lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Fri, 27 Jul 2007 18:14:53 +0200
From: Thierry Zoller <Thierry@...ler.lu>
To: full-disclosure@...ts.grok.org.uk
Cc: bugtraq@...urityfocus.com
Subject: BTsniff - Bleutooth sniffing under *nix


Dear List,

This Message is thrown together in a hurry with limited Internet
access, please take my aplogise for typos and missing information,
more will follow soon :)

My call for an OSS Bluetooth sniffer during the last 23C3
in Berlin has not been left unanswered,  first there  was
Max Moser("Bluetooth - Getting raw access") that uncovered
how you can modify a consumer USB stick by flashing it with
a BTSnifferfirmware and get  RAW access to it. The question
that was leftwas how to send commands to it, get it into
sniffing mode, synchingit.

Exactly this is what Andrea Bittau and Dominic Spill found out
during their work on a Paper entitled "BlueSniff: Eve meets Alice
and Bluetooth", Andrea further implemented it in C code. The paper
will be shortly be published and presented at this years' USENIX.

In other words a Bluetooth Hacker dream has partially come true,
a cheap and (partialy) open way to sniff and capture packets,
including the pariring-handshake which may than be cracked.

Andrea is currently working on cracking open the very last
thing that holds him from crafting low level Bluetooth packets,
the XAP2 processor, he dissassembled the firmware to find out
how exactly it works, for that he wrote his own dissassembler,
after this he/we may write our own firmware and basicaly do
whatever we like, for example code a full blown fuzzer or full
blown attack device.

Other very interesting findings will be uncovered during the next
weeks, more on this later :)

PS. Renderman will demonstrate the findings at this years
DEFCON during the Church of WiFi, be there (I will)

Information and Files from :
http://secdev.zoller.lu
Thierry Zoller - Security Engineer

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