BTCrack is the worlds first Bluetooth Pass phrase (PIN) bruteforce tool, BTCrack will bruteforce the Passkey and the Link key from captured pairing* exchanges.
To capture the pairing data it is necessary to have a Professional Bluetooth Analyzer : FTE (BPA 100, BPA 105, others), Merlin OR to know how to flash a CSR based consumer USB dongle with special firmware.
Example of an Attack scenario :
Why the PIN is not so important
An Attacker will focus on recovering the Linkkey and not the PIN, here's why :
Presented theoretic weaknesses in the implementation of the Pairing exchange
Present their logic to break pairing exchanges and implement it in Private
First public release of a complete optimized Implementation of the Shaked and Wool logic. Optimisation done by Erik Sesterhenn.
Worlds first FPGA based Implementation
Speed Comparison :
Known issues :
[+] Frontline 6.0 mixes Master & Slave Addresses
1.0 First release
1.1 Intermediate Release
Heisec 2007 Scheunentor Bluetooth Zoller