| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <42FCF789.1010902@digitalmunition.com> Date: Fri Aug 12 20:17:13 2005 From: kf_lists at digitalmunition.com (KF (lists)) Subject: Bluetooth: Theft of Link Keys for Fun and Profit? Adam Laurie wrote: > My apologies - I took the posting to "full-disclosure" too > literally... You are right - background info is also useful for those > that are starting to get into this (rich) field of research... > No worries. Boat loads of theoretical papers and over used paragraphs from existing documents seem to be all that exists. Its nice to get some other info out there. > I do not have that code, but I know it exists... > The israelis practice security through Obscurity so good luck getting it from them. =] > > Heh. No, mine cost me $0.00 :) > Hahah sounds like I got ripped off then. =P > Fair point. Leverage one vulnerability to exploit another, and you > have a useful attack. > As a side note if anyone knows the method that Widcomm uses to obfuscate the keys stored in the registry I am all ears. If you take a key from the registry on Windows you will need to reverse the obfuscation first. On PocketPC platforms however the Link Key is in plain text. > AFAIK 'bdaddr -h' and the source are the only docs, but it works with > all of the dongles I've tried it with (all CSR based). Check with > Marcel for full capabilities, but I know it supports Ericsson, CSR and > Zeevo. > Yeah that is a nice tool... it would have saved me the trouble of hunting down an ROK101004 chip and dev board if I had known about it. =] In general I do not think the vendors want us to be able to set the BD_ADDR. Every time I asked Ericsson or Infineon how to do it they usually responded with "Why do you want to change your BD_ADDR" and the HCI commands document for ROK 101 008 mysteriously leaves out the opcode to set the bd_addr. > Once again, my apologies if I came across too critical - I really was > looking at your post from the wrong angle... No worries... I did feel like ya grilled me at first so thanks for the clarification and thanks for that extra info on the CSR setbdaddr! -KF
Powered by blists - more mailing lists