Re: [Bluez-devel] bd_addr question

Re: [Bluez-devel] bd_addr question

[Michael Schmidt]

Hi Jessica,

> Sorry, I worded it poorly.  I'm a graduate student researching
> privacy issues related to Bluetooth, which I'm pretty new to.  I'm
> trying to work a way around the fact that each device address is
> unique therefore trackable.  I was wondering if I were to buy a
> Bluetooth transmitter and build my own device, can I change the
> bd_addr that is stored by the chip's manufacturer?  Which
> layer/module is in charge of reading that unique bd_addr?  I hope
> that makes more sense!

Check the source files of the AXIS OpenBT stack
(http://sourceforge.net/projects/openbt/) for vendor-specific commands 
on how to change the BD_ADDR of certain Ericsson and CSR modules (sorry, 
I forgot the precise files where these commands are located in). After 
performing the address change, you need to hard-reset (i.e. typically 
disconnect) the modules to make the change effective.

Keep in mind that you break some of the BT functionality when you use 
variable BD_ADDRs: The pairing-based security mechanisms (authentication 
and encryption) rely on a constant BD_ADDR. I guess there is more 
functionality that is affected by the change.


Hope this helps,

Michael


-- 
=================================================
Michael Schmidt
-------------------------------------------------
Institute for Data Communications Systems
University of Siegen, Germany
-------------------------------------------------
http:   www.nue.et-inf.uni-siegen.de/~schmidt/
e-mail: schmidt@nue.et-inf.uni-siegen.de
mobile: +49 179 7810214
=================================================


-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
_______________________________________________
Bluez-devel mailing list
Bluez-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bluez-devel

Re: [Bluez-devel] bd_addr question

[Steven Singer]

Michael Schmidt wrote:
> Keep in mind that you break some of the BT functionality when you use 
> variable BD_ADDRs: The pairing-based security mechanisms (authentication 
> and encryption) rely on a constant BD_ADDR. I guess there is more 
> functionality that is affected by the change.

Don't forget that Bluetooth addresses must be unique otherwise unpleasant
things happen.

Bluetooth addresses come out of the same address space as MAC addresses,
if you want to use your own then you need to get an OUI or IAB allocation
from the IEEE.

The BD ADDR <-> MAC point is important. If you start running BNEP
(Bluetooth Network Encapsulation Protocol = Ethernet over Bluetooth)
then the Bluetooth device will use its Bluetooth address as its Ethernet
MAC address. This means that you can't simply take the MAC address from
another device on your system (say an Ethernet card) and use it as your
Bluetooth address.

	- Steven
-- 



**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote also confirms that this email message has been swept by
MIMEsweeper for the presence of computer viruses.

www.mimesweeper.com
**********************************************************************



-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
_______________________________________________
Bluez-devel mailing list
Bluez-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bluez-devel

Re: [Bluez-devel] bd_addr question

[Mark RISON]

Steven Singer <steven.singer@csr.com>:

>Michael Schmidt wrote:
> > Keep in mind that you break some of the BT functionality when you use
> > variable BD_ADDRs: The pairing-based security mechanisms (authentication
> > and encryption) rely on a constant BD_ADDR. I guess there is more
> > functionality that is affected by the change.
>Don't forget that Bluetooth addresses must be unique otherwise unpleasant
>things happen.
>Bluetooth addresses come out of the same address space as MAC addresses,
>if you want to use your own then you need to get an OUI or IAB allocation
>from the IEEE.

Well, you could use a MAC address with the U(niversal)/L(ocal) bit set,
which would correspond to a BD_ADDR with bit 9 of the NAP set, as long
as you can guarantee its uniqueness (which in practice means you have
control of all the devices which might participate in your network; bear in
mind that some MAC addresses were allocated with that bit set in pre-IEEE
days).  You don't have to buy/register locally-administered MAC addresses.

