PASSIVE BLUETOOH 
MONITORING IN SCAPY 

Ryan Holeman 


AGENDA 


• bluetooth essentials 

• fundamental projects 

• scapy-btbb project overview 

• demo 


ESSENTIAL 

BLUETOOTH 


bluetooth is a frequency 
hopping protocol 


Single Channel protocol 


channel 1 


Channel Hopping protocol 


channel 1 
channel 2 
channel 3 


■ ■ 

^ ■ 
* ■ 


channel 79 


ESSENTIAL 

BLUETOOTH 


BTBB - bluetooth baseband 


air traffic between master 
and slave bluetooth devices 


Application 


RFCOMM 


f 


L2CAP 


_ ; 


r 


Link Manager 


_ ; 


r 


Baseband _ 


> 


ESSENTIAL 

BLUETOOTH 


nap 

• non-significant for 
communication 

• vendor association 
uap 

• upper address part 

• vendor association 

• calculated from btbb packets 
lap 

• lower address part 

• easily obtained in btbb packet 


Bluetooth Device Addresses 


FUNDAMENTAL PROJECTS 

SCAPY 


• Philippe Biondi 

• python network analysis and manipulation tool 

• supports many protocols and layers 

• Ethernet, Tcp/lp, 802. 1 1 , 802. 1 5.5, etc 


FUNDAMENTAL PROJECTS 

LIBBTBB 


• Dominic Spill and Mike Ossmann 

• provides methods for: 

• uap discovery, clock discovery, etc 

• wireshark plugin 

• wireshark btbb support 


FUNDAMENTAL PROJECTS 

UBERTOOTH 


• bluetooth baseband sniffer 

• Mike Ossmann 

• kismet plugin 


SCAPY-BTBB 

GOALS 


bluetooth baseband traffic in python 


SCAPY-BTBB 

CONTRIBUTIONS 


• btbb layer in scapy 

• a stream utility for pcap files in scapy 

• btbb helper methods 

• vendor from nap/uap 

• distinct address lists from btbb traffic 

• extensive documentation of related projects 


SCAPY-BTBB 

RELEVANCE 


• real time and postmortem data analysis for btbb traffic 

• compatibility across hardware 

• though pcap files 

• easily incorporated into: 

• developer debugging tools 

• auditing tools 

• exploitation tools 


DEMO 


REFERENCES 


scapy 

• Phillippe Biondi 

• secdev.org/projects/scapy 
libbtbb 

• Dominic Spill & Mike Ossmann 

• sou rcefo rge . n et/p roj ects/l i bbtbb 
ubertooth 

• Mike Ossmann 

• ubertooth.sourceforge.net 
kismet 

• Mike Kershaw 

• kismetwireless.net 


• bluez 

• bluez.org 

• pybluez 

• pybluez.googlecode. 

• wineshark 

• wireshark.org 

• ipython 

• ipython.org 

• pandas 

• pandas.pydata.org 


PROJECT HOME AND 
CONTACT INFO 

• project home 

• hackgnarcom/projects/btbb 

• contact 

• email: rippei1ia)hackgnar.com 

• twitter: @hackgnar