BlueTooth Wars
-
Upload
salvatore-iaconesi -
Category
Technology
-
view
2.214 -
download
0
Transcript of BlueTooth Wars
![Page 2: BlueTooth Wars](https://reader034.fdocuments.in/reader034/viewer/2022050613/554f1f6db4c905aa348b4fa3/html5/thumbnails/2.jpg)
Cos'è?
E' un protocollo WIRELESS e APERTO usato per scambiare dati su BREVI DISTANZE (usando onde radio) da dispositivi mobili e non, per creare PERSONAL AREA NETWORKS (PANs).
[AOS][FakePress] [email protected] AHAcktitude, 27-29 Nov. 2009, Il Cantiere, Milano
![Page 3: BlueTooth Wars](https://reader034.fdocuments.in/reader034/viewer/2022050613/554f1f6db4c905aa348b4fa3/html5/thumbnails/3.jpg)
Personal Area Network
È una RETE di comunicazione, tra dispositivi informatici o elettronici, che si estende A BREVE DISTANZA DALLA PERSONA. I dispositivi coinvolti possono o meno appartenere alla persona stessa. L'estensione di una PAN è, di solito, di POCHI METRI. Le PAN possono essere usate per far comunicare tra loro I dispositivi (COMUNICAZIONE INTERPERSONALE), o per realizzare un UPLINK verso una rete di livello più alto (ad es. Internet).
[AOS][FakePress] [email protected] AHAcktitude, 27-29 Nov. 2009, Il Cantiere, Milano
![Page 4: BlueTooth Wars](https://reader034.fdocuments.in/reader034/viewer/2022050613/554f1f6db4c905aa348b4fa3/html5/thumbnails/4.jpg)
[AOS][FakePress] [email protected] AHAcktitude, 27-29 Nov. 2009, Il Cantiere, Milano
GEBO“regalo” o “generosità”
BERKANAN“betulla”
Danish Blåtand, the epithet of the tenth-century king Harald I of Denmark and Norway who united dissonant Danish tribes into a single kingdom
![Page 5: BlueTooth Wars](https://reader034.fdocuments.in/reader034/viewer/2022050613/554f1f6db4c905aa348b4fa3/html5/thumbnails/5.jpg)
fino a 79 frequenze contemporanee per il FHSS (Frequency-hopping spread spectrum)
2.4GHz a corto raggio
specifiche sviluppate da Bluetooth Spegial Interest Group (SIG)
Il SIG è un organo privato, garantisce l'accesso alle specifiche e definisce i processi secondo cui i prodotti vano testati prima di potergli assegnare il bollino BT.
E' condotto da volontari dei membri.
[AOS][FakePress] [email protected] AHAcktitude, 27-29 Nov. 2009, Il Cantiere, Milano
info
![Page 6: BlueTooth Wars](https://reader034.fdocuments.in/reader034/viewer/2022050613/554f1f6db4c905aa348b4fa3/html5/thumbnails/6.jpg)
Molto resistente alle interferenze NARROWBAND(limitate in banda)
Difficile da intercettare
Molte trasmissioni possono COESISTERE con interferenze minime
[AOS][FakePress] [email protected] AHAcktitude, 27-29 Nov. 2009, Il Cantiere, Milano
FHSS
![Page 7: BlueTooth Wars](https://reader034.fdocuments.in/reader034/viewer/2022050613/554f1f6db4c905aa348b4fa3/html5/thumbnails/7.jpg)
[AOS][FakePress] [email protected] AHAcktitude, 27-29 Nov. 2009, Il Cantiere, Milano
info
CLASSE POTENZA DISTANZA
1 100 mW (20 dBm) 100m
2 2.5 mW (4 dBm) 22m
3 1 mW (0 dBm) 6m
VERSIONE VELOCITA'
1.0 1 Mbit/s
2.0 + EDR 3 Mbit/s
![Page 8: BlueTooth Wars](https://reader034.fdocuments.in/reader034/viewer/2022050613/554f1f6db4c905aa348b4fa3/html5/thumbnails/8.jpg)
Un profilo BT è una SPECIFICA DI INTERFACCIA per la comunicazione BT tra dispositivi. Un dispositivo implementa la compatibilità con un insieme di profili BT per usarne i servizi. Un Profilo definisce almeno le DIPENDENZE DA ALTRI PROFILI, i FORMATI suggeriti per realizzare le interfacce, la definizione delle parti della PILA DI PROTOCOLLI usata dal profilo. Ogni profilo PERSONALIZZA I LAYER DELLO STACK BT.
