Explore a comprehensive security analysis of the Chipolo ONE Bluetooth tracker in this 32-minute conference talk from the 38th Chaos Communication Congress (38C3). Follow security researcher Nicolas Oberli's journey from extracting firmware from a locked Dialog DA14580 chip using fault injection techniques to achieving remote code execution over Bluetooth. Learn about multiple security techniques applicable to IoT device analysis, including bypassing debug locking mechanisms on previously unbroken chips, reverse engineering unknown firmware with Ghidra and limited documentation, analyzing weak cryptographic algorithms for authentication bypasses, exploiting buffer overflows for code execution, and navigating the disclosure process for unpatchable vulnerabilities. This security-focused presentation provides valuable insights for hardware hackers and security professionals interested in IoT device vulnerabilities and analysis methodologies.