Bluetooth [in]security
-
Upload
securityxploded -
Category
Devices & Hardware
-
view
930 -
download
2
Transcript of Bluetooth [in]security
![Page 1: Bluetooth [in]security](https://reader035.fdocuments.us/reader035/viewer/2022062522/58ae903d1a28abdf068b5aab/html5/thumbnails/1.jpg)
Bluetooth [in]securitySecurity Center of Excellence
![Page 2: Bluetooth [in]security](https://reader035.fdocuments.us/reader035/viewer/2022062522/58ae903d1a28abdf068b5aab/html5/thumbnails/2.jpg)
#whoami
Jiggyasu Sharma
• A secuirty N00b• I hack for bread and b33r• I write [crape]• I shoot [by camera]
![Page 3: Bluetooth [in]security](https://reader035.fdocuments.us/reader035/viewer/2022062522/58ae903d1a28abdf068b5aab/html5/thumbnails/3.jpg)
Agenda
• To discus whatever we all know
![Page 4: Bluetooth [in]security](https://reader035.fdocuments.us/reader035/viewer/2022062522/58ae903d1a28abdf068b5aab/html5/thumbnails/4.jpg)
Bluetooth
• Bluetooth is a wireless technology standard for exchanging data over short distances (using short-wavelength UHF radio waves in the ISM band from 2.4 to 2.485 GHz) from fixed and mobile devices, and building personal area networks (PANs). (wiki)
![Page 5: Bluetooth [in]security](https://reader035.fdocuments.us/reader035/viewer/2022062522/58ae903d1a28abdf068b5aab/html5/thumbnails/5.jpg)
History
• Named on 10th century king Herald Bluetooth• Proposed by Jim Kardach• In 1997• A system which communicate b/w phone and comp• BSIG
![Page 6: Bluetooth [in]security](https://reader035.fdocuments.us/reader035/viewer/2022062522/58ae903d1a28abdf068b5aab/html5/thumbnails/6.jpg)
Capability
• Wireless• Short Range• Less energy• Cheap• Personal• Easy• Multipoint• Frequency hopping• [in]secure
![Page 7: Bluetooth [in]security](https://reader035.fdocuments.us/reader035/viewer/2022062522/58ae903d1a28abdf068b5aab/html5/thumbnails/7.jpg)
Where is being used
• Phone/Computer/Camera/Speaker• Watch/Fitness Band/Car/door locks• Cooker/coffee machine/trimer/dryer• Medical devices : ventilator/blood glucose monitor• Payment solution• 7 Million Devices
![Page 8: Bluetooth [in]security](https://reader035.fdocuments.us/reader035/viewer/2022062522/58ae903d1a28abdf068b5aab/html5/thumbnails/8.jpg)
Types
• Classic (since 1997)• V-1• V-2• V-3
• Smart (since 2010)• V-4.0• V-4.1• V-4.2
![Page 9: Bluetooth [in]security](https://reader035.fdocuments.us/reader035/viewer/2022062522/58ae903d1a28abdf068b5aab/html5/thumbnails/9.jpg)
Difference
• Both can not communicate to each other• PHY and DLL are completely difference• High level protocol reuse [L2CAP…]
![Page 10: Bluetooth [in]security](https://reader035.fdocuments.us/reader035/viewer/2022062522/58ae903d1a28abdf068b5aab/html5/thumbnails/10.jpg)
Bluetooth Low Energy
![Page 11: Bluetooth [in]security](https://reader035.fdocuments.us/reader035/viewer/2022062522/58ae903d1a28abdf068b5aab/html5/thumbnails/11.jpg)
Protocol Stack
![Page 12: Bluetooth [in]security](https://reader035.fdocuments.us/reader035/viewer/2022062522/58ae903d1a28abdf068b5aab/html5/thumbnails/12.jpg)
PHY Layer
• FSK, +/- 250 kHz, 1 Mbit/sec• 40 channels in 2.4 GHz• Hopping
