lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Fri Aug 12 20:17:13 2005
From: kf_lists at digitalmunition.com (KF (lists))
Subject: Bluetooth: Theft of Link Keys for Fun and
	Profit?

Adam Laurie wrote:

> My apologies - I took the posting to "full-disclosure" too 
> literally... You are right - background info is also useful for those 
> that are starting to get into this (rich) field of research...
>
No worries.

Boat loads of theoretical papers and over used paragraphs from existing 
documents seem to be all that exists. Its nice to get some other info 
out there.

> I do not have that code, but I know it exists...
>
The israelis practice security through Obscurity so good luck getting it 
from them. =]

>
> Heh. No, mine cost me $0.00 :)
>
Hahah sounds like I got ripped off then. =P

> Fair point. Leverage one vulnerability to exploit another, and you 
> have a useful attack.
>
As a side note if anyone knows the method that Widcomm uses to obfuscate 
the keys stored in the registry I am all ears. If you take a key from 
the registry on Windows you will need to reverse the obfuscation first. 
On PocketPC platforms however the Link Key is in plain text.

> AFAIK 'bdaddr -h' and the source are the only docs, but it works with 
> all of the dongles I've tried it with (all CSR based). Check with 
> Marcel for full capabilities, but I know it supports Ericsson, CSR and 
> Zeevo.
>
Yeah that is a nice tool... it would have saved me the trouble of 
hunting down an ROK101004 chip and dev board if I had known about it. =]

In general I do not think the vendors want us to be able to set the 
BD_ADDR. Every time I asked Ericsson or Infineon how to do it they 
usually responded with "Why do you want to change your BD_ADDR" and the 
HCI commands document for ROK 101 008 mysteriously leaves out the opcode 
to set the bd_addr. 

> Once again, my apologies if I came across too critical - I really was 
> looking at your post from the wrong angle...

No worries... I did feel like ya grilled me at first so thanks for the 
clarification and thanks for that extra info on the CSR setbdaddr!

-KF

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