Blue2thprinting: identifying the form and function of the Bluetooth devices

Xeno Kovah - August 7 - 90 minutes

BOOK NOW

You are enveloped in the warming glow of dozens to hundreds of Bluetooth devices. Aren’t you curious what all those lil critters are?! Let's use Linux tools to poke at these apparitions!

This workshop serves as a preview of the Bluetooth classes that are being developed for OpenSecurityTraining2 (ost2.fyi) by Veronica & Xeno Kovah. The full classes will be multiple days long, so this brief workshop will just give you a basic introduction to some of the basic Linux Bluetooth tools, and how they fit in to Blue2thprinting (http://darkmentor.com/publication/2023-11-hardweario/).

Blue2thprinting is Bluetooth-toothprinting - the act of creating a toothprint (2thprint) to identify distinct features of a Bluetooth device. These 2thprints help us determine information such as what type of Bluetooth chip it uses, what company makes it, what model it is, etc. Over the past year I have focused on Blue2thprinting as a way to approach vulnerability assessment of Bluetooth devices. Specifically, whether they are vulnerable to the other-the-air Bluetooth chip vulnerabilities found by Veronica Kovah and presented at BlackHat USA 2020.

The Blue2thprinting software fits neatly into the “researchware” category, and thus if I’m being honest is more difficult to set up than I’d like. Thus, attendees will be provided with a preconfigured Linux VM where both the collection and analysis components are already set up, as well as pre-seeded with some real data that can be explored at one’s leisure. In this workshop you’ll learn about and play around with the following:

Linux Bluetooth default tools:

  • hciconfig
  • bluetoothctl
  • btmon

Linux non-default tools:

  • Wireshark
  • gatttool
  • sdptool

Blue2thprinting software:

  • Crontab setup to auto-run and collect Bluetooth (e.g. as used in the simple immediately-sniffing-by-default Raspberry Pi Zero image)
  • central_app_launcher2.py for coordinating active data inquiry components
  • Sweyntooth for sending arbitrary BT Low Energy packets
  • Braktooth for sending arbitrary BT Classic packets
  • Analysis scripts for post-processing log files and placing data into MySQL database
  • TellMeEverything.py to provide a nicer interface to the data in the database

At the end of the workshop you’ll be cordially invited to join the BlueCrew, and be introduced into the wide world of open research questions that exist in the Bluetooth space, awaiting your collaboration.