![Page 13: Bluetooth [in]security](https://reader035.fdocuments.us/reader035/viewer/2022062522/58ae903d1a28abdf068b5aab/html5/thumbnails/13.jpg)
PHY Channels
• 40 channels • 0-39• Advertising – 3• Data -37
![Page 14: Bluetooth [in]security](https://reader035.fdocuments.us/reader035/viewer/2022062522/58ae903d1a28abdf068b5aab/html5/thumbnails/14.jpg)
Hoping
• Hope along 37 data channels• One data packet per channel• Next channel = (channel + hop increment) mod 37
• 3 → 10 → 17 → 24 → 31 → 1 → 8 → 15 → …• hop increment = 7
![Page 15: Bluetooth [in]security](https://reader035.fdocuments.us/reader035/viewer/2022062522/58ae903d1a28abdf068b5aab/html5/thumbnails/15.jpg)
Link Layer
![Page 16: Bluetooth [in]security](https://reader035.fdocuments.us/reader035/viewer/2022062522/58ae903d1a28abdf068b5aab/html5/thumbnails/16.jpg)
How to sniff
• Its Hard (actually)
![Page 17: Bluetooth [in]security](https://reader035.fdocuments.us/reader035/viewer/2022062522/58ae903d1a28abdf068b5aab/html5/thumbnails/17.jpg)
Ubertooth
• Open source h/w• Bluetooth sniffer• Ubertooth One• Cheapest in existing solutions
![Page 18: Bluetooth [in]security](https://reader035.fdocuments.us/reader035/viewer/2022062522/58ae903d1a28abdf068b5aab/html5/thumbnails/18.jpg)
![Page 19: Bluetooth [in]security](https://reader035.fdocuments.us/reader035/viewer/2022062522/58ae903d1a28abdf068b5aab/html5/thumbnails/19.jpg)
Block diagram
![Page 20: Bluetooth [in]security](https://reader035.fdocuments.us/reader035/viewer/2022062522/58ae903d1a28abdf068b5aab/html5/thumbnails/20.jpg)
Capturing Packates
• Configure CC2400• Follow connections according to hop pattern• Hand off bits to ARM MCU
![Page 21: Bluetooth [in]security](https://reader035.fdocuments.us/reader035/viewer/2022062522/58ae903d1a28abdf068b5aab/html5/thumbnails/21.jpg)
Encryption
• Provided by link layer• Encrypts and MACs PDU• AES-CCM
![Page 22: Bluetooth [in]security](https://reader035.fdocuments.us/reader035/viewer/2022062522/58ae903d1a28abdf068b5aab/html5/thumbnails/22.jpg)
Key Exchange Protocol
• Three stage process• 3 pairing methods• Just Works• 6-digit PIN• OOB
• “None of the pairing methods provide protection against a passive eavesdropper” -Bluetooth Core Spec
![Page 23: Bluetooth [in]security](https://reader035.fdocuments.us/reader035/viewer/2022062522/58ae903d1a28abdf068b5aab/html5/thumbnails/23.jpg)
Cracking the TK
![Page 24: Bluetooth [in]security](https://reader035.fdocuments.us/reader035/viewer/2022062522/58ae903d1a28abdf068b5aab/html5/thumbnails/24.jpg)
Using Crackle
Total time to crack: < 1 second
![Page 25: Bluetooth [in]security](https://reader035.fdocuments.us/reader035/viewer/2022062522/58ae903d1a28abdf068b5aab/html5/thumbnails/25.jpg)
• TK -> STK• STK -> LTK• LTK -> Session keys
• And its passive
![Page 26: Bluetooth [in]security](https://reader035.fdocuments.us/reader035/viewer/2022062522/58ae903d1a28abdf068b5aab/html5/thumbnails/26.jpg)
LTK Reuse
![Page 27: Bluetooth [in]security](https://reader035.fdocuments.us/reader035/viewer/2022062522/58ae903d1a28abdf068b5aab/html5/thumbnails/27.jpg)
Let’s just do it...
• Do not believe me without a DeMo...
