Update pentesting-ble-bluetooth-low-energy.md

Author: carlospolop

src/todo/radio-hacking/pentesting-ble-bluetooth-low-energy.md

@@ -262,19 +262,6 @@ for off in range(0, len(img_bytes), CHUNK):
 
 </details>
 
-Reversing the app protocol quickly
-- Extract the static AES key by decompiling the Android APK (e.g., with JADX). Search for AES, ECB, and the above UUIDs; keys are typically in helper classes.
-- Capture Android Bluetooth HCI snoop logs to map commands and UUIDs to user actions. Enable “Bluetooth HCI snoop log” in Developer options, reproduce actions, then pull btsnoop_hci logs and decode with Wireshark to see ATT Write Commands/Notifications.
-
-Hands‑free drive‑by hijacking
-- Program a small BLE dev board (e.g., Adafruit Feather nRF52840 running CircuitPython) to:
-  1) scan for devices exposing the command UUID,
-  2) connect, send DATS + upload an image to an unused slot,
-  3) select it with IMAG and set LIGHT/SPEED/PLAY,
-  4) disconnect and continue scanning.
-- The hardware and full CircuitPython reference code are publicly available; see references.
-
-
 ## Operational notes
 
 - Prefer Sonoff+Sniffle on Linux for robust channel hopping and connection following. Keep a spare Nordic sniffer as a backup.
@@ -294,4 +281,4 @@ Hands‑free drive‑by hijacking
 - [Android Bluetooth HCI snoop logging](https://source.android.com/docs/core/connect/bluetooth/verifying_debugging)
 - [Adafruit Feather nRF52840 Express](https://www.adafruit.com/product/4062)
 
-{{#include ../../banners/hacktricks-training.md}}
+{{#include ../../banners/hacktricks-training.md}}