I also discovered a major flaw in BLE's crypto that allows an attacker to crack its encryption key and decrypt data, 100% passively. I wrote a tool called crackle that will automatically decrypt encrypted BLE data captured by Ubertooth.
Here is an up to date overview:
As the engineer who has designed these boards, I'm very happy with what we have achieved. But at the same time, I feel that the information we have in the Wiki is not adequate for mass consumption yet. I'm preparing a more concise technical description and post a link as further commentary here in a few hours.
This hack was tweaked until the MMC/SD controller in the SoC was happy with it. Other controllers may differ. In any case will you need the ability to switch CMD and CLK to GPIOs (without disabling the entire MMC controller) and to bit-bang them at a reasonable speed (at least a few MHz).
So it's quite platform-dependent in its current shape, but you can probably apply the same principles with other SoCs as well.
Do not meddle in the affairs of troff, for it is subtle and quick to anger.