Real-time Bluetooth Device Detection with Blue Hydra. Granolocks Zero_Chaos

Similar documents
Aditya Gupta presents: Hacking Bluetooth Low Energy for Internet of Things

Using the BT85x Series with Linux and Windows Relevant to Laird # BT850-SA, BT850-ST, BT851, and associated DVKs

Bluetooth Smart: The Good, The Bad, The Ugly... and The Fix

CIS 700/002 : Special Topics : Bluetooth: With Low Energy comes Low Security

Bluetooth Vulnerability Assessment

Developer & maintainer of BtleJuice. Having fun with Nordic's nrf51822

UART HCI Bluetooth Module for Linux BT860

Click to edit Master title style Buzzing Smart Devices

Application Note v1.2

Outsmarting Bluetooth Smart. Mike Ryan. isec Patners. CanSecWest. Mar 14, 2014

Ethical Hacking and. Version 6. Module XXXVII Bluetooth Hacking

SMART Technologies. Introducing bluetooth low energy and ibeacon

Hacking Wireless Networks by data

REMOTE CONNECTION TUTORIALS. Version 0.8

LM1010 Long Range Bluetooth v4.0 Dual Mode Adapter Host Controller Interface (HCI) via USB Interface

Networking 2. IP over Bluetooth

ART Demo Application for Mobile Phones

Rapoo E6700 Setup Instructions

LM506 Bluetooth v4.0 Dual Mode Adapter Host Controller Interface (HCI) via USB Interface

Contents in Detail. Acknowledgments

Index. Cambridge University Press Bluetooth Essentials for Programmers Albert S. Huang and Larry Rudolph. Index.

Hacking challenge: steal a car!

Bluetooth low energy technology Bluegiga Technologies

User s Manual LOC8ING. Air Travel Tag Ver TM. LOC8ING LTD. Unit 1016 Houston Centre, 63 Mody road, T.S.T East, Kowloon HONG KONG

Grandstream Networks, Inc. GXP2130v2/GXP2140/GXP2160 Bluetooth User Guide

Pairing W-Fi and Bluetooth MAC addresses through passive packets capture

Bluetooth Keyboard Setup Instructions

Internet of Things Bill Siever. New Applications. Needs. Wearables. Embedded Smarts. Simple to Setup. Networking w/ Long Battery Life (Low Power)

Mobile Security Fall 2013

Taking Advantage of Bluetooth for Communications and More by Hunyue Yau

CEH Tools. Sniffers. - Wireshark: The most popular packet sniffer with cross platform support.

This repository. Insights. Projects 0. Join GitHub today

Grandstream Networks, Inc.

LM910 Bluetooth v4.0 Dual Mode Module Host Controller Interface (HCI) via USB Interface

ETHICAL HACKING OF WIRELESS NETWORKS IN KALI LINUX ENVIRONMENT

SAMSUNG ELECTRONICS RESERVES THE RIGHT TO CHANGE PRODUCTS, INFORMATION AND SPECIFICATIONS WITHOUT NOTICE. Products and specifications discussed

Bluetooth Mini Keyboard Paired But Not Connected Android

Hacking the Bluetooth Stack for Fun, Fame and Profit

Hacking the Bluetooth Stack for Fun, Fame and Profit

Bluetooth Technologies

SETTING UP THE LAB 1 UNDERSTANDING BASICS OF WI-FI NETWORKS 26

Section 4 Cracking Encryption and Authentication

Bluetooth LE 4.0 and 4.1 (BLE)

Hacking Exposed Wireless: Wireless Security Secrets & Colutions Ebooks Free

AIR FORCE INSTITUTE OF TECHNOLOGY

Gaining Access to encrypted networks

Njepat Wireless Hacking Tools V1 User Guide Document Version : 1.0 Tested On Backtrack 5R3 - Gnome Coded By : Xsan-Lahci idea name : 4J4l 13

Wireless Sensor Networks BLUETOOTH LOW ENERGY. Flavia Martelli

Bluetooth: Short-range Wireless Communication

Instructions How To Use The Iphone 4s Bluetooth With Other Phones

To search type and hit enter

BLUE RANGE USER GUIDE. Low Energy

HARDSPLOIT. Framework for Hardware Security Audit a bridge between hardware & a software pentester

