Katana v3.0 Beta (One Week Only!) Release
     July 30, 2012

Katana v3.0 Beta will be available to download for ONE WEEK ONLY! Sept. 26 - Oct. 3rd, There are plenty of updates from the previous version, so have fun. Remember though, this is a beta and may still have some bugs. ...

The Glitch on Kickstarter
     Sept. 4, 2012

As part of working on the HIDIOUS keystroke injection library, I began designing a special purpose Arduino compatible hacking board called The Glitch. This board offloads user configuration to a MicroSD card instead of needing to modify code for the firmware to perform new tasks. It also has a DIP switch to allow users select from multiple payloads on-the-fly.

In order to make this hardware available, a Kickstarter project was launched on Aug 7th and will continue through to Oct. 3rd. Help support the project and be one of the first to get The Glitch.

Katana v3.0 Beta release @ DefCon XX
     July 30, 2012

A Katana v3.0 beta release is going to happen though Hackers for Charity at DefCon XX. Drop by and say hi at the booth and find out what Hackers for Charity is all about, plus get a copy of Katana 3.0 Beta at this exclusive release at DefCon. This is fresh off the press, so DVDs will be scarce. Bring a flash drive or laptop along to copy the files. There are several major updates to the distros and portable applications. ...

Hackers For Charity.org

HIDIOUS: HID Injection Over Usb Suite
     July 11, 2012

HIDIOUS (HID Injection Over Usb Suite) is an Arduino/Teensy library for Keystroke injection. The library provides functions to run user defined commands, scripts, or binaries against Windows, Linux, and OSX.

     May 24, 2012

CavitySearch (as in teeth) is a Bash script which utilizes several methods of assessing the capabilities of Bluetooth devices. Most of the information can be gathered without pairing with the target device or alerting the end user. CavitySearch will report running services, Device Name, Device Address, Device Type, open RFCOMM Channels "ports", open L2CAP PSMs "ports", device manufacturer, supported protocols, and more. It is also able to help find "hidden" services running on the device.

     Apr. 04, 2012

BlueRanger is a simple Bash script which uses Link Quality to locate Bluetooth device radios. It sends l2cap (Bluetooth) pings to create a connection between Bluetooth interfaces, since most devices allow pings without any authentication or authorization. The higher the link quality, the closer the device (in theory).


SpoofTooph v0.5
     Mar. 13, 2012

SpoofTooph v0.5 released. Fixed a few bugs in the code. Added some new features including a man-in-the-middle mode. Some of the parameters have been changed from previous versions. Current users should consult the ChangeLog for a list of the parameters changes.

Installing Ubertooth on the PwnPhone
     Feb. 17, 2012


Yet another device now Ubertooth compatible. This guide will help users get the Ubertooth up and running on PwnPhone (Nokia N900) and possible other Maemo devices. Most of this documentation is from http://ubertooth.sourceforge.net/usage/start/. This is specifically for the bluetooth_rxtx tools. (NOTE: This does not install the Kismet plug-in or specscan.) ...more here.

Installing Ubertooth One on Backtrack 5
     June 10, 2011


This guide will help users get the Ubertooth up and running on Backtrack 5. Most of this documentation is from http://ubertooth.sourceforge.net/usage/start/. This in not a "How To" guide for using the Ubertooth. It is simply a tutorial on configuring the Backtrack environment for use with the Ubertooth. Read the documentation on the Ubertooth website and the READMEs accompanying the software for more information on usage. This guide was developed on Backtrack 5, KDE, 32-bit. ...more here.

Installing Backtrack 5 on Katana
     May 14, 2011

I have posted an article on the forum about how to update from Backtrack 4 to Backtrack 5. I plan to include this into Forge some time soon. See guide here.

SpoofTooph 0.4
     Mar. 24, 2011

SpoofTooph has been updated with some major bug fixes and new features. The new version runs scans MUCH faster, which also allows for more Device Names to be resolved during scans. There are some new features, including a Man-In-The-Middle mode which makes it easier to clone the Device Profile of two targeted devices. The updates also fixes a major bug, which caused SpoofTooph to crash after a few hundred unsuccessful scans. ... more here

Katana 2.0 Release
     Oct. 31, 2010

Happy Hack-O-Ween everyone! Katana v2.0 is now out. Finally, after a three month hiatus from it's pre-release at Defcon 18, the full release is here.


This version has a bunch of new stuff all around. One major addition to the project is Forge. This tool offers a simple point-and-click interface for users who wish to customize Katana by installing more Live Operating Systems, like Samurai, Pentoo, Knoppix, and BitDefender. Users can select their distro of choice or run the installation through the command line.


