Wednesday, October 27, 2010

Ubertooth Zero, a preview

Last weekend at ToorCon 12 I unveiled Project Ubertooth, something I've been working on for more than a year. The goal of the project is to produce a low cost 2.4 GHz wireless development platform suitable for Bluetooth sniffing (among other things). If you are familiar with previous work on Bluetooth monitoring, then you know that good tools are expensive. Commercial equipment costs $10,000 or more, and even the open source solution requires a hardware investment of at least $1000.

In my talk, Ubertooth Zero, a preview, I demonstrated Bluetooth sniffing for the first time with Ubertooth Zero, my first prototype hardware model. The platform is based on the Texas Instruments CC2400 wireless transceiver paired with NXP's LPC1758, an ARM microcontroller with USB. You can build an Ubertooth Zero for less than $50 in parts. The hardware design and host code are published in the svn repository at http://ubertooth.sourceforge.net/, and firmware will follow as soon as possible (probably a couple weeks). Everything is open source.

Over the coming weeks I'll be working on the next model, Ubertooth One, which I hope to have available in early 2011. It will be compatible with the Ubertooth Zero software but will have an improved RF front end, comparable to a Class 1 Bluetooth device. I hope to produce Ubertooth One commercially, making it available to those who don't want to solder 0402s, but rest assured that the product will remain fully open source. I'm also working on firmware, host software, and documentation so that the platform will be easier to build and use.

I would love to hear from you if you decide to build an Ubertooth Zero. Keep in mind that this is a preview release with much work still undone. So far I've built three working boards, one of which fetched $275 in Sunday night's ToorCon Foundation auction, supporting technology education in developing countries. I have three more that I hope to get working soon, and then I'll start work on Ubertooth One.

So far I have implemented only single channel Bluetooth monitoring. The device sits on a single channel and receives a small subset of packets from all Bluetooth devices in range (the target devices use frequency hopping, so they only transmit a small percentage of their packets on that particular channel). This is sufficient to provide a good survey of Bluetooth activity. With some work on software in the future, the platform should be capable of hopping along with a target, receiving every packet on that piconet. Once that is working, it should be possible to use the Ubertooth platform for raw frame injection, an important capability that has been out of reach of wireless security researchers since Bluetooth's introduction. The platform could also be used for several non-Bluetooth functions such as spectrum monitoring or 802.11 FHSS

ToorCon was a blast, as always. Thanks to everyone who attended the Software Defined Radio Workshop, Real Men Carry Pink Pagers, and the Ubertooth talk. Thanks to Travis for making our talk so much fun. Thanks to Dominic for making the trip from London. Thanks to George, Tim, and David for putting on a great con and making me feel so welcome. Thanks to all the friends, both old and new. Thanks(?) to Nick et al. for embarrassing the hell out of me. Thanks to Laen for running the DorkbotPDX PCB service. Most of all, thanks to Jared Boone who couldn't be at ToorCon but who has supported my effort to develop Project Ubertooth more than anyone.

6 comments:

Anonymous said...

This really sounds like good work. The hardware (or lack of it) and accompanying firmware I feel has been a stumbling block for true accessible Bluetooth sniffing. Am definitely looking forward to hearing more about Ubertooth in the near future.

Anonymous said...

Mike Ossmann is my HERO!

Agen Bola Terpercaya said...

nice to see this article
Agen bola terpercaya

Unknown said...

nice day dear
Agen Bola

Agen Bola said...

good website
Agen Bola

Unknown said...

I was scammed over $93,100. I talked with this guy for 8 months. I sent him money via Bitcoin atm and bank account, I almost lost everything. But for the timely intervention of the Wizard Wierzbicki Programmer, who just in kick-off on time got back my $93,100. He is really good at what he does, I have recommended him to friends and co-workers who all became satisfied customers. He has helped me a lot in the trading industry, you can reach him for Everything. Hacking and Funds Recovering he is the best and has different skills in funds recovering and exposing scammers. Am glad and happy to recover my money, there is no shame in becoming a scam victim of one of these sophisticated and predatory operations. By reporting you may be able to recover some or all of your lost funds and prevent the scammers from targeting others. To recover your Bitcoin Scammed funds, Scammed funds, Clear or Erase Criminal Records, Mobile spy remote control assess, Bitcoin Mining Contact this Genius Recovery Advocate Website: https://wizardwierzbicki.com WhatsApp: +49 1575 8718600 Email: WIZARDWIERZBICKIPROGRAMMER@GMAIL.COM