated encrypted metadata part is only 4 bytes and in EES usually the black size is 16 bytes but what the AES in counter mode does is turn AES into stream cipher which can encrypt an arbitrary length of plain text so it doesn't have to fit the black size and it doesn't have to use padding to fit the black size so you can take a 4 byte plain text as input and have 4 byte cipher text as output but to get that you use you have to use the counter mode the last part like the specification will specify the format like I think I have to go back to Bluetooth specification to see how the metadata is produced in the current document so if I look for metadata it's like carry protocol versioning and transmit power for better distance approximation they won't tell you yeah okay so this is what needs to be done but see that the code doesn't do it now I don't know the future but right now I'm using a static value as the metadata plain text but to follow the spec I'll have to get the transmit power level and it's possible to do it with the ESP32 so let's get back here the last part of the walkthrough which is the heart of the program brings all of that together the exposure notification.c file so any questions so far about the timer code the advertisement part or the cryptography part alright let's do the last part here that file we have another shouldn't really go into that file but we have another data structure to set the advertisement interval and also the scanning parameters so I took these values again from the google specification so you should transmit between every 200 to 270 milliseconds so I think you have to target between that and use some entropy to try to avoid the timing attacks like someone could run a bluetooth listening device and use the amount of time between each of your advertisements shall then be unique to track you and differentiate you from other users even though you're rolling proximity and then the fire does change and your MAC address does change you have to be aware that you can be tracked in some other ways you have to introduce randomness in timing as well the entry point next part is the entry point in a ESP32 is called app main so when you build the build command will create the firmware from your code and more see the ESP32 code build a firmware image and the firmware at some point will call app main which is the entry point of your code then from there you have to initialize storage then at some point I'll have to use storage to store my keys that I generate and I have to turn on bluetooth one thing that I got from the ESP32 expressIF documentation is that if you have to use the crypto code or even the random number generator for the random number generator to work properly and generate the cryptographly save random numbers you have to enable the bluetooth stack and or the wifi stack so when you enable bluetooth or wifi or both then the system will get entropy from these sources to be able to properly generate random numbers so if you don't have bluetooth and you don't have wifi then you won't have a good random number generation so first thing turn on bluetooth and then I do generate a random MAC address here it should start but that should go in the if you remember the timer will call this every time the notification interval elapses so it should be called every 10 minutes but I should call it once at start to get my RPIs and my encrypted metadata and my MAC address generated so it's a small thing to fix and then the next step is to restart the scanner so I do start bluetooth scanning first because again I wanted to the random number generator to have good enough entropy so before I do advertise and the thing I start the scanner and the scanner will eventually generate events and this function does handle all the bluetooth related events so by the advertiser and the scanner so you start the scanner and eventually you'll have the scan start complete event and then from there you can start the advertiser so it should be fine to use the random number generator to generate your MAC address and use the crypto to generate your rolling proximity identifier once you know that the scanner is up and running and there is another interesting event is this one scan result so when the scanner receive a notification then it will trigger parse the parser to make sure it's really exposure notification related and then this part only prints it but to do the key matching you have to store it so you receive this is called when the advertisement is being received by your scanner then you parse and you store and the last interesting part before we go into running and see if it all goes well is the here timer RPI interval so that's where the key generation crypto happen so you see here I use 1, 2, 3, 4 but here it's to follow the specification I should get like power measurement and there is also versioning so I need to create data structure here and store power measurement also it's the exposure notification interval this roll over each days when the temporary exposure key is generated so only for the workshop I don't use it and I do regenerate the key every time this function is called but the specification every 10 minutes this will trigger and you increment that counter from 0 to 144 and at the end of the day you roll back to 0 and you generate another key so first thing I will stop the advertiser because I have to replace the MAC address and the data structure that is being advertised so I generate a new MAC address interesting thing if you want to follow the Bluetooth advertisement specification for random MAC address you have to set the first to mostly significant bit to 0 so that tells the other scanner around that you are using a random MAC address so it's a certain convention and I do print the generated address then I generate the temporary exposure key again should not be done every 10 minutes but once a day and also another part that is missing as I need the real time clock it has a real time clock in the ESP32 so I need to use it to get the timestamp so it's being used to feed the ES part here so far only the interval should be a 16 bit