Toothpicker Bluetooth

On this post, I would like to share a tool that will be used to analyse all type of Bluetooth protocols on iOS. The tools are normally an in-process and coverage-guided fuzzer for iOS and similar to Frida function.

The tools have been built via frizzer but it also been adapted to be used for specific application due to some of the application didn’t compatible with the original version in the further future.

To download the tools into your machine, you can use the command as:

git clone


For Iphone:

All the requirement should be fulfil with all include on here

For Debian Linux

All service need to be installed as follows:

  • usbmuxd
  • libimobiledevice
  • virtualenv
  • radamsa
  • iproxy that have an additional package like libusbmuxd-tools.

Tool usage

Firstly, you need to connect your phone to the operating system and it’s advisable to run it using flight mode or do not disturb mode. However, it also recommended if you can use emulator for this activity.

The command that can be use for starting a new project can be seen as follows:

cd harness
npx frida-compile ../projects/YOUR_PROJECT/YOUR_SPECIALIZED_HARNESS.JS -o ../projects/YOUR_PROJECT/harness.js
cd ../projects/YOUR_PROJECT/
mkdir crashes
frizzer fuzz -p .

Once you finish the command above, you should be able to analysis iOS Bluetooth

Source: Github Toothpicker

Author: Wan Ariff

He brings with him working experience in Information Security filed which specializing in Penetration Testing and Digital Forensic. His passion is more to IT Security

Leave a Reply

Your email address will not be published. Required fields are marked *