[AOS][FakePress] [email protected] AHAcktitude, 27-29 Nov. 2009, Il Cantiere, Milano
BT PROFILES
![Page 9: BlueTooth Wars](https://reader034.fdocuments.in/reader034/viewer/2022050613/554f1f6db4c905aa348b4fa3/html5/thumbnails/9.jpg)
A2DP, AVRCP, BIP, BPP, CIP, CTP, DID, DUN, FAX, FTP, GAVDP, GAP, GOEP, HCRP, HFP, HID, HSP, ICP, LAP, OPP, PAN, PBAP, PBA, SPP, SDAP, SAP, SIM, SYNCH, VDP, WAPB
[AOS][FakePress] [email protected] AHAcktitude, 27-29 Nov. 2009, Il Cantiere, Milano
BT PROFILES
![Page 10: BlueTooth Wars](https://reader034.fdocuments.in/reader034/viewer/2022050613/554f1f6db4c905aa348b4fa3/html5/thumbnails/10.jpg)
GENERAL PURPOSEvs
EMBEDDED
[AOS][FakePress] [email protected] AHAcktitude, 27-29 Nov. 2009, Il Cantiere, Milano
BT STACKS
![Page 11: BlueTooth Wars](https://reader034.fdocuments.in/reader034/viewer/2022050613/554f1f6db4c905aa348b4fa3/html5/thumbnails/11.jpg)
WINDOWS: Widcomm, Broadcom, EtherMind, Toshiba, BlueSoleil, BlueFritz!
LINUX: BlueZ (implementazione standard e completa), Affix (Nokia)
[AOS][FakePress] [email protected] AHAcktitude, 27-29 Nov. 2009, Il Cantiere, Milano
GENERAL STACKS
![Page 12: BlueTooth Wars](https://reader034.fdocuments.in/reader034/viewer/2022050613/554f1f6db4c905aa348b4fa3/html5/thumbnails/12.jpg)
BlueMagic: iPhone, alcuni Motorola, LG, Samsung...
BlueCore Host Software (BCHS): tanti profili
lwBT: Open Source, leggero,
Bluetopia: integrato con molte piattaforme
Symbian: include uno stack BT
[AOS][FakePress] [email protected] AHAcktitude, 27-29 Nov. 2009, Il Cantiere, Milano
EMBEDDED STACKS
![Page 13: BlueTooth Wars](https://reader034.fdocuments.in/reader034/viewer/2022050613/554f1f6db4c905aa348b4fa3/html5/thumbnails/13.jpg)
1.0 e 1.0b
Problematico, lento, incompatibile. Obbligava a definire degli indirizzi univoci, impossibile per moltissime applicazioni.
