Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Bluetooth: Theft of Link Keys for Fun and Profit?

From: "KF (lists)" <kf_lists () digitalmunition com>
Date: Fri, 12 Aug 2005 15:24:57 -0400
Adam Laurie wrote:
My apologies - I took the posting to "full-disclosure" too literally... You are right - background info is also useful for those that are starting to get into this (rich) field of research... 


No worries.
Boat loads of theoretical papers and over used paragraphs from existing documents seem to be all that exists. Its nice to get some other info out there. 


I do not have that code, but I know it exists...
The israelis practice security through Obscurity so good luck getting it from them. =] 



Heh. No, mine cost me $0.00 :)


Hahah sounds like I got ripped off then. =P
Fair point. Leverage one vulnerability to exploit another, and you have a useful attack.
As a side note if anyone knows the method that Widcomm uses to obfuscate the keys stored in the registry I am all ears. If you take a key from the registry on Windows you will need to reverse the obfuscation first. On PocketPC platforms however the Link Key is in plain text.
AFAIK 'bdaddr -h' and the source are the only docs, but it works with all of the dongles I've tried it with (all CSR based). Check with Marcel for full capabilities, but I know it supports Ericsson, CSR and Zeevo.
Yeah that is a nice tool... it would have saved me the trouble of hunting down an ROK101004 chip and dev board if I had known about it. =]
In general I do not think the vendors want us to be able to set the BD_ADDR. Every time I asked Ericsson or Infineon how to do it they usually responded with "Why do you want to change your BD_ADDR" and the HCI commands document for ROK 101 008 mysteriously leaves out the opcode to set the bd_addr.
Once again, my apologies if I came across too critical - I really was looking at your post from the wrong angle...
No worries... I did feel like ya grilled me at first so thanks for the clarification and thanks for that extra info on the CSR setbdaddr! 

-KF

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: