├── .gitattributes
├── .gitignore
├── 00_index.en.md
├── 00_index.es.md
├── 01_documentation
├── 00_index.en.md
├── 00_index.es.md
├── 01_bluetooth_core_specification.en.md
├── 01_bluetooth_core_specification.es.md
├── 02_physical_architecture.en.md
├── 02_physical_architecture.es.md
├── 03_baseband_link_layer.en.md
├── 03_baseband_link_layer.es.md
├── 04_logical_transport.en.md
├── 04_logical_transport.es.md
├── 05_data_link_layer.en.md
├── 05_data_link_layer.es.md
├── 06_le_modes.en.md
└── 06_le_modes.es.md
├── 02_preliminary_considerations
├── 00_index.en.md
└── 00_index.es.md
├── 03_controls
├── 00_index.en.md
├── 00_index.es.md
├── 01_information_gathering
│ ├── 00_index.en.md
│ ├── 00_index.es.md
│ ├── 01_lifecycle_status.en.md
│ ├── 01_lifecycle_status.es.md
│ ├── 02_controller_vulnerabilities.en.md
│ ├── 02_controller_vulnerabilities.es.md
│ ├── 03_stack_vulnerabilities.en.md
│ ├── 03_stack_vulnerabilities.es.md
│ ├── 04_standard_vulnerabilities.en.md
│ └── 04_standard_vulnerabilities.es.md
├── 02_discovery
│ ├── 00_index.en.md
│ ├── 00_index.es.md
│ ├── 01_operation_modes.en.md
│ ├── 01_operation_modes.es.md
│ ├── 02_signal.en.md
│ ├── 02_signal.es.md
│ ├── 03_generic_name.en.md
│ ├── 03_generic_name.es.md
│ ├── 04_sensitive_data.en.md
│ ├── 04_sensitive_data.es.md
│ ├── 05_discoverable_by_default.en.md
│ ├── 05_discoverable_by_default.es.md
│ ├── 06_random_mac.en.md
│ └── 06_random_mac.es.md
├── 03_pairing
│ ├── 00_index.en.md
│ ├── 00_index.es.md
│ ├── 01_pairable_default.en.md
│ ├── 01_pairable_default.es.md
│ ├── 02_io_capabilities.en.md
│ ├── 02_io_capabilities.es.md
│ ├── 03_oob_channel.en.md
│ ├── 03_oob_channel.es.md
│ ├── 04_legacy_pairing.en.md
│ ├── 04_legacy_pairing.es.md
│ ├── 05_pairing_no_interaction.en.md
│ ├── 05_pairing_no_interaction.es.md
│ ├── 06_known_pins.en.md
│ ├── 06_known_pins.es.md
│ ├── 07_predictable_pins.en.md
│ ├── 07_predictable_pins.es.md
│ ├── 08_link_key_removal.en.md
│ ├── 08_link_key_removal.es.md
│ ├── 09_min_pin_length.en.md
│ ├── 09_min_pin_length.es.md
│ ├── 10_link_key_storage.en.md
│ └── 10_link_key_storage.es.md
├── 04_authentication
│ ├── 00_index.en.md
│ ├── 00_index.es.md
│ ├── 01_role_switch.en.md
│ ├── 01_role_switch.es.md
│ ├── 02_mutual_auth.en.md
│ ├── 02_mutual_auth.es.md
│ ├── 03_forced_disconnection.en.md
│ └── 03_forced_disconnection.es.md
├── 05_encryption
│ ├── 00_index.en.md
│ ├── 00_index.es.md
│ ├── 01_role_switch.en.md
│ ├── 01_role_switch.es.md
│ ├── 02_force_encryption.en.md
│ ├── 02_force_encryption.es.md
│ ├── 03_min_key_size.en.md
│ └── 03_min_key_size.es.md
├── 06_services
│ ├── 00_index.en.md
│ ├── 00_index.es.md
│ ├── 01_hidden_sdp_services.en.md
│ ├── 01_hidden_sdp_services.es.md
│ ├── 02_hidden_gatt_services.en.md
│ ├── 02_hidden_gatt_services.es.md
│ ├── 03_service_access.en.md
