Tool

tempara.py is a Bleak-based python script, that acts as a VCSEC client. Currently, the tool is very experimental and implements rudimentary commands, only! https://github.com/trifinite/tempara This tool has been released in the context of Project TEMPA Disclaimer While it’s very TEMPting to use this tool to connect to random cars, we advise you to only use this tool on vehicles you own or have permission to use.

This archive can be found on github and contains all VCSEC protocol buffers definitions (aka proto-files). Additionally, there are two shell scripts that showcase the usage of the protoc tool, which is a pre-requisite for working with these files. https://github.com/trifinite/vcsec-archive

Transforming the 8 hex-encoded bytes from Tesla’s BLE name into an actual VIN requires a rainbowtable with all possible identifiers. This data is provided via rapidAPI. The VINTAG tool itself is only a wrapper to this API and does not work without it.

RFIDIOt is a python library for manipulating RFID devices. It provides support for external (currently Compact Flash/USB/Serial) readers, and functions are provided for standard operations such as READ, WRITE, DEBIT, LOGIN etc. Supported standards are ISO 14443A and ISO14443B in the 13.

Blooover II is the successor of the very popular application Blooover. After 150000 downloads of Blooover within the year 2005 (since the initial release in at 21c3 in December 2004), a new version of this mobile phone auditing toool is on its ready.

The carwhisperer project intends to sensibilise manufacturers of carkits and other Bluetooth appliances without display and keyboard for the possible security threat evolving from the use of standard passkeys. A Bluetooth passkey is used within the pairing process that takes place, when two Bluetooth enabled devices connect for the first time.

Each Bluetooth device has a device class (type of device and services it provides) which is part of the responds to an inquiry. The device class has a total length of 24 bits and is separated in three parts. First there is the Service Class which is a bit field (first 11 bits) and second and third are the Major (5 bits) and Minor (6 bits) device class.

Since Adam Laurie’s BlueSnarf experiment and the subsequent BlueBug experiment it is proven that some Bluetooth-enabled phones have security issues. Until now, attackers need laptops for the snarfing of other people’s information. Unless attackers do a long-distance-snarf, people would see that there is somebody with a laptop trying to do strange things.

The Bluetooth architecture consists out of two main protocols, L2CAP and RFCOMM which is layered on top of L2CAP. Since these protocols utilize ports (as they are named in the popular TCP/IP UDP/IP architecture). It makes sense to have the ability to scan these in order to find so called open ports and possible vulnerable applications bound to them.

The Nokia 770 Internet Tablet is a Linux based tablet PC with built in Wi-Fi and Bluetooth capabilities. The trifinite.group will publish ports of it’s own and 3rd party packages for this platform, to enable it to be used as a compact, portable auditing device.