[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <1dd598e10708071532n20060cb4r4259c82ae5542de6@mail.gmail.com>
Date: Tue, 7 Aug 2007 17:32:32 -0500
From: shiftnato@...il.com
To: "Thierry Zoller" <Thierry@...ler.lu>
Cc: wifisec@...urityfocus.com, full-disclosure@...ts.grok.org.uk,
bugtraq@...urityfocus.com
Subject: Re: BTsniff - Bleutooth sniffing under *nix
All,
During Renderman's talk @ defcon, he mentioned an email list where
development of an open firmware for sniffing bluetooth off the ether
was being developed.
I thought I had copied it down, but apparently I got it wrong because
there's nothing at the address I wrote down.
If there's concern this shouldn't be added to the interweb archives,
please send it to me off-list.
Regards,
N
On 7/27/07, Thierry Zoller <Thierry@...ler.lu> wrote:
>
> Dear List,
>
> This Message is thrown together in a hurry with limited Internet
> access, please take my aplogise for typos and missing information,
> more will follow soon :)
>
> My call for an OSS Bluetooth sniffer during the last 23C3
> in Berlin has not been left unanswered, first there was
> Max Moser("Bluetooth - Getting raw access") that uncovered
> how you can modify a consumer USB stick by flashing it with
> a BTSnifferfirmware and get RAW access to it. The question
> that was leftwas how to send commands to it, get it into
> sniffing mode, synchingit.
>
> Exactly this is what Andrea Bittau and Dominic Spill found out
> during their work on a Paper entitled "BlueSniff: Eve meets Alice
> and Bluetooth", Andrea further implemented it in C code. The paper
> will be shortly be published and presented at this years' USENIX.
>
> In other words a Bluetooth Hacker dream has partially come true,
> a cheap and (partialy) open way to sniff and capture packets,
> including the pariring-handshake which may than be cracked.
>
> Andrea is currently working on cracking open the very last
> thing that holds him from crafting low level Bluetooth packets,
> the XAP2 processor, he dissassembled the firmware to find out
> how exactly it works, for that he wrote his own dissassembler,
> after this he/we may write our own firmware and basicaly do
> whatever we like, for example code a full blown fuzzer or full
> blown attack device.
>
> Other very interesting findings will be uncovered during the next
> weeks, more on this later :)
>
> PS. Renderman will demonstrate the findings at this years
> DEFCON during the Church of WiFi, be there (I will)
>
> Information and Files from :
> http://secdev.zoller.lu
> Thierry Zoller - Security Engineer
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists