Camp 2007 Review

Camp is over. Unfortunately I did not have enough spare time to write a in depth review, but I can say it was a lot of fun and very interesting. I didn’t enjoy the lectures very much, because the acoustic was lousy and the content of the lectures was not as good as I expected. But the concept of villages with people of same interests was very good. That way it was very easy to meet people with the same interests. One very interesting lecture was about the A5 Cracking Project. The projects goal is to implement a practical attack on the A5 cipher used in GSM networks. The cipher has already been broken in 1998 after the specs leaked into public because someone forgot to sign a NDA. But until now there is no public implementation of the attacks. There is a Wiki where the project is coordinated, check it out. That stuff is at the very top of my agenda. hmm, maybe not at the very top, but at the top ;-).

Anyway, due to the great atmosphere at the camp (especially during the night), I enjoyed it very much. Check out the flickr slideshow. I also made some photos, mostly night shots:
Continue reading Camp 2007 Review

Write your own CSR Firmware!

Darkircop have released their tools for reverse engineering CSR Firmware. The tools include a disassembler dis.c for disassembling official firmware. An assembler for writing your own firmware is also included. With these tools you are now able to write your own firmware for your CSR based Bluetooth Dongle, which might even include raw access for Bluetooth sniffing. The source code for sniffing Bluetooth under Linux included, too.

It might even be possible to port the techniques for finding hidden Bluetooth devices described in this paper onto a CSR dongle. In the paper GNU Radio with USRP was used. The source code used for this attack can be downloaded, too.