BTCrack 1.1 is ready! I named it BTCrack Heisec release, because I released it during the Security Conference of Heisec

BTcrack is a pairing handshake cracker against Bluetooth 1.0 - 2.0 for more information please resort to the Paper by Shaked and Wool and the website listed at the end of this E-mail.



In cooperation with PicoComputing (http://www.picocomputing.com/) we added FPGA support to BTCrack 1.1 and increased the Software speed by 15% reaching 200.00 keys per second on a stock P4-Dual Core 2.0ghz

Version 1.1 :
[+] Added Priority Control
[*] Fixed splash bug
[+] Added FPGA Support
[+] Speed increase (15%)

Keys per second - CPU
200.000 keys/sec DualCore P4 2 GHZ
7.600.000 keys/sec E12 @ 50mhz (Pico FPGA)
10.000.000 keys/sec E12 @ 75mhz (Pico FPGA)
30.000.000 keys/sec E16 (Pico FPGA)



Download BTCrack 1.1

I rarely comment on political issues within this blog, now I do. Overall in Europe politians seem to be jumping the bandwagon as to loosing privacy rights and surveillance laws.

The scapegoat here is "Islamic Terror", especially in Germany it is being blamed for pretty much everything. I call Bullshit.

Check the inpendendant report of "EU TERRORISM SITUATION AND TREND REPORT 2007" by nobody else than Europol.



I repeat: "Islamic Terror is the number one threat to Europe" is the chanson of lots of politicians, now check this :

My question is this, how comes a politician can make such claims without being held accountable, when there is clear evidence that he is simply pushing an agenda and doesn't care about reality ? Not too mention these other "Terrorist" groups always existed, always were there. One thing is clear to me, if we don't get off our lame asses and start to do something we soon will be no better than the US.

BTCrack 0.9a is going ahead nice, optimisations have been done and the final release will be on the Nruns website as promised very soon™ :)

BTCrack 0.9a now spawns 8 threads in order to crack the keys, and this implies that dual-core or quad-core processors are working out very nicely :) A few assembler optimisations are still ahead and the final release should be ready for 23c3.

The general assumption that the attack is theroreticaly possible and that Pins of 6 digits represent a good protection is now pratcticaly refuted.

Here are my current stats on a Dual-Core P4 2Ghz (48000 pins per second)

Pin Time required (seconds)

1234 - 0,25 seconds

12345 - 1,59 seconds

654321 - 16,171 seconds

123456789 - 4851,156 seconds (1,3 hours)

It has been quite some time since I updated this blog, I will try to update the blog in the next weeks, with a few details what I was up to during the last months.

Let's start with the more important stuff, I got into AV Research again =) The output of which will hit the public in the next months, be warned there will be a flood of advisories :D

Together with Sergio Alvarez I gave a talk @ Hack.lu 2007. This year we explained what the heck is up with Anti-Virus software. We revisited the way AV solutions are implemented in current Company networks and AV Engines themselves. Defense in Depth is being misinterpreted and incorrectly implemented with disatrous effects. Customers (end-users of AV Software) believe they do DiD when in reality they do not, this is an important fact to keep in mind.

Rough Break-down of the Talk :

DiD as implemented for Anti Virus Software is broken, companies put one AV engine after the other believing it to be DiD. The worst security incident in such an architecture is being incorrectly defined as "A virus passes the gateway unrecognized" , in reality the worst possible failure is that the underlying Operation System is compromised through the AV Engine, you have to mitigate this.

AV Software is broken behond recognition, they parse enormous amounts of Data in unmanaged programming languanges and such are naturaly prone to errors. This was clear from the start, but the shear amount of bugs is someting else.The reality shows they all are.

AV Software runs directly on critical (with high privileged rights) infrastructure, AV Software runs everywhere

E-mail changes what is at stake: What happens if I sent an exploit targeting AV software as an attachment in an E-mail ? (You can automatically compromise Corporate Mail Servers/Clients/Gateways, from the outside as your email travels through your firewalls untouched. You can view the presentation here, might be interesting to you, I don't think everybody is aware of the impact some findings may have: The Death of AV-Defense in Depth?

A friend and colleague of mine, namely Alexios Fakos has published a Book under the title of Sichere Web Anwendungen, unfortunately it is german only. If you'd like to know how to code hardened Applications I heartly recommend this Book.

A free Chapter of the Book can be found here