Bluetooth Security and Exploitation

  1. Reconnaissance and Discovery Techniques
    1. Device Discovery Methods
      1. Classic Bluetooth Inquiry
        1. Inquiry Process Overview
          1. Inquiry Access Codes
            1. Inquiry Response Packets
              1. Device Address Extraction
              2. BLE Device Discovery
                1. Active Scanning Process
                  1. Scan Request Packets
                    1. Scan Response Packets
                      1. Information Extraction
                      2. Passive Scanning Process
                        1. Packet Analysis
                          1. Limitations and Considerations
                        2. Device Address Types
                          1. Public Device Addresses
                            1. Random Device Addresses
                              1. Static Random Addresses
                                1. Private Resolvable Addresses
                                  1. Private Non-Resolvable Addresses
                                2. Service Enumeration Techniques
                                  1. Service Discovery Protocol (SDP) Scanning
                                    1. Service Search Requests
                                      1. Service Attribute Requests
                                        1. Service Browse Requests
                                          1. Information Extraction Methods
                                          2. GATT Service Discovery
                                            1. Primary Service Discovery
                                              1. Secondary Service Discovery
                                                1. Characteristic Discovery
                                                  1. Descriptor Discovery
                                                    1. Service Relationship Mapping
                                                  2. Device Fingerprinting Methods
                                                    1. Manufacturer Identification
                                                      1. OUI Database Lookup
                                                        1. Vendor-specific Features Analysis
                                                          1. Device Capability Assessment
                                                          2. Device Class Determination
                                                            1. Major Device Class Analysis
                                                              1. Minor Device Class Analysis
                                                                1. Service Class Information
                                                                2. Advertising Packet Analysis
                                                                  1. Local Name Extraction
                                                                    1. Service UUID Identification
                                                                      1. Manufacturer Data Analysis
                                                                        1. Device Capability Profiling
                                                                        2. Protocol Stack Fingerprinting
                                                                          1. HCI Command Support
                                                                            1. L2CAP Feature Detection
                                                                              1. Profile Implementation Analysis
                                                                            2. Traffic Interception and Analysis
                                                                              1. Hardware Requirements
                                                                                1. Ubertooth One
                                                                                  1. Hardware Specifications
                                                                                    1. Setup and Configuration
                                                                                      1. Usage Scenarios
                                                                                        1. Limitations
                                                                                        2. Adafruit Bluefruit LE Sniffer
                                                                                          1. Hardware Specifications
                                                                                            1. Setup and Configuration
                                                                                              1. Usage Scenarios
                                                                                                1. Limitations
                                                                                                2. nRF52840 Development Kits
                                                                                                  1. Hardware Specifications
                                                                                                    1. Setup and Configuration
                                                                                                      1. Usage Scenarios
                                                                                                        1. Custom Firmware Options
                                                                                                        2. Software-Defined Radio (SDR)
                                                                                                          1. Hardware Requirements
                                                                                                            1. Software Configuration
                                                                                                              1. Signal Processing
                                                                                                            2. Software Tools
                                                                                                              1. Wireshark with Bluetooth Support
                                                                                                                1. Packet Capture Configuration
                                                                                                                  1. Protocol Dissection
                                                                                                                    1. Filter Creation
                                                                                                                      1. Analysis Techniques
                                                                                                                      2. btmon Utility
                                                                                                                        1. HCI Traffic Monitoring
                                                                                                                          1. Log File Generation
                                                                                                                            1. Real-time Analysis
                                                                                                                            2. Custom Sniffing Tools
                                                                                                                              1. Protocol-specific Sniffers
                                                                                                                                1. Automated Analysis Scripts

                                                                                                                          Previous

                                                                                                                          2. Bluetooth Security Architecture

                                                                                                                          Go to top

                                                                                                                          Next

                                                                                                                          4. Classic Bluetooth (BR/EDR) Vulnerabilities and Attacks