structure with the timestamp, the interval number and the padding but so far I only set it to 1 so I get the hkey derivation function to generate the RPI key then I call ES with the EN interval structure which we saw earlier and the RPI key to generate the rolling proximity and identifier which will go over Bluetooth and then I call the hkey derivation function again to generate the AEM key and this is to predict the metadata which is a version and power measurement and I'm getting a ciphertext of 4 bytes out of it since I'm using counter mode this is again according to specification so here I do update my Bluetooth advertising structure and I reconfigure, I restart the advertiser so that's it for the walkthrough so we're getting ready to test the whole thing any questions so far? Alright, we'll finish a bit early so to test it what we want to do is run Warshark oh the embedded TIS, hkdf is supplied with the ExpressIF toolchain go and install it you'll get the embedded TLS library as part of the code that you'll be pulling when you do the GitHub clone recursive you'll get it and like I said had to turn it on you call edf.py menu config takes a bit alright and should be in no security feature probably try to remember where is it oh yeah yes ptls embedtls hkdirivation function yeah it's there so this is not ticked by default so let's say you want to compile this code but if you don't use my sdk config and you don't tick this the code will compile but you'll get a linker error so that's where you get it then edf.py build should build it alright so if it does build successfully you'll get that message run edf.py and then the serial port of the ESP32 chip you're using could be either badge or deathboard and use the flash command so on my machine the port should be the fdtty usb1 I'll use the flash command see a nice flashing progress alright so when flashing is done you can use the monitor command to access the output when the code running on the mcu prints something you can access it over the serial port using the monitor command you can either combine the flash and monitor command so you can do flash so flash then connect to the running code so you can see the output or if you don't want to flash it you can use the monitor command alone so it will connect to the serial port and it will do a reset so if your code is already running I think a monitor does reset it might be a way to connect without doing a reset I just did not look it up so if we do monitor then we can see again the rolling proximity and identifier of my neighbors and here every 10 seconds the timer takes and we'll see the output of the crypto code and all the keys that I do generate starting with temporary exposure key the RPI key then the RPI itself AEM key and then the encrypted metadata like as plaintext made a data I use 1, 2, 3, 4 which is not up to spec but it will still show you that the encryption is working and to test everything now we have to use Wireshark or you could use Beacon Scope if you don't have the sniffer capture device start then without saving then we run monitor again so we let it go and without the timer take a few times and we'll see if it is working properly so timer did tick let's wait 10 more seconds all right so if you want to interrupt the key to interrupt its control and then closing square bracket so this oops I want to copy and paste in the chat this is a key combo if you want to interrupt the IDF monitor process and get out I'll redo it again because I have lots of neighbor who generate a lot of notification so I restart the Wireshark capture again start Wireshark and I'll let the timer tick twice so that's once it should tick again in 10 seconds let's stop the capture and see if it did work I should have seen several notifications with random MAC address starting with 23.9b so 23.9b I saw one so let's look at it so we have 23.9b and RPI should start with 6fc695 so we have an identifier indeed it does start with 6fc695 and the associated encrypted metadata die set should be 6d ad94ac so it works and if we go one tick before I add that MAC address so 1ae9 so 1ae9 can see it here RPI should be 27f and encrypted metadata f9 f4 b5 so yeah it works and we also can receive additional transmission from people using the application around so I should see 2ae4 yeah 1ae05ed yeah so Bluetooth advertising works Bluetooth scanning works so the thing left to do is to fill the structure as per specifications like for encrypted metadata and also interval notification like generate the temporary exposure key each day keep track of the interval store the keys for 14 days store received proximity identifier for 14 days that will complete the Bluetooth part and then implement dialogue with the health authority so it's key matching it's like key matching itself is another good workshop so any questions, comments like we have plenty of time if you have any questions that are on ESP32 generally also within this topic generally doesn't need to be always you have the benefit of this time so go for it just looking for yeah it's like there is a few last thing as well like anytime you can interrupt me if you want to say something it's like when I look at the protocol itself with the three part it's like since I personally I'm not so comfortable with carrying like Apple or Google smartphone around why do carry around is like phone with Android run that I compile myself and I checked it it doesn't have it won't initiate a grass flow to Google I mean at all I don't use Google play like I will use either after it or ADB to install app but for the Apple Google notification protocols pretty good preserve privacy the problems are around it one problem that I did found specially is called that telemetry and I'm not comfortable with that for like several reasons we can see it's like this is what Google call it they say they won't like log IP addresses but a grass flow will still go to the infrastructure and I think to really trust that I will need like one external party that will audit them sort of like PCI DSS but for privacy and I don't even think the IR does that I'm not sure but I don't