THE NEW LANDSCAPE OF AIRBORNE CYBERATTACKS

MAKE WI-FI HACKING ON SMARTPHONES GREAT AGAIN! Daniel Wegemer and Matthias Schulz

How To Guide on JPerf and IPerf

Post Connection Attacks

DEEP ARMOR. Hands-on Exploitation & Hardening of Wearable and IoT Platforms. Sumanth Naropanth & Sunil Kumar

Network Security. Security in local-area networks. Radboud University Nijmegen, The Netherlands. Autumn 2014

802-Not-11. The Forgotten Wireless Device Threats. CONfidence 2010 RenderLab.net, Churchofwifi.org, NMRC.org

ProbeQuest Documentation

Viral Loops for Mobile Clouds. Frank Fitzek Aalborg University

SE420 Software Quality Assurance

Turbo boost your digital app test automation with Jenkins

Tizen Connectivity Support. for IoT Devices. Steve(Taesoo) Jun, Ph.D. Copyright 2017 Samsung. All Rights Reserved.

Content. 1. Overview Setup Demonstration Linux Application Project on DE10-Nano Android Application Project...

Jacksonville Linux User Group Presenter: Travis Phillips Date: 02/20/2013

A PRACTICAL GUIDE TO DISCOVERY IN MODERN PLACES: THE WEARABLES. By: Jamie Huffman Jones, partner Friday, Eldredge, & Clark, LLP

Sparkfun Lunch & Learn. Jeff Boody

Users Guide. IDBLUE.HF and IDBLUE.UHF. IDBLUE Support

Hack World. BlackMagic Hack. by: Raditya Iryandi

Wireless Connectivity Options for IoT. By: MIST Makers John Varela and Nicholas Landy

Wireless Network Security

ACR3901U-S1. Secure Bluetooth Contact Card Reader. User Manual V1.01. Subject to change without prior notice.

Insights JiWire Mobile Audience Insights Report Q4 2012

A Hacker s Introduction to the Nokia N900

Real-Life Hardware: Cisco

INTERNATIONAL JOURNAL OF PURE AND APPLIED RESEARCH IN ENGINEERING AND TECHNOLOGY

How to hack WiFi with Android

Internet Of Things You Search. IOTCape User manual IOTYS SARL All rights reserved IOTCape - User manual Page 1 of 17

Join the forward thinkers who rely on Toshiba for wireless connectivity ICs.

S ENIOR C A PSTONE PROJECT Computer Science Department, Texas Christian University

HOW ONE I.T. DIRECTOR DISCOVERS THAT THE THINKPAD P50s IS UNLIKE OTHER MOBILE WORKSTATIONS

Amarjeet Singh. February 7, 2012

Airoscript-ng Documentation

Aircrack-ng python bindings Documentation

The Joy of Software Development

Using aircrack and a dictionary to crack a WPA data capture

HOW TO INTEGRATE NFC CONTROLLERS IN LINUX

Revision Control. An Introduction Using Git 1/15

Computer Networks II Advanced Features (T )

IoT in 2016: a serious overview of IoT today and a technical preview of HoneyVNC. By Yonathan Klijnsma

Phony Programming (Series 60 Symbian Phones)

Microduino Bluetooth (BLE) USER GUIDE.

2016 Samsung Refrigeration Update. Project: RF9500K Models: RF22K9581 RF28K9580

Secrets of successful medical device connectivity. Agenda 4/5/17. * The secrets:

Once in BT3, click the tiny black box in the lower left corner to load up a "Konsole" window. Now we must prep your wireless card.

