[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] BTsniff - Bleutooth sniffing under *nix

To: "Thierry Zoller" <Thierry@xxxxxxxxx>
Subject: Re: [Full-disclosure] BTsniff - Bleutooth sniffing under *nix
From: shiftnato@xxxxxxxxx
Date: Tue, 7 Aug 2007 17:32:32 -0500

All,

During Renderman's talk @ defcon, he mentioned an email list where
development of an open firmware for sniffing bluetooth off the ether
was being developed.

I thought I had copied it down, but apparently I got it wrong because
there's nothing at the address I wrote down.

If there's concern this shouldn't be added to the interweb archives,
please send it to me off-list.

Regards,
N

On 7/27/07, Thierry Zoller <Thierry@xxxxxxxxx> wrote:
>
> Dear List,
>
> This Message is thrown together in a hurry with limited Internet
> access, please take my aplogise for typos and missing information,
> more will follow soon :)
>
> My call for an OSS Bluetooth sniffer during the last 23C3
> in Berlin has not been left unanswered,  first there  was
> Max Moser("Bluetooth - Getting raw access") that uncovered
> how you can modify a consumer USB stick by flashing it with
> a BTSnifferfirmware and get  RAW access to it. The question
> that was leftwas how to send commands to it, get it into
> sniffing mode, synchingit.
>
> Exactly this is what Andrea Bittau and Dominic Spill found out
> during their work on a Paper entitled "BlueSniff: Eve meets Alice
> and Bluetooth", Andrea further implemented it in C code. The paper
> will be shortly be published and presented at this years' USENIX.
>
> In other words a Bluetooth Hacker dream has partially come true,
> a cheap and (partialy) open way to sniff and capture packets,
> including the pariring-handshake which may than be cracked.
>
> Andrea is currently working on cracking open the very last
> thing that holds him from crafting low level Bluetooth packets,
> the XAP2 processor, he dissassembled the firmware to find out
> how exactly it works, for that he wrote his own dissassembler,
> after this he/we may write our own firmware and basicaly do
> whatever we like, for example code a full blown fuzzer or full
> blown attack device.
>
> Other very interesting findings will be uncovered during the next
> weeks, more on this later :)
>
> PS. Renderman will demonstrate the findings at this years
> DEFCON during the Church of WiFi, be there (I will)
>
> Information and Files from :
> http://secdev.zoller.lu
> Thierry Zoller - Security Engineer
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: [Full-disclosure] Right, or wrong?
Next by Date: Re: [Full-disclosure] Right, or wrong?
Previous by thread: Re: [Full-disclosure] Right, or wrong?
Next by thread: [Full-disclosure] [USN-496-2] poppler vulnerability
Index(es):
- Date
- Thread