https://trifinite.org/stuff/ Recent content in trifinite.stuff on trifinite.org Hugo -- gohugo.io en-us Wed, 24 Jun 2026 00:00:00 +0000 https://trifinite.org/stuff/bluebait/ Wed, 24 Jun 2026 00:00:00 +0000 https://trifinite.org/stuff/bluebait/ BlueBait is the name of a technique that turns the open door of modern phone-as-key systems into a trap. Instead of passively waiting for a target vehicle or phone to appear, the attacker presents a tempting, attacker-controlled Bluetooth LE peer — a honeypot — that lures the victim’s phone into reaching out, revealing itself and connecting. https://trifinite.org/stuff/project_tempa/ Tue, 03 Jan 2023 00:00:00 +0000 https://trifinite.org/stuff/project_tempa/ The security of Tesla’s cars has been a hot topic in recent months. In addition to being one of the safest cars on the road, it is also well-protected from hacks and attacks. But how does Tesla make sure their vehicles are safe and secure? https://trifinite.org/stuff/tempa_autorization_replay_attack/ Mon, 25 Jul 2022 00:00:00 +0000 https://trifinite.org/stuff/tempa_autorization_replay_attack/ Note: This is related to Project TEMPA. Please follow this link for an overview! The Tesla Authorization Replay attack is using a tool like temparary in order to extract VCSEC AuthorizationResponses from a whitelisted smartphone app. For AuthorizationRequests - that are mainly used for passive entry functions - the vehicle communicates a challenge token, that the smartphone app has to answer with an AuthorizationResponse which is embedded in a VCSEC SignedMessage object that has a SIGNATURE_TYPE_AES_GCM_TOKEN SignatureType. https://trifinite.org/stuff/tempa_counter_confusion_attack/ Mon, 25 Jul 2022 00:00:00 +0000 https://trifinite.org/stuff/tempa_counter_confusion_attack/ Note: This is related to Project TEMPA. Please follow this link for an overview! The Tesla Crypto Counter Confusion attack works by impersonating a vehicle with a tool like temparary. Once the app on the owner’s phone starts communicating to the emulated BLE interface of the impersonated car, the temparary tool will request an authorization from the phone. https://trifinite.org/stuff/tool_temparary/ Wed, 29 Jun 2022 00:00:00 +0000 https://trifinite.org/stuff/tool_temparary/ temparary.py is a pybleno-based python script, that acts as a VCSEC peripheral. Currently, the tool is very experimental and implements rudimentary interactions, only! https://github.com/trifinite/temparary This tool has been released in the context of Project TEMPA Disclaimer While it’s very TEMPting to use this tool in order to impersonate random cars, we advise you to only use this tool on vehicles and smartphones you own or have permission to use. https://trifinite.org/stuff/tempa_keydrop_attack/ Wed, 29 Jun 2022 00:00:00 +0000 https://trifinite.org/stuff/tempa_keydrop_attack/ Note: This is related to Project TEMPA. Please follow this link for an overview! The Tesla Key Drop attack works by impersonating a vehicle with a tool like temparary. Once the app on the owner’s phone starts communicating to the emulated BLE interface of the impersonated car, the temparary tool will request an authorization from the phone. https://trifinite.org/stuff/tempa_authorization_timer_attack/ Sat, 04 Jun 2022 00:00:00 +0000 https://trifinite.org/stuff/tempa_authorization_timer_attack/ Note: This is related to Project TEMPA. Please follow this link for an overview! After unlocking the vehicle via NFC, Tesla allows potential attackers to store a key on the vehicle for a period of approx. 130s. No warning or similar will be displayed on the vehicle screen during this process. https://trifinite.org/stuff/tool_tempara/ Wed, 18 May 2022 00:00:00 +0000 https://trifinite.org/stuff/tool_tempara/ tempara.py is a Bleak-based python script, that acts as a VCSEC client. Currently, the tool is very experimental and implements rudimentary commands, only! https://github.com/trifinite/tempara This tool has been released in the context of Project TEMPA Disclaimer While it’s very TEMPting to use this tool to connect to random cars, we advise you to only use this tool on vehicles you own or have permission to use. https://trifinite.org/stuff/tempa_relay_attack/ Wed, 18 May 2022 00:00:00 +0000 https://trifinite.org/stuff/tempa_relay_attack/ Note: This is related to Project TEMPA. Please follow this link for an overview! Besides the ability to relay the 2.4GHz radio signal between the PhoneKey and the Tesla vehicle, it is also possible to relay information on protocol level by using standard software like gattacker. https://trifinite.org/stuff/vcsec-archive/ Wed, 18 May 2022 00:00:00 +0000 https://trifinite.org/stuff/vcsec-archive/ This archive can be found on github and contains all VCSEC protocol buffers definitions (aka proto-files). Additionally, there are two shell scripts that showcase the usage of the protoc tool, which is a pre-requisite for working with these files. https://github.com/trifinite/vcsec-archive https://trifinite.org/stuff/tool_vintag/ Wed, 18 May 2022 00:00:00 +0000 https://trifinite.org/stuff/tool_vintag/ VINTAG is an API client for trifinite’s Tesla VIN Identifier API on rapidAPI.com The Tesla VIN Identifier Every Tesla vehicle that has the PhoneKey feature (all Model 3/Y and 2021+ Model S/X), will identify with a unique Bluetooth device name. https://trifinite.org/stuff/teslaradar/ Fri, 23 Aug 2019 00:00:00 +0000 https://trifinite.org/stuff/teslaradar/ Tesla cars with enabled ‘Phone Key’ feature transmit a unique identifier, that can be detected using Bluetooth® Wireless Technology. By installing this app, your device becomes aware of Tesla vehicles in its proximity. The gathered data is shared in order to generate a global crowd-sourced heatmap of detectable Tesla cars. https://trifinite.org/stuff/android_smart_lock/ Fri, 01 May 2015 00:00:00 +0000 https://trifinite.org/stuff/android_smart_lock/ The Smart Lock Feature allows Android users (Android version 5.0 and later) to automatically unlock their smartphone whenever a trusted device, Wi-Fi network or geo location is in close proximity. Trusted devices could either be NFC tags or Bluetooth devices. Looking at Bluetooth devices, it turned out that the Smart Lock implementation had at least one security issue that got resolved. https://trifinite.org/stuff/rfidiot/ Mon, 01 May 2006 00:00:00 +0000 https://trifinite.org/stuff/rfidiot/ RFIDIOt is a python library for manipulating RFID devices. It provides support for external (currently Compact Flash/USB/Serial) readers, and functions are provided for standard operations such as READ, WRITE, DEBIT, LOGIN etc. Supported standards are ISO 14443A and ISO14443B in the 13. https://trifinite.org/stuff/bluechop/ Sun, 01 Jan 2006 00:00:00 +0000 https://trifinite.org/stuff/bluechop/ BlueChop is an attack that the disrupts any established bluetooth piconet by means of a device that is not participating the piconet. A precondition for this attack is that the master of the piconet supports multiple connections (a feature that is necessary for building up scatternets). https://trifinite.org/stuff/bloooverii/ Thu, 01 Dec 2005 00:00:00 +0000 https://trifinite.org/stuff/bloooverii/ Blooover II is the successor of the very popular application Blooover. After 150000 downloads of Blooover within the year 2005 (since the initial release in at 21c3 in December 2004), a new version of this mobile phone auditing toool is on its ready. https://trifinite.org/stuff/carwhisperer/ Fri, 01 Jul 2005 00:00:00 +0000 https://trifinite.org/stuff/carwhisperer/ The carwhisperer project intends to sensibilise manufacturers of carkits and other Bluetooth appliances without display and keyboard for the possible security threat evolving from the use of standard passkeys. A Bluetooth passkey is used within the pairing process that takes place, when two Bluetooth enabled devices connect for the first time. https://trifinite.org/stuff/bluedump/ Wed, 01 Jun 2005 00:00:00 +0000 https://trifinite.org/stuff/bluedump/ BlueDumping is the act of causing a Bluetooth device to ‘dump’ it’s stored link key, thereby creating an opportunity for key-exchange sniffing to take place. The attacks on link keys and PINs were first publicised by Ollie Whitehouse, at CanSecWest, in which he describes a method by which the PIN and link-keys can be obtained if a pairing event can be witnessed with a Bluetooth sniffer. https://trifinite.org/stuff/bluebump/ Fri, 01 Apr 2005 00:00:00 +0000 https://trifinite.org/stuff/bluebump/ The BlueBump attack is the Bluetooth equivalent to a very cool physical security thread called key bumping. When used correctly, an appropriate bump key can be used to open any lock in seconds. Since the BlueBump attack is also about keys (link keys in this case) we named this attack after this amazing technique. https://trifinite.org/stuff/bluesnarfpp/ Fri, 01 Apr 2005 00:00:00 +0000 https://trifinite.org/stuff/bluesnarfpp/ BlueSnarf++ is an attack that is very similar to the famous BlueSnarf attack. The main difference is that BlueSnarf++ is an attack where the attacker has full read/write access to the device’s filesystem. The manufacturers of the devices that are known to be vulnerable have been informed about this issue. https://trifinite.org/stuff/helomoto/ Fri, 01 Apr 2005 00:00:00 +0000 https://trifinite.org/stuff/helomoto/ The