On this post, I would like to share a tool that will be used to analyse all type of Bluetooth protocols on iOS. The tools are normally an in-process and coverage-guided fuzzer for iOS and similar to Frida function.
The tools have been built via frizzer but it also been adapted to be used for specific application due to some of the application didn’t compatible with the original version in the further future.
To download the tools into your machine, you can use the command as:
git clone https://github.com/seemoo-lab/toothpicker.git
Requirement
For Iphone:
All the requirement should be fulfil with all include on here
For Debian Linux
All service need to be installed as follows:
- usbmuxd
- libimobiledevice
- virtualenv
- radamsa
- iproxy that have an additional package like li
busbmuxd-tools.
Tool usage
Firstly, you need to connect your phone to the operating system and it’s advisable to run it using flight mode or do not disturb mode. However, it also recommended if you can use emulator for this activity.
The command that can be use for starting a new project can be seen as follows:
cd harness npx frida-compile ../projects/YOUR_PROJECT/YOUR_SPECIALIZED_HARNESS.JS -o ../projects/YOUR_PROJECT/harness.js cd ../projects/YOUR_PROJECT/ mkdir crashes frizzer fuzz -p .
Once you finish the command above, you should be able to analysis iOS Bluetooth
Source: Github Toothpicker
