Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
bluetoolkit
BlueToolkit is an extensible Bluetooth Classic vulnerability testing framework that helps uncover new and old vulnerabilities in Bluetooth-enabled devices. Could be used in the vulnerability research, penetration testing and bluetooth hacking. We also collected and classified Bluetooth vulnerabilities in an "Awesome Bluetooth Security" way
https://github.com/sgxgsx/bluetoolkit
Last synced: 6 days ago
JSON representation
-
Install
-
Usage
- **BlueToolkit templates** - to-use templates.
- templating guide
- here
- templating guide
- here
-
Vulnerabilities to be added soon
- https://www.cvedetails.com/cve/CVE-2023-21647/?q=CVE-2023-21647
- https://fmsh-seclab.github.io/
- https://www.cvedetails.com/cve/CVE-2022-25836/
- https://research.nccgroup.com/2022/05/15/technical-advisory-tesla-ble-phone-as-a-key-passive-entry-vulnerable-to-relay-attacks/
- https://github.com/nccgroup/Sniffle
- https://github.com/RCayre/injectable-firmware - 03193297v2/document](https://hal.laas.fr/hal-03193297v2/document) | MITM, Send malicious packets, post-exploitation after the session was established/hijacked (Imp and model specific) |
- https://github.com/darkmentorllc/jackbnimble - 20/Wednesday/us-20-Kovah-Finding-New-Bluetooth-Low-Energy-Exploits-Via-Reverse-Engineering-Multiple-Vendors-Firmwares.pdf](https://i.blackhat.com/USA-20/Wednesday/us-20-Kovah-Finding-New-Bluetooth-Low-Energy-Exploits-Via-Reverse-Engineering-Multiple-Vendors-Firmwares.pdf) | 3 exploits for specific hardware, CVE-2020-15531 |
- http://tns.thss.tsinghua.edu.cn/~jiliang/publications/MOBISYS2020_BlueDoor.pdf
- https://www.usenix.org/system/files/sec20-zhang-yue.pdf - 2020-35473 |
- https://www.usenix.org/system/files/woot20-paper-wu.pdf
- https://www.cvedetails.com/cve/CVE-2019-16336/?q=CVE-2019-16336
- https://www.cvedetails.com/cve/CVE-2019-17061/?q=CVE-2019-17061
- https://www.cvedetails.com/cve/CVE-2019-17060/?q=CVE-2019-17060
- https://www.cvedetails.com/cve/CVE-2019-19192/?q=CVE-2019-19192
- https://www.usenix.org/system/files/sec19-sivakumaran_0.pdf - located apps can get BLE data, and thus exfiltrate needed info??? can we do a relay with it? |
- https://github.com/securing/gattacker - 16/materials/us-16-Jasek-GATTacking-Bluetooth-Smart-Devices-Introducing-a-New-BLE-Proxy-Tool.pdf](https://www.blackhat.com/docs/us-16/materials/us-16-Jasek-GATTacking-Bluetooth-Smart-Devices-Introducing-a-New-BLE-Proxy-Tool.pdf) | MITM BLE |
- https://github.com/mikeryan/crackle - ryan.pdf](https://www.usenix.org/system/files/conference/woot13/woot13-ryan.pdf) | crack ble encryption |
- CVE-2023-45866 - | CVE-2023-45866, CVE-2023-45866, CVE-2023-45866 |
- CVE-2023-24023 - 02 | [https://github.com/francozappa/bluffs](https://github.com/francozappa/bluffs) | | |
- https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=9833777 - stack illegal access attack (formal methods) + CVE-2020-26560 and CVE-2020-15802 mentioned in other entries |
- https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=9833575
- CVE-2022-24695 - 2022-24695 affects Privacy, defeats non-discoverable feature of BT/EDR |
- CVE-2022-25837 - 2022-25837/](https://www.cvedetails.com/cve/CVE-2022-25837/) | Check CVE for details, relies on Method Confusion, CVE-2022-25837 |
- CVE-2021-28139 - WROVER-KIT | [https://github.com/Matheus-Garbelini/braktooth_esp32_bluetooth_classic_attacks](https://github.com/Matheus-Garbelini/braktooth_esp32_bluetooth_classic_attacks) | https://asset-group.github.io/disclosures/braktooth/ | |
- CVE-2020-12352 - research/security/advisories/GHSA-7mh3-gq28-gfrq](https://github.com/google/security-research/security/advisories/GHSA-7mh3-gq28-gfrq) | [https://google.github.io/security-research/pocs/linux/bleedingtooth/writeup.html](https://google.github.io/security-research/pocs/linux/bleedingtooth/writeup.html) | Information leak |
- CVE-2020-12351 - research/security/advisories/GHSA-7mh3-gq28-gfrq](https://github.com/google/security-research/security/advisories/GHSA-7mh3-gq28-gfrq) | [https://google.github.io/security-research/pocs/linux/bleedingtooth/writeup.html](https://google.github.io/security-research/pocs/linux/bleedingtooth/writeup.html) | stack-based info leak BlueZ |
