Is it possible to fuzz the RFCOMM protocol for bluetooth on Android?

Question

I'm trying to look in to whether or not it is possible to fuzz the RFCOMM protocol for bluetooth on android.

Any help is appreciated.

Thanks.

Answer 1

It is possible to fuzz anything, even smoke signals, but it will often require some work. If you can't find a pre-built tool, you'll need to build it yourself.

The basic building blocks of a fuzzer are as follows:

• Interface: Software to talk at that protocol's level. This can be trickier for lower-level or obscure protocols.
  • In the case of Bluetooth, you might need particular hardware. Ubertooth has a reputation in the Bluetooth world.
• Generator: Software to generate mutations of the protocol.
• Oracle: One or more means of detecting when something goes wrong with the unit under test. The oracle tends to be very application-specific. Some options:
  • Response-checking: Check the protocol responses for anomalies (e.g., something different than the typical error response).
  • Debugger: If your target is Android, you might be able to detect these errors on the device. Maybe.
  • Crash: If the device stops talking period, you probably hit something.

If you're just getting started, I'd recommend downloading an open source tool like Sulley just to get yourself acquainted.

Edit: I forked Sulley to a similar tool called boofuzz, which I would now recommend, as it is a little more active and updated.