![Page 28: Bluetooth [in]security](https://reader035.fdocuments.us/reader035/viewer/2022062522/58ae903d1a28abdf068b5aab/html5/thumbnails/28.jpg)
Required setup
• Bluetooth pairing devices (BLE/BTLE capable)• Ubertooth One• Linux system (Ubuntu/Kali works well)• Ubertooth config• Kismet• Wireshark• Crackle
![Page 29: Bluetooth [in]security](https://reader035.fdocuments.us/reader035/viewer/2022062522/58ae903d1a28abdf068b5aab/html5/thumbnails/29.jpg)
Prerequisite
![Page 30: Bluetooth [in]security](https://reader035.fdocuments.us/reader035/viewer/2022062522/58ae903d1a28abdf068b5aab/html5/thumbnails/30.jpg)
prerequisites that Ubuntu needs
![Page 31: Bluetooth [in]security](https://reader035.fdocuments.us/reader035/viewer/2022062522/58ae903d1a28abdf068b5aab/html5/thumbnails/31.jpg)
prerequisites that Ubuntu needs
![Page 32: Bluetooth [in]security](https://reader035.fdocuments.us/reader035/viewer/2022062522/58ae903d1a28abdf068b5aab/html5/thumbnails/32.jpg)
prerequisites that Ubuntu needs
![Page 33: Bluetooth [in]security](https://reader035.fdocuments.us/reader035/viewer/2022062522/58ae903d1a28abdf068b5aab/html5/thumbnails/33.jpg)
Now we need PyUSB
• for add python access to USB ports
![Page 34: Bluetooth [in]security](https://reader035.fdocuments.us/reader035/viewer/2022062522/58ae903d1a28abdf068b5aab/html5/thumbnails/34.jpg)
PyUSB to be downloaded
![Page 35: Bluetooth [in]security](https://reader035.fdocuments.us/reader035/viewer/2022062522/58ae903d1a28abdf068b5aab/html5/thumbnails/35.jpg)
PyUSB to be downloaded
![Page 36: Bluetooth [in]security](https://reader035.fdocuments.us/reader035/viewer/2022062522/58ae903d1a28abdf068b5aab/html5/thumbnails/36.jpg)
PyUSB to be downloaded
![Page 37: Bluetooth [in]security](https://reader035.fdocuments.us/reader035/viewer/2022062522/58ae903d1a28abdf068b5aab/html5/thumbnails/37.jpg)
bluetooth base band libraries (lib-btbb)• needed for the ubertooth to decode bluetooth packets
![Page 38: Bluetooth [in]security](https://reader035.fdocuments.us/reader035/viewer/2022062522/58ae903d1a28abdf068b5aab/html5/thumbnails/38.jpg)
install lib-btbb
![Page 39: Bluetooth [in]security](https://reader035.fdocuments.us/reader035/viewer/2022062522/58ae903d1a28abdf068b5aab/html5/thumbnails/39.jpg)
install lib-btbb
![Page 40: Bluetooth [in]security](https://reader035.fdocuments.us/reader035/viewer/2022062522/58ae903d1a28abdf068b5aab/html5/thumbnails/40.jpg)
install lib-btbb
![Page 41: Bluetooth [in]security](https://reader035.fdocuments.us/reader035/viewer/2022062522/58ae903d1a28abdf068b5aab/html5/thumbnails/41.jpg)
install lib-btbb
![Page 42: Bluetooth [in]security](https://reader035.fdocuments.us/reader035/viewer/2022062522/58ae903d1a28abdf068b5aab/html5/thumbnails/42.jpg)
install lib-btbb
![Page 43: Bluetooth [in]security](https://reader035.fdocuments.us/reader035/viewer/2022062522/58ae903d1a28abdf068b5aab/html5/thumbnails/43.jpg)
install lib-btbb
![Page 44: Bluetooth [in]security](https://reader035.fdocuments.us/reader035/viewer/2022062522/58ae903d1a28abdf068b5aab/html5/thumbnails/44.jpg)
Install ubertooth tools
• ubertooth basic functionality for spectrum analyzing, bluetooth sniffing and firmware updates