[AOS][FakePress] [email protected] AHAcktitude, 27-29 Nov. 2009, Il Cantiere, Milano
STORIA
![Page 14: BlueTooth Wars](https://reader034.fdocuments.in/reader034/viewer/2022050613/554f1f6db4c905aa348b4fa3/html5/thumbnails/14.jpg)
1.1
IEEE Standard 802.15.1-2002
Fix di molti errori
Supporto per canali non crittografati
Received Signal Strength Indicator (RSSI)
[AOS][FakePress] [email protected] AHAcktitude, 27-29 Nov. 2009, Il Cantiere, Milano
STORIA
![Page 15: BlueTooth Wars](https://reader034.fdocuments.in/reader034/viewer/2022050613/554f1f6db4c905aa348b4fa3/html5/thumbnails/15.jpg)
1.2
Compatibilità con 1.1IEEE Standard 802.15.1-2005Discovery e connessione rapidaAFH (Adaptive Frequency Hopping)Più veloceFlow Control e Retransmission ModesHCI (Host Controller Interface)eSCO (Extended Synchronous Connections) per migliorare trasferimenti simultanei
[AOS][FakePress] [email protected] AHAcktitude, 27-29 Nov. 2009, Il Cantiere, Milano
STORIA
![Page 16: BlueTooth Wars](https://reader034.fdocuments.in/reader034/viewer/2022050613/554f1f6db4c905aa348b4fa3/html5/thumbnails/16.jpg)
2.0 + EDR
Compatibile con la 1.2
EDR (Enhanced Data Rates) che usa GFSK (Gaussian Frequency Shift Keying) per trasmettere su bande differenti
[AOS][FakePress] [email protected] AHAcktitude, 27-29 Nov. 2009, Il Cantiere, Milano
STORIA
![Page 17: BlueTooth Wars](https://reader034.fdocuments.in/reader034/viewer/2022050613/554f1f6db4c905aa348b4fa3/html5/thumbnails/17.jpg)
2.1 + EDR
Compatibile con la 1.2
Extended inquiry response (EIR), Sniff subrating, Encryption pause/resume (EPR), Secure simple pairing (SSP), Non-Automatically-Flushable Packet Boundary Flag (PBF)
Near field communication (NFC) cooperation
[AOS][FakePress] [email protected] AHAcktitude, 27-29 Nov. 2009, Il Cantiere, Milano
STORIA
![Page 18: BlueTooth Wars](https://reader034.fdocuments.in/reader034/viewer/2022050613/554f1f6db4c905aa348b4fa3/html5/thumbnails/18.jpg)
3.0 + HS
24 Mb/sAMP (Alternate MAC/PHY)
The Bluetooth Radio is still used for device discovery, initial connection and profile configuration, however when lots of data needs to be sent, the high speed alternate MAC PHY (802.11, typically associated with Wi-Fi) will be used to transport the data.
[AOS][FakePress] [email protected] AHAcktitude, 27-29 Nov. 2009, Il Cantiere, Milano
STORIA
![Page 19: BlueTooth Wars](https://reader034.fdocuments.in/reader034/viewer/2022050613/554f1f6db4c905aa348b4fa3/html5/thumbnails/19.jpg)
BROADCAST CHANNELS (information points)
TOPOLOGY (piconet, scatternet)
QoS
[AOS][FakePress] [email protected] AHAcktitude, 27-29 Nov. 2009, Il Cantiere, Milano
FUTURO
![Page 20: BlueTooth Wars](https://reader034.fdocuments.in/reader034/viewer/2022050613/554f1f6db4c905aa348b4fa3/html5/thumbnails/20.jpg)
CONFIDENTIALITY
AUTHENTICATION
KEY derivation (SAFER + block cypher)
[AOS][FakePress] [email protected] AHAcktitude, 27-29 Nov. 2009, Il Cantiere, Milano
SICUREZZA
![Page 21: BlueTooth Wars](https://reader034.fdocuments.in/reader034/viewer/2022050613/554f1f6db4c905aa348b4fa3/html5/thumbnails/21.jpg)
invio di messaggi non richiesti a dispositivi Bluetooth usando il protocollo OBEX
[AOS][FakePress] [email protected] AHAcktitude, 27-29 Nov. 2009, Il Cantiere, Milano
BLUEJACKING
![Page 22: BlueTooth Wars](https://reader034.fdocuments.in/reader034/viewer/2022050613/554f1f6db4c905aa348b4fa3/html5/thumbnails/22.jpg)
Accesso non autorizzato alle informazioni su una connessione Bluetooth
[AOS][FakePress] [email protected] AHAcktitude, 27-29 Nov. 2009, Il Cantiere, Milano
BLUESNARFING
![Page 23: BlueTooth Wars](https://reader034.fdocuments.in/reader034/viewer/2022050613/554f1f6db4c905aa348b4fa3/html5/thumbnails/23.jpg)
Prendere il controllo del telefono della vittima. Ascoltare le conversazioni. Creare un sistema di call forwarding non autorizzato.
