DirtyTooth for Raspberry Pi

This tool represents a software implementation of the DirtyTooth Speaker in the form of a .deb package for Raspberry Pi

Technology description

Bluetooth communications are on the increase. Millions of users use the technology to connect to peripherals that simplify and provide greater comfort and experience.

There is a trick or hack for iOS 10.3.2 and earlier that takes advantage of the management of the profiles causing impact on the privacy of users who use Bluetooth technology daily.

From the iOS device information leak caused by the incorrect management of profiles, a lot of information about the user and their background may be obtained.

This tool represents a software implementation of the DirtyTooth Speaker in the form of a .deb package for Raspberry Pi.

Functionalities

When the iOS system detects a Bluetooth signal, the user can visualize the device with which it wants to connect.

The speaker that appears in the Bluetooth discovery is announcing the A2DP profile, a profile to play audio via the Bluetooth connection. When the user clicks on it, the pairing is completed, with no need for a PIN in versions Bluetooth 2.1 or higher.

After a few seconds, the speaker Bluetooth can change its profile to a PBAP profile for example.

If this happens, iOS will perform the profile change without displaying any type of notification to the user.

Note the existence of a weakness or an accessibility configuration extra in iOS. When the profile change is carried out without notification, the synchronization of contacts is enabled by default, giving access to it. In other words, DirtyTooth is a trick or hack that can take advantage of this accessibility configuration.

The provided tool can start or stop a Bluetooth agent. The agent waits for a device to pair with it. The agent will not ask the device any PIN code, not token in order to pair. This represents an implementation of Bluetooth 4.0 (in the case of the Raspberry Pi 3), maximizing the ease of use.

Once an iOS device has been paired and connected, the dirtytooth script is automatically called in order to collect the contact info, as well as the call history, at the /root/dirtytooth folder.

The tool does not require any mayor interaction: it works automatically.
DirtyTooth for Raspberry Pi
Innovation Technologies

Recover Popcorn

This tool recovers the password required to decrypt those files encrypted by the first version of PopCorn ransomware that appeared by the end of 2016.

Wannacry File Restorer

Wannacry File Restorer allows recovering files left in the middle of the Wannacry malware encryption process on a computer. Thanks to this PoC, these files can be recovered.

DirtyTooth

Hack solved as of iOS 11.2 that accesses services and information from Bluetooth-enabled devices.