Full Disclosure mailing list archives
Re: BTsniff - Bleutooth sniffing under *nix
From: shiftnato () gmail com
Date: Tue, 7 Aug 2007 17:32:32 -0500
All, During Renderman's talk @ defcon, he mentioned an email list where development of an open firmware for sniffing bluetooth off the ether was being developed. I thought I had copied it down, but apparently I got it wrong because there's nothing at the address I wrote down. If there's concern this shouldn't be added to the interweb archives, please send it to me off-list. Regards, N On 7/27/07, Thierry Zoller <Thierry () zoller lu> wrote:
Dear List, This Message is thrown together in a hurry with limited Internet access, please take my aplogise for typos and missing information, more will follow soon :) My call for an OSS Bluetooth sniffer during the last 23C3 in Berlin has not been left unanswered, first there was Max Moser("Bluetooth - Getting raw access") that uncovered how you can modify a consumer USB stick by flashing it with a BTSnifferfirmware and get RAW access to it. The question that was leftwas how to send commands to it, get it into sniffing mode, synchingit. Exactly this is what Andrea Bittau and Dominic Spill found out during their work on a Paper entitled "BlueSniff: Eve meets Alice and Bluetooth", Andrea further implemented it in C code. The paper will be shortly be published and presented at this years' USENIX. In other words a Bluetooth Hacker dream has partially come true, a cheap and (partialy) open way to sniff and capture packets, including the pariring-handshake which may than be cracked. Andrea is currently working on cracking open the very last thing that holds him from crafting low level Bluetooth packets, the XAP2 processor, he dissassembled the firmware to find out how exactly it works, for that he wrote his own dissassembler, after this he/we may write our own firmware and basicaly do whatever we like, for example code a full blown fuzzer or full blown attack device. Other very interesting findings will be uncovered during the next weeks, more on this later :) PS. Renderman will demonstrate the findings at this years DEFCON during the Church of WiFi, be there (I will) Information and Files from : http://secdev.zoller.lu Thierry Zoller - Security Engineer _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: BTsniff - Bleutooth sniffing under *nix shiftnato (Aug 07)