Amazon Search Services. Christoph Schmitter

Wireless Penetration Testing For Realz and WCTF

Our greatest weakness lies in giving up. The most certain way to succeed is always to try just one more time. ~Thomas A. Edison

Transcription:

Real-time Bluetooth Device Detection with Blue Hydra Granolocks Zero_Chaos

Granolocks Narcissus Pwnie Express Focused on device detection Enjoys long walks in the woods Travel to exotic locations Draws pretty weird pictures Existential AF Hacking the planet Gives great back rubs

Zero_Chaos Narcissus Eagle Scout Open{Zaurus,Embedded,wrt} Maintainer Aircrack-ng Developer Injection/Drivers, airmon-zc Pentoo Linux Developer Gentoo Linux Developer Random Hacker of ARMs Husband & Father Random Association of Wireless Researchers (RAWR) Defcon/Shmoocon/etc Wireless CTF Far too easily entertained Not a lawyer

What is Bluetooth Cheap Cable replacement Frequency Hopping Spread Spectrum No monitor mode :-( Class Class 1 100mW (high power devices, Sena dongle) Class 2 10mW (phone / most laptops) Class 3 1mW

Bluetooth Waterfall

Discoverable Non-discoverable Pairing Bluetooth Classic

Bluetooth Low Energy General Discoverability Limited Discoverability Non-discoverable Yet somehow still advertises?

Bluetooth Proliferation Random IoT Wearables (sales in 2015) Fitbit 21 million Xiaomi 12 million Apple 11.6 million Garmin 3.3 million Samsung 3.1 million Others 27 million Total 78.1 million *Source: IDC Worldwide Quarterly Wearable Device Tracker, February 23, 2016

Prior Art - Cracking Redfang Btcrack Crackle Le pin cracker Bluesnarfer Phonebook dumping from old phones

Prior Art - Discovery Bluelog Discoverable classic mode only No le support Mostly a logger Btscanner Discoverable classic mode only No le support Unmaintained Neat gui

Useful Tools Bluez - Useful documentation and examples hciconfig hcitool Only discoverable classic devices Lescan works but hard to parse outdated Test-scripts bluez-test discovery Easy to modify Shows classic and le Hides some le devices Teaches us how to talk to the bluetooth card Only sees discoverable devices

Ubertooth-scan Ubertooth-rx Ubertooth-rx -z Ubertooth

Blue Hydra - Goals Like airodump-ng and btscanner Support btle Find as many devices as possible Database backend Minimal direct hardware interfacing - for now :) Not interested in cracking/brute forcing

Blue Hydra design logic Languages used (by volume): Ruby, Bash, Python Build on top of existing tools Rapid development Modify as needed Minimize need to interact directly with hardware Run threads for each discrete task Unify into a processing thread

btmon Bluez btmon Monitor raw hci info passing between system and adapter Reasonably Parseable Receive info from many different tool commands in one place Monitor one or many bluetooth dongles

btmon Threads Execute and filter Batch messages by devices Parse message batches

Bluetooth Discovery Thread Interaction Point with bluetooth device Fed commands from a queue Run classic discovery (bin/test-discovery) Listen for le advertisements (bin/test-discovery) Info from classic / le devices (hctiool) Test if devices are present (l2ping)

Ubertooth Thread Runs and parses ubertooth-rx -z -t Bluetooth Classic non-discoverable (transmitting) Currently sniffing for Bluetooth Basic Rate connections Optional, not a replacement for required BT device

Data processing thread Updates records Device Correlation MAC UAP/LAP (Ubertooth) physical: DE:AD:BE:EF:CA:FE ubertooth:??:??:be:ef:ca:fe significant: 00:00:BE:EF:CA:FE LE Proximity ID / Major & Minor Number (ibeacon) Feedback Loop

CUI Thread Command-line User Interface Default Behavior Live View of devices Sortable by column Extensible columns to support smaller devices

Doing it live! DEMO

DEMO backup

DEMO backup

DEMO backup

Where to get it? https://github.com/pwnieexpress/blue_hydra Download, install deps, run from git checkout *or* Pentoo 2015.0 RC5 Live iso

Conclusions Bluetooth hasn t been looked at much in years Simple idea, harder than expected Surprising to see just how many devices are out there

THANKS DEF CON for letting us present Pwnie Express for paying us to build blue hydra then turning around and letting us open source it Coconut Picard for helping us release this code as BSD Ubertooth team for being awesome Bluez team for our first solid beating

Q & A Q&A will be in room <fill in the blank> https://github.com/pwnieexpress/blue_hydra @Zero_ChaosX @granolocks

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback