I updated BTCrack Open Source Edition (BTCrack OSS) to version 1.01 by patching 2 bugs that were reported by Michael Ossmann and Carl Dunhamm.


The  primary goal of BTcrack is to crack/recover the PIN and reconstruct the link-key from a previously captured Bluetooth pairing exchange. Together with Eric Sesterhen I released an open-source version of BTcrack in 2006 which since then is part of the tools included in Backtrack. You will find more information on BTCrack  and a POC video here.

Updates to 1.01

  • Resolved a format string bug - Thanks to Michael Ossman for sending in a patch.
  • The Master ACO was overwritten by the the slave ACO thus impairing decryption of the stream - Thanks to Carl Dunhamm (carl.dunhamm@hotmail.com) for providing a patch.
Carl Dunhamm also suggested changing the way the INRAND value is assumed to come from the Master, indeed sometimes INRAND comes from the Slave. In this case BTcrack fails to crack the PIN and reconstruct the link-key. This patch my friends however I leave to the readers, I would welcome any other patch submission you might have.


The download is available here

Good Times

In memory of good times and in relation to this release of BTCrack I include two of my past stunts below - an excerpt of  my 23C3 talk where I demoed the first remote root vulnerability over Bluetooth - curtsey of Kevin Finistere and a TV Show I participated in that was aired in Germany for SAT1. In case you wonder, when the Mac is pwned I command it to say "I am a Mac, I am PC - we both suck".

23C3 - Remote Root over Bluetooth POC

SAT1 Planetopia


Post a Comment