>The BD ADDR <-> MAC point is important. If you start running BNEP
>(Bluetooth Network Encapsulation Protocol = Ethernet over Bluetooth)
>then the Bluetooth device will use its Bluetooth address as its Ethernet
>MAC address. This means that you can't simply take the MAC address from
>another device on your system (say an Ethernet card) and use it as your
>Bluetooth address.

Unless you refrain from using that Ethernet card in the same network as
your Bluetooth device.  (This is/was the basis of a popular way to buy a few
MAC addresses: buy a few bargain-basement NICs, read their BD_ADDRs,
and junk the NICs).

Another top tip: don't pick addresses with the I(ndividual)/G(roup) bit set
(i.e. multicast addresses), which would correspond to a BD_ADDR with
bit 8 of the NAP set.  BNEP devices are almost certain to get very confused
by this!

Mark

--
CPC/IP - A TCP/IP stack for Amstrad CPCs
-- http://www.nenie.org/cpcip/
"Z88 vs CPC? Christ. How did we miss that platform war?"
-- http://www.ntk.net/index.cgi?back=archive00/now0128.txt&line=110#l

_________________________________________________________________
Create a Job Alert on MSN Careers and enter for a chance to win $1000! 
http://msn.careerbuilder.com/promo/kaday.htm?siteid=CBMSN_1K&sc_extcmp=JS_JASweep_MSNHotm2



-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
_______________________________________________
Bluez-devel mailing list
Bluez-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bluez-devel

[Bluez-devel] bd_addr question

[Jessica Huang]

Hi,
I'm not sure if this is the right place to ask, but I had a question about 
the Bluetooth Device Address.  From my understanding, the BD_ADDR is stored 
on the Bluetooth transmitter.  I was wondering if it is possible to 
intercept that address and provide some arbitrary one.  Could someone 
please explain how this address is accessed and by what modules?
Thanks,
Jessica  



-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
_______________________________________________
Bluez-devel mailing list
Bluez-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bluez-devel

Re: [Bluez-devel] bd_addr question

[Marcel Holtmann]

Hi Jessica,

> I'm not sure if this is the right place to ask, but I had a question about 
> the Bluetooth Device Address.  From my understanding, the BD_ADDR is stored 
> on the Bluetooth transmitter.  I was wondering if it is possible to 
> intercept that address and provide some arbitrary one.  Could someone 
> please explain how this address is accessed and by what modules?

what do you mean with intercept? I don't get any idea of what you are
trying to achieve.

Regards

Marcel




-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
_______________________________________________
Bluez-devel mailing list
Bluez-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bluez-devel

Re: [Bluez-devel] bd_addr question

[Marcel Holtmann]

Hi Jessica,

> Sorry, I worded it poorly.  I'm a graduate student researching privacy 
> issues related to Bluetooth, which I'm pretty new to.  I'm trying to work a 
> way around the fact that each device address is unique therefore 
> trackable.  I was wondering if I were to buy a Bluetooth transmitter and 
> build my own device, can I change the bd_addr that is stored by the chip's 
> manufacturer?  Which layer/module is in charge of reading that unique 
> bd_addr?  I hope that makes more sense!

the Bluetooth SIG is working on something that is called Anonymity Mode
and this should be present in Bluetooth 1.2, but it got removed from the
final specification. So actually devices are trackable. And there is no
default way of changing the BD_ADDR, but some manufacturers provides
vendor specific HCI commands to change the Bluetooth address.

Regards

Marcel




-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
_______________________________________________
Bluez-devel mailing list
Bluez-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bluez-devel

Re: [Bluez-devel] bd_addr question

[Collin R. Mulliner]

Hi,

some professor from france (forgot the name) once told me that the CSR
bluetooth development kit has this feature (and many other cool
features like bluetooth sniffing etc...). Just a hint :-)


... Collin

-- 
Collin R. Mulliner <collin@betaversion.net>
BATAVERSiON Systems [www.betaversion.net]
info/pgp: finger collin@betaversion.net
Unix is user friendly. It is just picky about who its friends are.


-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
_______________________________________________
Bluez-devel mailing list
Bluez-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bluez-devel