- CVE-2020-24490 - research/security/advisories/GHSA-ccx2-w2r4-x649](https://github.com/google/security-research/security/advisories/GHSA-ccx2-w2r4-x649) | [https://google.github.io/security-research/pocs/linux/bleedingtooth/writeup.html](https://google.github.io/security-research/pocs/linux/bleedingtooth/writeup.html) | Requires BT 5.0 and higher |
- https://www.cvedetails.com/cve/CVE-2020-3703/?q=CVE-2020-3703 - 2020-11156 Snapdragon Auto, no exploits CVE-2020-11154 CVE-2020-11155, CVE-2020-3703 |
- https://i.blackhat.com/USA-20/Wednesday/us-20-Xu-Stealthily-Access-Your-Android-Phones-Bypass-The-Bluetooth-Authentication.pdf - HatLab/BlueRepli-Plus](https://github.com/DasSecurity-HatLab/BlueRepli-Plus) |
- https://github.com/greatscottgadgets/ubertooth
- CVE-2020-10135 - 01 | [https://github.com/francozappa/bias](https://github.com/francozappa/bias) | [https://francozappa.github.io/about-bias/](https://francozappa.github.io/about-bias/) | CVE-2020-10135 |
- https://link.springer.com/article/10.1007/s00779-017-1081-6
- CVE-2017-0785
- CVE-2017-1000251 - Garbelini/braktooth_esp32_bluetooth_classic_attacks) | |
- CVE-2020-5551 - Keen-Security-Lab-Experimental-Security-Assessment-on-Lexus-Cars/](https://keenlab.tencent.com/en/2020/03/30/Tencent-Keen-Security-Lab-Experimental-Security-Assessment-on-Lexus-Cars/) | RCE in Lexus (LC, LS, NX, RC, RC F), TOYOTA CAMRY, and TOYOTA SIENNA manufactured not in Japan from Oct. 2016 to Oct. 2019 |
- https://github.com/albazrqa/BluEar
- CVE-2018-19860 - 2014 (DoS) |
- https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=5374082 - no input no output (mitm + out-of-band mitm attacks). https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=4401672 |
- https://citeseerx.ist.psu.edu/document?repid=rep1&type=pdf&doi=ac095564c820f02b2793694018d419ce99279de0
- https://www.usenix.org/legacy/event/mobisys05/tech/full_papers/shaked/shaked.pdf
- https://link.springer.com/chapter/10.1007/3-540-45353-9_14
- https://staff.ie.cuhk.edu.hk/~khzhang/my-papers/2019-ndss-bluetooth.pdf
- CVE-2020-26556 - force insufficient random AuthValue in BT Mesh 1.0 and 1.0.1 to complete authentication |
- CVE-2020-26557 - force attack |
- CVE-2020-26559 - force |
- CVE-2020-26560 - 2020-26560 - Auth bypass in Mesh profile 1.0, 1.0.1 https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=9474325 |
- CVE-2020-26555 - security.org/TC/SP2021/SPW2021/WOOT21/files/woot21-claverie-slides.pdf |
- CVE-2020-26558
- CVE-2020-15802 - 2020-15802 |
- CVE-2018-5383 - 2018-5383 |
- CVE-2019-9506 - 2019-9506](https://vuldb.com/?source_cve.140090) |
- https://www.ndss-symposium.org/wp-content/uploads/2023/02/ndss2023_s119_paper.pdf
- CVE-2022-40503 - 2022-40503/?q=CVE-2022-40503](https://www.cvedetails.com/cve/CVE-2022-40503/?q=CVE-2022-40503) | Buffer overread in A2DP profile |
- CVE-2022-40537 - 2022-40537/?q=CVE-2022-40537](https://www.cvedetails.com/cve/CVE-2022-40537/?q=CVE-2022-40537) | Memory corruption while processing AVRC_PDU_GET_PLAYER_APP_VALUE_TEXT AVRCP response |
- CVE-2022-33280 - 2022-33280/?q=CVE-2022-33280](https://www.cvedetails.com/cve/CVE-2022-33280/?q=CVE-2022-33280) | Memory corruption while processing AVRCP packet |
- CVE-2022-33255 - 2022-33255/?q=CVE-2022-33255](https://www.cvedetails.com/cve/CVE-2022-33255/?q=CVE-2022-33255) | Bluetooth HOST Buffer overread while processing GetFolderItems, GetItemAttributes |
- CVE-2022-22088 - 2022-22088/?q=CVE-2022-22088](https://www.cvedetails.com/cve/CVE-2022-22088/?q=CVE-2022-22088) | Bluetooth Host Buffer overflow while processing response from remote |
- CVE-2021-35068 - 2021-35068/?q=CVE-2021-35068](https://www.cvedetails.com/cve/CVE-2021-35068/?q=CVE-2021-35068) | Null pointer dereference while freeing the HFP profile |
- CVE-2020-10134 - confusion-attack-on-bluetooth-pairing/@@download/file/conference-proceeding.pdf](https://www.google.com/url?sa=i&rct=j&q=&esrc=s&source=web&cd=&ved=0CDcQw7AJahcKEwjAl4iK06KBAxUAAAAAHQAAAAAQAg&url=https%3A%2F%2Fwww.sec.in.tum.de%2Fi20%2Fpublications%2Fmethod-confusion-attack-on-bluetooth-pairing%2F%40%40download%2Ffile%2Fconference-proceeding.pdf&psig=AOvVaw1agi3H7gzMi_e-3uKrzh10&ust=1694524247587644&opi=89978449) | MITM between 2 BLE or BR/EDR devices. Strange hardware needed, CVE-2020-10134 |
- https://inria.hal.science/hal-01587858/document
-
Currently BlueToolkit check the following vulnerabilities and attacks:
-
-
Hardware
-
License
-
Programming Languages
Categories
Sub Categories
Keywords