tempara.py is a Bleak-based python script, that acts as a VCSEC client. Currently, the tool is very experimental and implements rudimentary commands, only! https://github.com/trifinite/tempara This tool has been released in the context of Project TEMPA Disclaimer While it’s very TEMPting to use this tool to connect to random cars, we advise you to only use this tool on vehicles you own or have permission to use.
The carwhisperer project intends to sensibilise manufacturers of carkits and other Bluetooth appliances without display and keyboard for the possible security threat evolving from the use of standard passkeys. A Bluetooth passkey is used within the pairing process that takes place, when two Bluetooth enabled devices connect for the first time.
Each Bluetooth device has a device class (type of device and services it provides) which is part of the responds to an inquiry. The device class has a total length of 24 bits and is separated in three parts. First there is the Service Class which is a bit field (first 11 bits) and second and third are the Major (5 bits) and Minor (6 bits) device class.
Since Adam Laurie’s BlueSnarf experiment and the subsequent BlueBug experiment it is proven that some Bluetooth-enabled phones have security issues. Until now, attackers need laptops for the snarfing of other people’s information. Unless attackers do a long-distance-snarf, people would see that there is somebody with a laptop trying to do strange things.
The Bluetooth architecture consists out of two main protocols, L2CAP and RFCOMM which is layered on top of L2CAP. Since these protocols utilize ports (as they are named in the popular TCP/IP UDP/IP architecture). It makes sense to have the ability to scan these in order to find so called open ports and possible vulnerable applications bound to them.