Skip to main content

Posts

Showing posts from June 11, 2008

Tutorial: Using frontline comprobe to crack a link key exchange

you will need the following... one or two bluetooth enabled devices frontline comprobe A regular bluetooth device (for getting macs) a copy of frontline.c openciphers btpincrack First thing is to setup your lab. Lets get the bluetooth hardware and services started. Code: hciconfig hci0 up hciconfig hci1 up bash /etc/rc.d/rc.bluetooth startYou an check everything is running correctly by issuing the hciconfig command. Code: hciconfigOk now we are ready to setup frontline.c. Now I have had some trouble with the frontline source code and my frontline comprobe. I am using the airsniffer47-bc04 and it seems the packet shift is double than set in frontline.c ??? I'm keen to find out whats going on and have asked the powers that be to look into this and they have asked me to try a couple of things. One suggestion is to change FP_TYPE_SHIFT to 2 but it still has the same results. For now you will have to check it out for yourself, but if possible please could somebody try frontline.c with a...

The OpenCiphers Project

This sourceforge project is dedicated to exploring the uses of ASICs, FPGAs and other forms of programmable hardware with modern cryptography. Currently the project is headed by David Hulton through work that he is doing which is funded by Pico Computing, Inc. All of the cores and software provided are licensed under the BSD License and are primarily optimized for Pico's hardware platforms but can be easily adapted for any FPGA based systems. All of the performance specs and information provided is based off the Pico E-12 LO card which utilizes a Virtex-4 LX25 FPGA. 1/31/07 - OpenCiphers Official Release v0.1 added I've finally got around to packaging together all of the finished projects available on openciphers so I figured I'd finally provide an official release. This tarball includes our Linux 2.6 driver for the Pico E-12, bit files which run the specific algorithms for the projects, the host source code, and additional features. Some improvements include automatically...

bluetooth stacks insecurely saving linkkeys

Bluez - 2.x 3.x The keystore resides in /var/lib/bluetooth/ /linkkeys where is the device address of the machine running Bluez. The linkkeys file format is . Unencrypted. # cat > linkkeys 00:04:3E:65:A1:C8 AA0F3125267C236E10B145F1DF5BA7D7 2 Bluesoleil v.5.0.5.178 %WINDIR%/system32/REMOTEDEVICE.INI Unencrypted. [5C:DA:12:E0:1E:20] relation=0000 link_key=4DAC6F9E0C6700A5E9C44BF7529EF23C dev_class=0×0050020C name=Joe Widcomm 6.0.1.5300 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys There are keys under there that correspond with Mac addresses. Unencrypted. via