(es.: Nokia 6310i )
[AOS][FakePress] [email protected] AHAcktitude, 27-29 Nov. 2009, Il Cantiere, Milano
BLUEBUGGING
![Page 24: BlueTooth Wars](https://reader034.fdocuments.in/reader034/viewer/2022050613/554f1f6db4c905aa348b4fa3/html5/thumbnails/24.jpg)
Semi PILA DI PROTOCOLLI usata per le funzionalità di trasferimento dei file e del multimedia da/a dispositivi Bluetooth.
[AOS][FakePress] [email protected] AHAcktitude, 27-29 Nov. 2009, Il Cantiere, Milano
OBEX
![Page 25: BlueTooth Wars](https://reader034.fdocuments.in/reader034/viewer/2022050613/554f1f6db4c905aa348b4fa3/html5/thumbnails/25.jpg)
Implementa il profilo FTP Bluetooth e consente di trasferire file da vari dispositivi.
E' la base della maggior parte degli exploit.
[AOS][FakePress] [email protected] AHAcktitude, 27-29 Nov. 2009, Il Cantiere, Milano
OBEX-FTP
![Page 26: BlueTooth Wars](https://reader034.fdocuments.in/reader034/viewer/2022050613/554f1f6db4c905aa348b4fa3/html5/thumbnails/26.jpg)
obexftp -belenco dei dispositivi
[AOS][FakePress] [email protected] AHAcktitude, 27-29 Nov. 2009, Il Cantiere, Milano
OBEX-FTP
![Page 27: BlueTooth Wars](https://reader034.fdocuments.in/reader034/viewer/2022050613/554f1f6db4c905aa348b4fa3/html5/thumbnails/27.jpg)
obexftp -b [ADDR] -p [FILE]invio un file
[AOS][FakePress] [email protected] AHAcktitude, 27-29 Nov. 2009, Il Cantiere, Milano
OBEX-FTP
![Page 28: BlueTooth Wars](https://reader034.fdocuments.in/reader034/viewer/2022050613/554f1f6db4c905aa348b4fa3/html5/thumbnails/28.jpg)
obexftp -c <dir> vai alladirectory
obexftp -C <dir> crea directory
obexftp -l <dir> lista dei file nelladirectory
obexftp -g <file> prendi file
obexftp -G <file> prendi file e poi cancellalo
obexftp -p <file> manda file
obexftp -k <file> elimina file
obexftp -k <file> elimina file
obexftp -X analizza le capability del terminale
obexftp -Y probe delle caratteristiche
[AOS][FakePress] [email protected] AHAcktitude, 27-29 Nov. 2009, Il Cantiere, Milano
OBEX-FTP
![Page 29: BlueTooth Wars](https://reader034.fdocuments.in/reader034/viewer/2022050613/554f1f6db4c905aa348b4fa3/html5/thumbnails/29.jpg)
OBEXPUSHD -Bascolta connessioni bluetooth
[AOS][FakePress] [email protected] AHAcktitude, 27-29 Nov. 2009, Il Cantiere, Milano
OBEXPUSHD
![Page 30: BlueTooth Wars](https://reader034.fdocuments.in/reader034/viewer/2022050613/554f1f6db4c905aa348b4fa3/html5/thumbnails/30.jpg)
ussp-push LFILE RFILEinvia file usando l'object push protocol (OPP)
[AOS][FakePress] [email protected] AHAcktitude, 27-29 Nov. 2009, Il Cantiere, Milano
USSP-PUSH
![Page 31: BlueTooth Wars](https://reader034.fdocuments.in/reader034/viewer/2022050613/554f1f6db4c905aa348b4fa3/html5/thumbnails/31.jpg)
btscannerelenco dei dispositivi BT
