Patch Bluetooth system to connect ANT+ sensor & stop BlueBorne attack
advertisement
Naam | Bluetooth+ |
---|---|
Versie | 2.50 |
Update | 18 sep. 2017 |
Grootte | 274 KB |
Categorie | Bibliotheken en demo |
Installaties | 100K+ |
Ontwikkelaar | z2 Software |
Android OS | Android 4.2+ |
Google Play ID | com.z2software.bluetoothpatcher |
Bluetooth+ · Beschrijving
Patch Bluetooth system to add feature-rich plugins.
Now BlueBorne attack quarantine included!
Require root permission and super user app. Your device needs to be rooted to patch android Bluetooth system. Support Android 4.2.2 ~ Android 7.1.2 and Lineage OS 14.1 201708?? for Android 7.1.2
BlueBorne attack quarantine highlight:
- BlueBorne attack put millions android device in danger!
- BlueBorne quarantine in Bluetooth+ will deactivate vulnerable code of Bluetooth network profile, health profile and MCAP test profile in low level Bluetooth stack.
- Implemented base on Android security bulletin: CVE-2017-0781 CVE-2017-0782 CVE-2017-0781. The most severe vulnerable code is in bnep module (bnep_main.cc, bnep_utils.cc) for PAN network profile. Disabling network profile in Bluetooth stack completely should fend off most of BlueBorne attack
- It's free
How to verify it actually works?
- Enable develop mode in your device
- Enable 'BlueBorne quarantine' at option menu
- Connect your device by usb to a computer that run adb command.
- In command window of the computer, type and run:
adb logcat
- Now use another paired android phone and try to connect by Bluetooth 'Internet access'
- Search the command window for following Bluetooth stack log:
'09-18 23:38:54.089 10337 10367 W bt_l2cap: L2CAP - rcvd conn req for unknown PSM: 15'
- The log above means any Bluetooth network connecting attempt will be dropped immediately at low level of L2CAP connection. The beginning of BlueBorne attack is stopped right there.
Please notice 'BlueBorne Vulnerability Scanner' app is based on simple system patch version check and vendor id in Bluetooth address match. Your device won't pass the scan even after 'BlueBorne quarantine' is enabled. But I'm confident the attack will fail. You know, the most secure code is the dead code never runs.
Available plugins:
- True mouse/KB: Enable Bluetooth HID Device Profile. Transform your phone into real Bluetooth mouse & keyboard combo and remote control any computer has Bluetooth. Touch gesture supports horizontal/vertical scrolling, pinch zoom and more.
https://play.google.com/store/apps/details?id=com.z2software.btpluginhidd
- ANT+ Enabler: Enable built-in ANT+ hardware on your device
https://play.google.com/store/apps/details?id=com.z2software.antplus
Please note this free app doesn't provide any feature without plugin installed.
If you run into any issue and need to clean up the installed patch, please make sure to use "Uninstall" button on taskbar. Android system uninstall cannot remove it thoroughly.
Known issues:
- Your Bluetooth might have issue if the device does not has compatible bluetooth software stack with AOSP. To recover it, please make sure to use 'Uninstall' button on the taskbar with root permission. Please do NOT use default system 'Uninstall' from Settings. It cannot clean up the patch installed under system folder.
Now BlueBorne attack quarantine included!
Require root permission and super user app. Your device needs to be rooted to patch android Bluetooth system. Support Android 4.2.2 ~ Android 7.1.2 and Lineage OS 14.1 201708?? for Android 7.1.2
BlueBorne attack quarantine highlight:
- BlueBorne attack put millions android device in danger!
- BlueBorne quarantine in Bluetooth+ will deactivate vulnerable code of Bluetooth network profile, health profile and MCAP test profile in low level Bluetooth stack.
- Implemented base on Android security bulletin: CVE-2017-0781 CVE-2017-0782 CVE-2017-0781. The most severe vulnerable code is in bnep module (bnep_main.cc, bnep_utils.cc) for PAN network profile. Disabling network profile in Bluetooth stack completely should fend off most of BlueBorne attack
- It's free
How to verify it actually works?
- Enable develop mode in your device
- Enable 'BlueBorne quarantine' at option menu
- Connect your device by usb to a computer that run adb command.
- In command window of the computer, type and run:
adb logcat
- Now use another paired android phone and try to connect by Bluetooth 'Internet access'
- Search the command window for following Bluetooth stack log:
'09-18 23:38:54.089 10337 10367 W bt_l2cap: L2CAP - rcvd conn req for unknown PSM: 15'
- The log above means any Bluetooth network connecting attempt will be dropped immediately at low level of L2CAP connection. The beginning of BlueBorne attack is stopped right there.
Please notice 'BlueBorne Vulnerability Scanner' app is based on simple system patch version check and vendor id in Bluetooth address match. Your device won't pass the scan even after 'BlueBorne quarantine' is enabled. But I'm confident the attack will fail. You know, the most secure code is the dead code never runs.
Available plugins:
- True mouse/KB: Enable Bluetooth HID Device Profile. Transform your phone into real Bluetooth mouse & keyboard combo and remote control any computer has Bluetooth. Touch gesture supports horizontal/vertical scrolling, pinch zoom and more.
https://play.google.com/store/apps/details?id=com.z2software.btpluginhidd
- ANT+ Enabler: Enable built-in ANT+ hardware on your device
https://play.google.com/store/apps/details?id=com.z2software.antplus
Please note this free app doesn't provide any feature without plugin installed.
If you run into any issue and need to clean up the installed patch, please make sure to use "Uninstall" button on taskbar. Android system uninstall cannot remove it thoroughly.
Known issues:
- Your Bluetooth might have issue if the device does not has compatible bluetooth software stack with AOSP. To recover it, please make sure to use 'Uninstall' button on the taskbar with root permission. Please do NOT use default system 'Uninstall' from Settings. It cannot clean up the patch installed under system folder.