![Page 45: Bluetooth [in]security](https://reader035.fdocuments.us/reader035/viewer/2022062522/58ae903d1a28abdf068b5aab/html5/thumbnails/45.jpg)
install Ubertooth Basic Tools
![Page 46: Bluetooth [in]security](https://reader035.fdocuments.us/reader035/viewer/2022062522/58ae903d1a28abdf068b5aab/html5/thumbnails/46.jpg)
install Ubertooth Basic Tools
![Page 47: Bluetooth [in]security](https://reader035.fdocuments.us/reader035/viewer/2022062522/58ae903d1a28abdf068b5aab/html5/thumbnails/47.jpg)
install Ubertooth Basic Tools
![Page 48: Bluetooth [in]security](https://reader035.fdocuments.us/reader035/viewer/2022062522/58ae903d1a28abdf068b5aab/html5/thumbnails/48.jpg)
install Ubertooth Basic Tools
![Page 49: Bluetooth [in]security](https://reader035.fdocuments.us/reader035/viewer/2022062522/58ae903d1a28abdf068b5aab/html5/thumbnails/49.jpg)
install ubertooth-follow tool
• plugin for a linux program
![Page 50: Bluetooth [in]security](https://reader035.fdocuments.us/reader035/viewer/2022062522/58ae903d1a28abdf068b5aab/html5/thumbnails/50.jpg)
install Ubertooth-follow Toolsinstall Ubertooth-follow Tools
![Page 51: Bluetooth [in]security](https://reader035.fdocuments.us/reader035/viewer/2022062522/58ae903d1a28abdf068b5aab/html5/thumbnails/51.jpg)
install Ubertooth-follow Toolsinstall Ubertooth-follow Tools
![Page 52: Bluetooth [in]security](https://reader035.fdocuments.us/reader035/viewer/2022062522/58ae903d1a28abdf068b5aab/html5/thumbnails/52.jpg)
install Ubertooth-follow Toolsinstall Ubertooth-follow Tools
![Page 53: Bluetooth [in]security](https://reader035.fdocuments.us/reader035/viewer/2022062522/58ae903d1a28abdf068b5aab/html5/thumbnails/53.jpg)
install Ubertooth-follow Toolsinstall Ubertooth-follow Tools
![Page 54: Bluetooth [in]security](https://reader035.fdocuments.us/reader035/viewer/2022062522/58ae903d1a28abdf068b5aab/html5/thumbnails/54.jpg)
Ubertooth Spectrum Analyzing (before Kismet)• Connect the ubertooth one to your USB port• If you are using a virtual machine, enable it on the Devices/Usb Ports and seek the ubertooth one• Two green LEDs (RST and 1.8V) and the red LED (USB LED) that indicates Ubertooth can communicate via USB port.
![Page 55: Bluetooth [in]security](https://reader035.fdocuments.us/reader035/viewer/2022062522/58ae903d1a28abdf068b5aab/html5/thumbnails/55.jpg)
Plug Ubertooth to USB
![Page 56: Bluetooth [in]security](https://reader035.fdocuments.us/reader035/viewer/2022062522/58ae903d1a28abdf068b5aab/html5/thumbnails/56.jpg)
launch the ubertooth spectrum analyzer
![Page 57: Bluetooth [in]security](https://reader035.fdocuments.us/reader035/viewer/2022062522/58ae903d1a28abdf068b5aab/html5/thumbnails/57.jpg)
launch the ubertooth spectrum analyzer
![Page 58: Bluetooth [in]security](https://reader035.fdocuments.us/reader035/viewer/2022062522/58ae903d1a28abdf068b5aab/html5/thumbnails/58.jpg)
launch the ubertooth spectrum analyzer
![Page 59: Bluetooth [in]security](https://reader035.fdocuments.us/reader035/viewer/2022062522/58ae903d1a28abdf068b5aab/html5/thumbnails/59.jpg)
![Page 60: Bluetooth [in]security](https://reader035.fdocuments.us/reader035/viewer/2022062522/58ae903d1a28abdf068b5aab/html5/thumbnails/60.jpg)
Kismet
• Install kismet default• Then ubertooth plugin