HeloMoto attack has been discovered by Adam Laurie and is a combination of the BlueSnarf attack and the BlueBug attack. The attack is called HeloMoto, since it was discovered on Motorola phones. Method The HeloMoto attack takes advantage of the incorrect implementation of the ‘trusted device’ handling on some Motorola devices. https://trifinite.org/stuff/btclass/ Tue, 01 Feb 2005 00:00:00 +0000 https://trifinite.org/stuff/btclass/ Each Bluetooth device has a device class (type of device and services it provides) which is part of the responds to an inquiry. The device class has a total length of 24 bits and is separated in three parts. First there is the Service Class which is a bit field (first 11 bits) and second and third are the Major (5 bits) and Minor (6 bits) device class. https://trifinite.org/stuff/bluesmack/ Wed, 01 Dec 2004 00:00:00 +0000 https://trifinite.org/stuff/bluesmack/ BlueSmack is a Bluetooth attack that knocks out some Bluetooth-enabled devices immediately. This Denial of Service attack can be conducted using standard tools that ship with the official Linux Bluez utils package. Introduction The ‘Ping of Death’ is basically a network ping packet that used to knock out early versions of Microsoft Windows 95. https://trifinite.org/stuff/blooover/ Wed, 01 Sep 2004 00:00:00 +0000 https://trifinite.org/stuff/blooover/ Since Adam Laurie’s BlueSnarf experiment and the subsequent BlueBug experiment it is proven that some Bluetooth-enabled phones have security issues. Until now, attackers need laptops for the snarfing of other people’s information. Unless attackers do a long-distance-snarf, people would see that there is somebody with a laptop trying to do strange things. https://trifinite.org/stuff/blueprinting/ Wed, 01 Sep 2004 00:00:00 +0000 https://trifinite.org/stuff/blueprinting/ Blueprinting is a method to remotely find out details about bluetooth-enabled devices. Blueprinting can be used for generating statistics about manufacturers and models and to find out whether there are devices in range that have issues with Bluetooth security. (read more about bluetooth security issues here) https://trifinite.org/stuff/bluetooone/ Wed, 01 Sep 2004 00:00:00 +0000 https://trifinite.org/stuff/bluetooone/ The information on this page is intended to help people that want to modify their bluetooth equipment in order to connect an external (directional) antenna to their Bluetooth dongle. This Bluetooth tuning makes it possible to concentrate the emission of bluetooth signals to one direction instead of any direction. https://trifinite.org/stuff/bt_audit/ Wed, 01 Sep 2004 00:00:00 +0000 https://trifinite.org/stuff/bt_audit/ The Bluetooth architecture consists out of two main protocols, L2CAP and RFCOMM which is layered on top of L2CAP. Since these protocols utilize ports (as they are named in the popular TCP/IP UDP/IP architecture). It makes sense to have the ability to scan these in order to find so called open ports and possible vulnerable applications bound to them. https://trifinite.org/stuff/nokia_770/ Wed, 01 Sep 2004 00:00:00 +0000 https://trifinite.org/stuff/nokia_770/ The Nokia 770 Internet Tablet is a Linux based tablet PC with built in Wi-Fi and Bluetooth capabilities. The trifinite.group will publish ports of it’s own and 3rd party packages for this platform, to enable it to be used as a compact, portable auditing device. https://trifinite.org/stuff/long-distance-snarf/ Sun, 01 Aug 2004 00:00:00 +0000 https://trifinite.org/stuff/long-distance-snarf/ The long-distance-snarf is an experiment that took place in the early morning of 4th August 2004 at the Santa Monica Pier in California. Five people (John Hering, James Burgess, Kevin Mahaffey, Mike Outmesguine and Martin Herfurt) made it out of their beds and met a crew of the TV station G4TechTV. https://trifinite.org/stuff/bluebug/ Thu, 01 Apr 2004 00:00:00 +0000 https://trifinite.org/stuff/bluebug/ BlueBug is the name of a bluetooth security loophole on some bluetooth-enabled cell phones. Exploiting this loophole allows the unauthorized downloading phone books and call lists, the sending and reading of SMS messages from the attacked phone and many more things. https://trifinite.org/stuff/bluesnarf/ Sat, 01 Nov 2003 00:00:00 +0000 https://trifinite.org/stuff/bluesnarf/ The BlueSnarf attack is probably the most famous Bluetooth attack, since it is the first major security issue related to Bluetooth enabled devices. BlueSnarf has been identified by Marcel Holtmann in September 2003. Independently, Adam Laurie discovered the same vulneralbility in November 2003 posted the issue on Bugtraq and got in touch with the respective device manufacturers.