源海拾贝 | Bluetooth-LE Security：Method, Tools and Stack

BLE Vulnerability TOP5

• BlueBorne
• BleedingBit
• SweynTooth
• BtleJuice
• BLE-CTF

Table of Content

BLE-Security-Attack&Defence
 |-- BLE Vulnerability TOP5
 |  |-- BlueBorne
 |  |-- BleedingBit
 |  |-- SweynTooth
 |  |-- BtleJuice
 |  |-- BLE-CTF
 |-- ble-stack
 |  |-- Mynewt-Nimble
 |  |-- nRF5_SDK_15.0.0_a53641a
 |  |-- PyBluez
 |  |-- LightBlue
 |-- cap - capture package
 |  |-- CrackLE
 |  |-- TI-BLTE2Pcap
 |  |-- blefuzz_V21
 |  |-- Fuzzing Bluetooth
 |-- image
 |-- tools - hardware&sofrware
 |  |-- Ubertooth
 |  |-- BladeRF
 |  |-- HackRF
 |  |-- Adafruit-BluefruitLE
 ...

Bluetooth LE Vulnerabilities

github链接：https://github.com/Charmve/BLE-Security-Attack-Defence

1. BlueBorne – A New Class of Airborne Attacks that can Remotely Compromise Any Linux/IoT Device
   https://www.youtube.com/watch?v=WWQTlogqF1IHack.lu 2016 BtleJuice: the Bluetooth Smart Man In The Middle Framework by Damiel Cauquil
   https://www.youtube.com/watch?v=G08fh5Sa7TU
2. MASHaBLE: Mobile Applications of Secret Handshakes Over Bluetooth LE
   https://www.youtube.com/watch?v=s79CG2Os0Nc
3. Automatic Discovery of Evasion Vulnerabilities Using Targeted Protocol Fuzzing
   https://www.youtube.com/watch?v=NDWGwrMk3AU
4. Hacking the Wireless World with Software Defined Radio – 2.0
   https://www.youtube.com/watch?v=MKbU3HhG2vk
5. Effective File Format Fuzzing – Thoughts, Techniques and Results
   https://www.youtube.com/watch?v=qTTwqFRD1H8
6. Hacking the Wireless World with Software Defined Radio – 2.0
   https://www.youtube.com/watch?v=x3UUazj0tkg

1. DEF CON 26 – Damien virtualabs Cauquil – You had better secure your BLE devices
   https://www.youtube.com/watch?v=VHJfd9h6G2s&t=646s
2. DEF CON 24 Wireless Village – Jose Gutierrez and Ben Ramsey – How Do I BLE Hacking
   https://www.youtube.com/watch?v=oP6sx2cObrY
3. DEF CON Safe Mode Wireless Village – FreqyXin – The Basics Of Breaking
   https://www.youtube.com/watch?v=X2ARyfjzxhY
4. DEF CON 26 – Vincent Tan – Hacking BLE Bicycle Locks for Fun and a Small Profit
   https://www.youtube.com/watch?v=O-caTVpHWoY
5. DEF CON 26 WIRELESS VILLAGE – ryan holeman – BLE CTF
   https://www.youtube.com/watch?v=lx5MAOyu9N0
6. DEF CON 21 – Ryan Holeman – The Bluetooth Device Database
   https://www.youtube.com/watch?v=BqiIERArnA8
7. DEF CON 22 – Grant Bugher – Detecting Bluetooth Surveillance Systems
   https://www.youtube.com/watch?v=85uwy0ACJJw
8. KnighTV Episode 11: Hacking BLe Devices Part 1/6: Attacking August Smart Lock Pro
   https://www.youtube.com/watch?v=3e4DBk5BKLg
9. Gattacking Bluetooth Smart Devices – Introducing a New BLE Proxy Tool
   https://www.youtube.com/watch?v=uKqdb4lF0XU&list=LLxFkZjbpt0KyhEv1d342SQQ&index=6&t=91s
10. Bluetooth Reverse Engineering: Tools and Techniques
    https://www.youtube.com/watch?v=gCQ3iSy6R-U
11. Hopping into Enterprise Networks from Thin Air with BLEEDINGBIT
    https://www.youtube.com/watch?v=ASod9cRtZf4漏洞预警 | BleedingBit蓝牙芯片远程代码执行漏洞
    https://www.anquanke.com/post/id/163307 https://www.secpulse.com/archives/78841.html
12. BA03 Breaking the Teeth of Bluetooth Padlocks Adrian Crenshaw
    https://www.youtube.com/watch?v=k8Tp5hj6ylY
13. The NSA Playset Bluetooth Smart Attack Tools
    https://www.youtube.com/watch?v=_Z4gYyrKVFM

To-Do

• 2020.10 CVE-2020-12351，CVE-2020-12352&CVE-2020-24490
• 2020.04 CVE-2020-10135
• 2020.03 CVE-2020-3848 -49 -50
• 2020.03 CVE-2020-15802
• 2020.03  CVE-2020-9770
• 2020.03 CVE-2019-9506

Citation

Use this bibtex to cite this repository:

@misc{BLE Security,
  title={Bluetooth LE-Security: Method, Tools and Stack},
  author={Charmve},
  year={2020.09},
  publisher={Github},
  journal={GitHub repository},
  howpublished={\url{https://github.com/Charmve/BLE-Security-Attack-Defence}},
}