![Page 61: Bluetooth [in]security](https://reader035.fdocuments.us/reader035/viewer/2022062522/58ae903d1a28abdf068b5aab/html5/thumbnails/61.jpg)
Kismet Connection
![Page 62: Bluetooth [in]security](https://reader035.fdocuments.us/reader035/viewer/2022062522/58ae903d1a28abdf068b5aab/html5/thumbnails/62.jpg)
Kismet Connection
![Page 63: Bluetooth [in]security](https://reader035.fdocuments.us/reader035/viewer/2022062522/58ae903d1a28abdf068b5aab/html5/thumbnails/63.jpg)
Kismet Connection
![Page 64: Bluetooth [in]security](https://reader035.fdocuments.us/reader035/viewer/2022062522/58ae903d1a28abdf068b5aab/html5/thumbnails/64.jpg)
Kismet Connection
![Page 65: Bluetooth [in]security](https://reader035.fdocuments.us/reader035/viewer/2022062522/58ae903d1a28abdf068b5aab/html5/thumbnails/65.jpg)
Kismet Connection
![Page 66: Bluetooth [in]security](https://reader035.fdocuments.us/reader035/viewer/2022062522/58ae903d1a28abdf068b5aab/html5/thumbnails/66.jpg)
Kismet Connection
![Page 67: Bluetooth [in]security](https://reader035.fdocuments.us/reader035/viewer/2022062522/58ae903d1a28abdf068b5aab/html5/thumbnails/67.jpg)
Kismet Connection
![Page 68: Bluetooth [in]security](https://reader035.fdocuments.us/reader035/viewer/2022062522/58ae903d1a28abdf068b5aab/html5/thumbnails/68.jpg)
Kismet Connection
![Page 69: Bluetooth [in]security](https://reader035.fdocuments.us/reader035/viewer/2022062522/58ae903d1a28abdf068b5aab/html5/thumbnails/69.jpg)
Kismet Connection
![Page 70: Bluetooth [in]security](https://reader035.fdocuments.us/reader035/viewer/2022062522/58ae903d1a28abdf068b5aab/html5/thumbnails/70.jpg)
Kismet Connection
![Page 71: Bluetooth [in]security](https://reader035.fdocuments.us/reader035/viewer/2022062522/58ae903d1a28abdf068b5aab/html5/thumbnails/71.jpg)
Kismet Connection
![Page 72: Bluetooth [in]security](https://reader035.fdocuments.us/reader035/viewer/2022062522/58ae903d1a28abdf068b5aab/html5/thumbnails/72.jpg)
The final step of the kismet install
![Page 73: Bluetooth [in]security](https://reader035.fdocuments.us/reader035/viewer/2022062522/58ae903d1a28abdf068b5aab/html5/thumbnails/73.jpg)
Kismet Config
![Page 74: Bluetooth [in]security](https://reader035.fdocuments.us/reader035/viewer/2022062522/58ae903d1a28abdf068b5aab/html5/thumbnails/74.jpg)
Kismet Config
![Page 75: Bluetooth [in]security](https://reader035.fdocuments.us/reader035/viewer/2022062522/58ae903d1a28abdf068b5aab/html5/thumbnails/75.jpg)
Kismet Config
![Page 76: Bluetooth [in]security](https://reader035.fdocuments.us/reader035/viewer/2022062522/58ae903d1a28abdf068b5aab/html5/thumbnails/76.jpg)
Kismet Config
![Page 77: Bluetooth [in]security](https://reader035.fdocuments.us/reader035/viewer/2022062522/58ae903d1a28abdf068b5aab/html5/thumbnails/77.jpg)
compile and install the kismet plugin to enable kismet capture bluetooth packets
![Page 78: Bluetooth [in]security](https://reader035.fdocuments.us/reader035/viewer/2022062522/58ae903d1a28abdf068b5aab/html5/thumbnails/78.jpg)
Install Kismet Plugin
![Page 79: Bluetooth [in]security](https://reader035.fdocuments.us/reader035/viewer/2022062522/58ae903d1a28abdf068b5aab/html5/thumbnails/79.jpg)
Install Kismet Plugin
![Page 80: Bluetooth [in]security](https://reader035.fdocuments.us/reader035/viewer/2022062522/58ae903d1a28abdf068b5aab/html5/thumbnails/80.jpg)