think it will send auditor to see if their the manufacturer or the company that does get their data really do what they say they do with the data so that's why I'm not comfortable with telemetry so far so that's why I did try to try and participate in contact tracing but still without allowing that data to goes out so I have retained control of the other flow that are transmitted and that's Google telemetry and also the official developer for the COVID alert app in Canada in like last spring I think it's last summer when they got the COVID alert app out it didn't really follow the spec and didn't send anything but in February they start to collect and send additional information and again they say they don't link your IP address with what you're sending what the application is sending but still it's there in frustration so we have to take their word and the monitors are pretty interesting things like if your state changed to expose they want to know it so they will know if you really like do the thing and trace and isolate get tested after you get the exposure notification so yeah I'd like to have a way opting out of that but the official application doesn't allow that with the graphical interface like if you really want to opt out you have to compile it yourself and comment out the code that you want to write and send this and also it's like cell phone like they have many other sensors microphone and they can be turned on and used by any unrelated happens like that's why I wanted to have contact tracing on another device also another thing is if I lost the link if there is a Bluetooth exploit if you run the app on your phone and there is a Bluetooth exploit and you have your Bluetooth stack exposed and it's like if someone can get there usually the attacker will have like privilege access on the device and that's really not the keys or the data of the contract tracing app that is exposed by the entire device but if you use like a separate and you don't use Bluetooth on your phone if there is an attack on Bluetooth itself only you're the keys that you have generated in the last 14 days and perhaps the rolling proximity identifier that you capture as you walk around will be exposed but not your personal data that you might have on the device so again the now is that device key issue that was in the specification at first but yeah Google fixed it and they remove the tracing key entirely in the current specification so that is pretty much it for the workshop so any one of you have a problem you got it working so now I can help if you still have like a Python serial issue or issue with the Warshark with the plugin or issue with the ESP32 part now I can help we have like plenty of time so anyone got it to work you can turn on your yep everything is working thank you a lot I learned a lot in the last 24 hours so did you try to install it and run it before the workshop or you did it this morning for the Bluetooth device I do my setup yesterday but for the for the ESP I start this morning and it was a little bit longer than expected yeah it takes a bit that's why I took a break right before 11.50 I did this I have pretty good machine with NVMe storage so it's fast and it takes like 5 minutes to pull and compile the ESP32 code it was cool so you get Warshark working as well with the sniffer yeah but I do the I cheat a little bit I do the working on the windows I should work as well it's like everything should work on windows I'm just not sure to install Python modules like I did it install Python I do the follow all the steps that other fruit tell us on their site and it's working fine because I plan to to teach this stuff Bluetooth stuff to my student in the next session that's why I try it on windows but for the ESP normally I use Arduino to play with the ESP32 yeah I noticed it I never used a hard window as I showed you and yeah you can have fun if you want with my code if you want to demonstrate I play a lot with the badge in the last two weeks the tool changed with and I'll try it it's working first the blinky and now your code is good yeah it's working the only issue is like I could not back up the original firmware so I need to find someone who has it and then restore either work I should be able to restore from the serial on this part they say that they give the entire stuff next week the source code and binary I think you can't reflash it yeah so I'll do it then I didn't have the time I played the game for a few minutes but I really had to try to see if my code would work on the badge so Flora and Sher can announce it so I lost the Nord sick the LED won't even turn on except that one at the high so since I don't use the screen then now the screen stays off I have to fix it like on Wireshark do you see any people in your area that are using the app? yeah I saw a lot of stuff I don't know who is this guy because I don't have the application on my phone the Bluetooth is closed that's why I did this is to keep Bluetooth closed on the phone itself maybe if I put the two devices in the old PC casing to do a Faraday cage but you can use like if you have an old phone laying around you can use that to play with it you get the app running on it then you can check it with Wireshark at least I think four neighbors when I turn on I will turn off my own device so I have like this is one, two three at least three people in my area that are using the app yeah so thanks for attending it's like at 6.30 I think I was invited to take part on another hardware panel so I'll be there yeah you're welcome bye bye I was going to say if any of you have some questions but you're kind of holding on to them it's also perfectly fine to hold on to them at the hardware panel later today you can ask them on Slido and I'll be happy to sling them to our panelists there which Marc-André is going to be one of our special guests no questions on my part I think this was extremely clear, a great walk through I love the pace I think this was a treat so thank you you're welcome we've had the hardware panel in a few hours and otherwise have a great north sick and have fun at the CTF competition