SUMMARY

You can find all of the tools that Jake makes use of at http://www.digitalmunition.com. These tools and techniques were developed exclusively for this particular chapter. GenerationTwo is an accurate representation of the toolkit that Jake used in our storyline. You can download both the OS X 10.3 and 10.4 versions from

• http://www.digitalmunition.com/GenerationTwo-10.3-final.tar.gz

• http://www.digitalmunition.com/GenerationTwo-10.4-final.tar.gz

Both packages include a set of binaries and scripts to take root remotely on Bluetooth-enabled Macintosh machines that have not been patched to CAN-2005-1333. A helper script is also included to decode OS X linkkeys for usage with bluez. This tool can be used independently of any underlying vulnerability.

The following documents helped provide the technical content that made the attacks in the storyline possible. Without these particular issues, we would have simply had to abuse a different set of vulnerabilities, perhaps on a different platform. These issues are by no means the only exploitable issues that can be found and are simply intended to represent the general problem of software vulnerabilities in Bluetooth-enabled devices and computers.

• http://www.digitalmunition.com/TheftOfLinkKey.txt

• http://www.digitalmunition.com/InqTanaThroughTheEyes.txt

• http://www.digitalmunition.com/InqTana-ABC.tgz

• http://www.digitalmunition.com/DMA[2005-0502a].txt

• http://www.trifinite.org/trifinite_stuff_carwhisperer.html

The Bluetooth stack used on Jake's laptop can be found at http://www.bluez.org. If you have any questions about the use of Bluetooth on the Linux platform, please go to the bluez website.