Install Kismet Plugin
![Page 81: Bluetooth [in]security](https://reader035.fdocuments.us/reader035/viewer/2022062522/58ae903d1a28abdf068b5aab/html5/thumbnails/81.jpg)
Install Kismet Plugin
![Page 82: Bluetooth [in]security](https://reader035.fdocuments.us/reader035/viewer/2022062522/58ae903d1a28abdf068b5aab/html5/thumbnails/82.jpg)
launch kismet and configure ubertooth plugin
![Page 83: Bluetooth [in]security](https://reader035.fdocuments.us/reader035/viewer/2022062522/58ae903d1a28abdf068b5aab/html5/thumbnails/83.jpg)
Launch Kismet for Ubertooth Plugin
![Page 84: Bluetooth [in]security](https://reader035.fdocuments.us/reader035/viewer/2022062522/58ae903d1a28abdf068b5aab/html5/thumbnails/84.jpg)
Launch Kismet for Ubertooth Plugin
![Page 85: Bluetooth [in]security](https://reader035.fdocuments.us/reader035/viewer/2022062522/58ae903d1a28abdf068b5aab/html5/thumbnails/85.jpg)
Launch Kismet for Ubertooth Plugin
![Page 86: Bluetooth [in]security](https://reader035.fdocuments.us/reader035/viewer/2022062522/58ae903d1a28abdf068b5aab/html5/thumbnails/86.jpg)
Launch Kismet for Ubertooth Plugin
![Page 87: Bluetooth [in]security](https://reader035.fdocuments.us/reader035/viewer/2022062522/58ae903d1a28abdf068b5aab/html5/thumbnails/87.jpg)
Launch Kismet for Ubertooth Plugin
![Page 88: Bluetooth [in]security](https://reader035.fdocuments.us/reader035/viewer/2022062522/58ae903d1a28abdf068b5aab/html5/thumbnails/88.jpg)
Launch Kismet for Ubertooth Plugin
![Page 89: Bluetooth [in]security](https://reader035.fdocuments.us/reader035/viewer/2022062522/58ae903d1a28abdf068b5aab/html5/thumbnails/89.jpg)
Launch Kismet for Ubertooth Plugin
![Page 90: Bluetooth [in]security](https://reader035.fdocuments.us/reader035/viewer/2022062522/58ae903d1a28abdf068b5aab/html5/thumbnails/90.jpg)
Launch Kismet for Ubertooth Plugin
![Page 91: Bluetooth [in]security](https://reader035.fdocuments.us/reader035/viewer/2022062522/58ae903d1a28abdf068b5aab/html5/thumbnails/91.jpg)
Launch Kismet for Ubertooth Plugin
![Page 92: Bluetooth [in]security](https://reader035.fdocuments.us/reader035/viewer/2022062522/58ae903d1a28abdf068b5aab/html5/thumbnails/92.jpg)
Launch Kismet for Ubertooth Plugin
![Page 93: Bluetooth [in]security](https://reader035.fdocuments.us/reader035/viewer/2022062522/58ae903d1a28abdf068b5aab/html5/thumbnails/93.jpg)
Launch Kismet for Ubertooth Plugin
![Page 94: Bluetooth [in]security](https://reader035.fdocuments.us/reader035/viewer/2022062522/58ae903d1a28abdf068b5aab/html5/thumbnails/94.jpg)
Launch Kismet for Ubertooth Plugin
![Page 95: Bluetooth [in]security](https://reader035.fdocuments.us/reader035/viewer/2022062522/58ae903d1a28abdf068b5aab/html5/thumbnails/95.jpg)
Launch Kismet for Ubertooth Plugin
![Page 96: Bluetooth [in]security](https://reader035.fdocuments.us/reader035/viewer/2022062522/58ae903d1a28abdf068b5aab/html5/thumbnails/96.jpg)
Launch Kismet for Ubertooth Plugin
![Page 97: Bluetooth [in]security](https://reader035.fdocuments.us/reader035/viewer/2022062522/58ae903d1a28abdf068b5aab/html5/thumbnails/97.jpg)
install wireshark with wireshark bluetooth baseband plugin for the file captured by kismet to be analyzed.
