[ Secuobs - Tools release ] BSS (Bluetooth Stack Smasher) fuzzer

[Research Infratech <research@xxxxxxxxxxxx>]

[Software] BSS - Bluetooth Stack Smasher

[Version] 0.6

[Location] BSS could be downloaded on 
http://www.secuobs.com/news/05022006-bluetooth10.shtml

[Credits] Pierre Betouin - pierre.betouin@xxxxxxxxxxxx

Bug was found on following devices : hcidump, Sony/ericsson K600i/V600i/W800i, 
Nokia N70 & SAMSUNG E730 cell phones (feel free to debug yours and inform us :)

[Purpose]

BSS (Bluetooth Stack Smasher) is a L2CAP layer fuzzer, distributed under GPL 
licence.

BSS requires the standard bluetooth library.

Usage: ./bss [-s size] [-m mode] [-p pad_byte for modes 1-11] [-M maxcrash]

Modes :

0       All mode listed below

1       L2CAP_COMMAND_REJ

2       L2CAP_CONN_REQ

3       L2CAP_CONN_RSP

4       L2CAP_CONF_REQ

5       L2CAP_CONF_RSP

6       L2CAP_DISCONN_REQ

7       L2CAP_DISCONN_RSP

8       L2CAP_ECHO_REQ

9       L2CAP_ECHO_RSP

10      L2CAP_INFO_REQ

11      L2CAP_INFO_RSP

12      L2CAP Random Fuzzing (-s: max_size) (-M: crashcount)


BSS Example :

./bss -s 100 -m 12 -M 0 XX:XX:XX:XX:XX:XX

This example sends short random (mode 12) packets (maxsize is set to 100 
bytes), in an infinite loop (-M 0).