lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Tue, 7 Aug 2007 17:32:32 -0500
From: shiftnato@...il.com
To: "Thierry Zoller" <Thierry@...ler.lu>
Cc: wifisec@...urityfocus.com, full-disclosure@...ts.grok.org.uk,
	bugtraq@...urityfocus.com
Subject: Re: BTsniff - Bleutooth sniffing under *nix

All,

During Renderman's talk @ defcon, he mentioned an email list where
development of an open firmware for sniffing bluetooth off the ether
was being developed.

I thought I had copied it down, but apparently I got it wrong because
there's nothing at the address I wrote down.

If there's concern this shouldn't be added to the interweb archives,
please send it to me off-list.

Regards,
N

On 7/27/07, Thierry Zoller <Thierry@...ler.lu> wrote:
>
> Dear List,
>
> This Message is thrown together in a hurry with limited Internet
> access, please take my aplogise for typos and missing information,
> more will follow soon :)
>
> My call for an OSS Bluetooth sniffer during the last 23C3
> in Berlin has not been left unanswered,  first there  was
> Max Moser("Bluetooth - Getting raw access") that uncovered
> how you can modify a consumer USB stick by flashing it with
> a BTSnifferfirmware and get  RAW access to it. The question
> that was leftwas how to send commands to it, get it into
> sniffing mode, synchingit.
>
> Exactly this is what Andrea Bittau and Dominic Spill found out
> during their work on a Paper entitled "BlueSniff: Eve meets Alice
> and Bluetooth", Andrea further implemented it in C code. The paper
> will be shortly be published and presented at this years' USENIX.
>
> In other words a Bluetooth Hacker dream has partially come true,
> a cheap and (partialy) open way to sniff and capture packets,
> including the pariring-handshake which may than be cracked.
>
> Andrea is currently working on cracking open the very last
> thing that holds him from crafting low level Bluetooth packets,
> the XAP2 processor, he dissassembled the firmware to find out
> how exactly it works, for that he wrote his own dissassembler,
> after this he/we may write our own firmware and basicaly do
> whatever we like, for example code a full blown fuzzer or full
> blown attack device.
>
> Other very interesting findings will be uncovered during the next
> weeks, more on this later :)
>
> PS. Renderman will demonstrate the findings at this years
> DEFCON during the Church of WiFi, be there (I will)
>
> Information and Files from :
> http://secdev.zoller.lu
> Thierry Zoller - Security Engineer
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