![Page 98: Bluetooth [in]security](https://reader035.fdocuments.us/reader035/viewer/2022062522/58ae903d1a28abdf068b5aab/html5/thumbnails/98.jpg)
Install Wireshark BTBB plugin
![Page 99: Bluetooth [in]security](https://reader035.fdocuments.us/reader035/viewer/2022062522/58ae903d1a28abdf068b5aab/html5/thumbnails/99.jpg)
Install Wireshark BTBB plugin
![Page 100: Bluetooth [in]security](https://reader035.fdocuments.us/reader035/viewer/2022062522/58ae903d1a28abdf068b5aab/html5/thumbnails/100.jpg)
Install Wireshark BTBB plugin
![Page 101: Bluetooth [in]security](https://reader035.fdocuments.us/reader035/viewer/2022062522/58ae903d1a28abdf068b5aab/html5/thumbnails/101.jpg)
Install Wireshark BTBB plugin
![Page 102: Bluetooth [in]security](https://reader035.fdocuments.us/reader035/viewer/2022062522/58ae903d1a28abdf068b5aab/html5/thumbnails/102.jpg)
Install Wireshark BTBB plugin
![Page 103: Bluetooth [in]security](https://reader035.fdocuments.us/reader035/viewer/2022062522/58ae903d1a28abdf068b5aab/html5/thumbnails/103.jpg)
Install Wireshark BTBB plugin
![Page 104: Bluetooth [in]security](https://reader035.fdocuments.us/reader035/viewer/2022062522/58ae903d1a28abdf068b5aab/html5/thumbnails/104.jpg)
and finally we can open pcapbtbb files
![Page 105: Bluetooth [in]security](https://reader035.fdocuments.us/reader035/viewer/2022062522/58ae903d1a28abdf068b5aab/html5/thumbnails/105.jpg)
Open captured pcapBTBB file
![Page 106: Bluetooth [in]security](https://reader035.fdocuments.us/reader035/viewer/2022062522/58ae903d1a28abdf068b5aab/html5/thumbnails/106.jpg)
Open captured pcapBTBB file
![Page 107: Bluetooth [in]security](https://reader035.fdocuments.us/reader035/viewer/2022062522/58ae903d1a28abdf068b5aab/html5/thumbnails/107.jpg)
Open captured pcapBTBB file
![Page 108: Bluetooth [in]security](https://reader035.fdocuments.us/reader035/viewer/2022062522/58ae903d1a28abdf068b5aab/html5/thumbnails/108.jpg)
Decrypt Bluetooth packets
• Crackle
![Page 109: Bluetooth [in]security](https://reader035.fdocuments.us/reader035/viewer/2022062522/58ae903d1a28abdf068b5aab/html5/thumbnails/109.jpg)
Handle pcap file to crackleisaias@ubuntu:~/crackle-sample# crackle -i ltk_exchange.pcap -o decrypted.pcapTK found: 000000ding ding ding, using a TK of 0! Just Cracks(tm)Warning: packet is too short to be encrypted (1), skippingLTK found: 7f62c053f104a5bbe68b1d896a2ed49cDone, processed 712 total packets, decrypted 3
![Page 110: Bluetooth [in]security](https://reader035.fdocuments.us/reader035/viewer/2022062522/58ae903d1a28abdf068b5aab/html5/thumbnails/110.jpg)
To listen in on future communications between the two devices : using LTK captured
isaias@ubuntu:~/crackle-sample# crackle -i encrypted_known_ltk.pcap -o decrypted2.pcap -l 7f62c053f104a5bbe68b1d896a2ed49cWarning: packet is too short to be encrypted (1), skippingWarning: packet is too short to be encrypted (2), skippingWarning: could not decrypt packet! Copying as is..Warning: could not decrypt packet! Copying as is..Warning: could not decrypt packet! Copying as is..Warning: invalid packet (length to long), skippingDone, processed 297 total packets, decrypted 7
![Page 111: Bluetooth [in]security](https://reader035.fdocuments.us/reader035/viewer/2022062522/58ae903d1a28abdf068b5aab/html5/thumbnails/111.jpg)
On the goOn the go
![Page 112: Bluetooth [in]security](https://reader035.fdocuments.us/reader035/viewer/2022062522/58ae903d1a28abdf068b5aab/html5/thumbnails/112.jpg)
References
• http://ubertooth.sourceforge.net/ • https://github.com/greatscottgadgets/ubertooth/ • https://www.kismetwireless.net/ • http://tools.kali.org/wireless-attacks/crackle • http://www.nist.gov/customcf/get_pdf.cfm?pub_id=911133
![Page 113: Bluetooth [in]security](https://reader035.fdocuments.us/reader035/viewer/2022062522/58ae903d1a28abdf068b5aab/html5/thumbnails/113.jpg)
Thank you all, and Special thanks to…• Philips and team• Minatee Mishra• Anirudh Duggal• Sanjog Panda• Pardhiv Reddy• Ajay Pratap Singh• Geethu Arvind
![Page 114: Bluetooth [in]security](https://reader035.fdocuments.us/reader035/viewer/2022062522/58ae903d1a28abdf068b5aab/html5/thumbnails/114.jpg)
Questions? Apart from...