[AOS][FakePress] [email protected] AHAcktitude, 27-29 Nov. 2009, Il Cantiere, Milano
BTSCANNER
![Page 32: BlueTooth Wars](https://reader034.fdocuments.in/reader034/viewer/2022050613/554f1f6db4c905aa348b4fa3/html5/thumbnails/32.jpg)
bluetooth-analyzerGUI per analizzare i flussi BT
[AOS][FakePress] [email protected] AHAcktitude, 27-29 Nov. 2009, Il Cantiere, Milano
ANALYZER
![Page 33: BlueTooth Wars](https://reader034.fdocuments.in/reader034/viewer/2022050613/554f1f6db4c905aa348b4fa3/html5/thumbnails/33.jpg)
http://www.artisopensource.net/BT.zip
[AOS][FakePress] [email protected] AHAcktitude, 27-29 Nov. 2009, Il Cantiere, Milano
BLUETOOTH WARS
![Page 34: BlueTooth Wars](https://reader034.fdocuments.in/reader034/viewer/2022050613/554f1f6db4c905aa348b4fa3/html5/thumbnails/34.jpg)
su -
[AOS][FakePress] [email protected] AHAcktitude, 27-29 Nov. 2009, Il Cantiere, Milano
BLUETOOTH WARS
![Page 35: BlueTooth Wars](https://reader034.fdocuments.in/reader034/viewer/2022050613/554f1f6db4c905aa348b4fa3/html5/thumbnails/35.jpg)
mkdir -p mtpoint
[AOS][FakePress] [email protected] AHAcktitude, 27-29 Nov. 2009, Il Cantiere, Milano
BLUETOOTH WARS
![Page 36: BlueTooth Wars](https://reader034.fdocuments.in/reader034/viewer/2022050613/554f1f6db4c905aa348b4fa3/html5/thumbnails/36.jpg)
mount -o loop ccbtdemo mtpoint/
[AOS][FakePress] [email protected] AHAcktitude, 27-29 Nov. 2009, Il Cantiere, Milano
BLUETOOTH WARS
![Page 37: BlueTooth Wars](https://reader034.fdocuments.in/reader034/viewer/2022050613/554f1f6db4c905aa348b4fa3/html5/thumbnails/37.jpg)
chmod 777 mtpoint
[AOS][FakePress] [email protected] AHAcktitude, 27-29 Nov. 2009, Il Cantiere, Milano
BLUETOOTH WARS
![Page 38: BlueTooth Wars](https://reader034.fdocuments.in/reader034/viewer/2022050613/554f1f6db4c905aa348b4fa3/html5/thumbnails/38.jpg)
I CONTENUTI/var/opt/ccobex
[AOS][FakePress] [email protected] AHAcktitude, 27-29 Nov. 2009, Il Cantiere, Milano
BLUETOOTH WARS
![Page 39: BlueTooth Wars](https://reader034.fdocuments.in/reader034/viewer/2022050613/554f1f6db4c905aa348b4fa3/html5/thumbnails/39.jpg)
CONFIGURAZIONI/etc/bluetooth
/etc/opt/ccobex
[AOS][FakePress] [email protected] AHAcktitude, 27-29 Nov. 2009, Il Cantiere, Milano
BLUETOOTH WARS
![Page 40: BlueTooth Wars](https://reader034.fdocuments.in/reader034/viewer/2022050613/554f1f6db4c905aa348b4fa3/html5/thumbnails/40.jpg)
gzip ccbtdemo
[AOS][FakePress] [email protected] AHAcktitude, 27-29 Nov. 2009, Il Cantiere, Milano
BLUETOOTH WARS
![Page 41: BlueTooth Wars](https://reader034.fdocuments.in/reader034/viewer/2022050613/554f1f6db4c905aa348b4fa3/html5/thumbnails/41.jpg)
METTERE SU UN CDboot.cat
ccbtdemo.gzisolinux.binisolinux.cfg
vmlinuz
[AOS][FakePress] [email protected] AHAcktitude, 27-29 Nov. 2009, Il Cantiere, Milano
BLUETOOTH WARS