This new version also adds the Computer Aided Investigative Environment (CAINE) for a live forensics environment and Kon-Boot for authentication bypassing. A lot of effort was put into the addition of some new applications to the Katana Tool Kit, such as Metasploit, NMAP, Cain & Abel, John the Ripper, and Cygwin ... more here


Katana Call For Mirrors
     Oct. 27, 2010

Katana is in need of some additional mirrors. If you are willing to host a mirror please make contact.


How to meet a US Senator
     Oct. 15, 2010

Ever want to meet a US Senator. Attach some Pringles cans to a NERF gun and you may just get your wish. This past summer I had the unique experience of explaining Bluetooth and WiFi hacking to Delaware Sen. Tom Carper at the US Cyber Challenge. I guess I can check off "Describe hacking to a US Senator while carrying sketchy looking NERF gun" from my Bucket List.

US Senator
Image from CommunityPub.com


Katana on Hak5
     Oct. 14, 2010

It looks like Katana made to the big time. Episode 806 of Hak5 features a segment on Katana. See the video posted on the Media page.

Hak5 Katana


Identify Devices by Bluetooth Class of Device
     Aug. 23, 2010

I was updating the bluetooth_profile_list earlier today and noticed something interesting about the Bluetooth Class of Device (CoD) of some Apple product; specifically Apple laptops. (The Bluetooth Class of Device is used in Bluetooth to identify the type of device (Phone, Computer, etc) and services (Telephony, Networking, etc.)). As far as I can tell, all Apple laptop models (and only the Apple laptops) have the CoD of 0x38010c.

CoD of Apple Laptops

Apple products are not the ones where this relationship applies. When I get the time, I plan to compile a list of Classes and any corresponding devices models. This could prove useful (along with the Device Address and Device Name) in profiling specific device models. When this list matures it will be added to the Bluetooth Profiling Project.


Katana 2.0 Coming Soon ... ish
     Aug. 10, 2010

The DefCon 18 release of Katana has been a great success. I have gotten some great feedback on features o add to the upcoming v2.0 release of Katana. Some new things to expect in the new versions include a forensics specific distribution, a new GUI tool for point-and-click installation of additional distros, and additional tools in the Katana Tool Kit; including Metasploit, NMAP, Cygwin, and Cain & Abel.

The reason there is an "...ish" in the title of this post is that I have not yet set a hard deadline for the upcoming Katana release. I am still taking in feedback for ideas / comments / bugs / fixes for the new version. Hopefully the new release should be available late Sept. or Oct.


Backtrack fix for Katana 2.0 DEFCON Release
     Aug. 04, 2010

I hope people are pleased with the new features in the Katana 2.0 DEFCON Release. For those who attended my talk, you may have heard of all the mishaps leading up to the creation of the DEFCON release (failed thumb drives, old backups, and limited copies). One major flaw found so far was a corruption of the Backtrack file system in the Katata RAR. I have posted a fix on the forum page here. More news on the new release of Katana coming soon.


Katana 2.0 Pre-Release @ DEFCON 18
     July 28, 2010

For all those attending Defcon 18, you are in luck. The Katana 2.0 Pre-Release will be available exclusively at the Hackers for Charity booth at Defcon. I will also be giving two presentations at Defcon; one on the new Version of Katana (Saturday, 12:00 @ Track 5) and the second on Breaking Bluetooth (Sunday, 14:00 @ Track 4).

Defcon 18


VERA-NG on Hack-A-Day
     April 24, 2010

VERA-NG has been posted on Hack-A-Day as "the WiFi and Bluetooth sniffing rifle". Thanks to the guys at Hack-A-Day for posting the article.


Building VERA-NG
     April 15, 2010

I finally got around to posting the information on building VERA-NG. Being mostly a software person, it should something anyone could put together with some pretty basic skills and some spare time.

Building VERA-NG

Adventures at CarolinaCon
     April 12, 2010

This was my first time at Carolina Con and I was happily surprised at the quality of talks for being one of the smaller Cons. Among my favorites were the The Evolution of Social Engineering by Chris Silvers & Dawn Perry and You Spent All That Money and You Still Got Owned by Joe McCray.

Carolina Con 2010

I decided to bring VERA-NG with me to the Con for fun and to do a little nibbling. After about 15 or 20 people approached me about this crazy cantenna Nerf gun someone mentioned that maybe I should give a talk of the gun... more here


Introducing SpoofTooph
     March 3, 2010

SpoofTooph automates the process of spoofing or cloning Bluetooth device information (Name, Class, & Address). Users can have SpoofTooph scan for devices to clone, specify device information, or randomly generate a new profile.