│ └── 03_service_access.es.md
└── 07_application
│ ├── 00_index.en.md
│ ├── 00_index.es.md
│ ├── 01_controller_updates.en.md
│ ├── 01_controller_updates.es.md
│ ├── 02_bt_stack_updates.en.md
│ ├── 02_bt_stack_updates.es.md
│ ├── 03_bt_app_updates.en.md
│ ├── 03_bt_app_updates.es.md
│ ├── 04_signed_updates.en.md
│ ├── 04_signed_updates.es.md
│ ├── 05_replay_attacks.en.md
│ ├── 05_replay_attacks.es.md
│ ├── 06_packet_injection.en.md
│ ├── 06_packet_injection.es.md
│ ├── 07_secure_implementations.en.md
│ └── 07_secure_implementations.es.md
├── 04_resources
├── 00_index.en.md
├── 00_index.es.md
├── 01_physical_identification.en.md
├── 01_physical_identification.es.md
├── 02_report_controller_identification.en.md
├── 02_report_controller_identification.es.md
├── 03_database_search.en.md
├── 03_database_search.es.md
├── 04_sniff.en.md
├── 04_sniff.es.md
├── 05_capture.en.md
├── 05_capture.es.md
├── 06_controller_debug_mode.en.md
├── 06_controller_debug_mode.es.md
├── 07_hci_messages.en.md
├── 07_hci_messages.es.md
├── 08_device_discovery.en.md
├── 08_device_discovery.es.md
├── 09_controller_attributes.en.md
├── 09_controller_attributes.es.md
├── 10_link_key_management.en.md
└── 10_link_key_management.es.md
├── 05_annex
├── 00_index.en.md
├── 00_index.es.md
├── 01_eol_controllers.en.md
├── 01_eol_controllers.es.md
├── 02_external_resources.en.md
└── 02_external_resources.es.md
├── 06_contributors
├── 00_index.en.md
└── 00_index.es.md
├── BSAM-methodology-Checklist.xlsx
├── BSAM_branding
├── CMYK
│ ├── LOGO_BSAM_CMYK_full
│ │ ├── 01_Positive_ Negative
│ │ │ ├── 01_Positive
│ │ │ │ ├── TAR23-028_BSAM_LOGO_CMYK_Positivo.ai
│ │ │ │ ├── TAR23-028_BSAM_LOGO_CMYK_Positivo.jpg
│ │ │ │ ├── TAR23-028_BSAM_LOGO_CMYK_Positivo.pdf
│ │ │ │ └── TAR23-028_BSAM_LOGO_CMYK_Positivo.png
│ │ │ └── 02_Negative
│ │ │ │ ├── TAR23-028_BSAM_LOGO_CMYK_Negativo.ai
│ │ │ │ ├── TAR23-028_BSAM_LOGO_CMYK_Negativo.jpg
│ │ │ │ ├── TAR23-028_BSAM_LOGO_CMYK_Negativo.pdf
│ │ │ │ └── TAR23-028_BSAM_LOGO_CMYK_Negativo.png
│ │ ├── 02_on_light_background
│ │ │ ├── TAR23-028_BSAM_LOGO_CMYK_Fondo claro.ai
│ │ │ ├── TAR23-028_BSAM_LOGO_CMYK_Fondo claro.jpg
│ │ │ ├── TAR23-028_BSAM_LOGO_CMYK_Fondo claro.pdf
│ │ │ └── TAR23-028_BSAM_LOGO_CMYK_Fondo claro.png
│ │ ├── 03_on_dark_background
│ │ │ ├── TAR23-028_BSAM_LOGO_CMYK_Fondo oscuro.ai
│ │ │ ├── TAR23-028_BSAM_LOGO_CMYK_Fondo oscuro.jpg
│ │ │ ├── TAR23-028_BSAM_LOGO_CMYK_Fondo oscuro.pdf
│ │ │ └── TAR23-028_BSAM_LOGO_CMYK_Fondo oscuro.png
│ │ ├── 04_on_image
│ │ │ ├── TAR23-028_BSAM_LOGO_CMYK_Sobre imagen.ai
│ │ │ ├── TAR23-028_BSAM_LOGO_CMYK_Sobre imagen.pdf
│ │ │ └── TAR23-028_BSAM_LOGO_CMYK_Sobre imagen.png
│ │ ├── 05_on_corporate_green
│ │ │ ├── TAR23-028_BSAM_LOGO_CMYK_Sobre verde.ai
│ │ │ ├── TAR23-028_BSAM_LOGO_CMYK_Sobre verde.pdf
│ │ │ ├── TAR23-028_BSAM_LOGO_CMYK_Sobre verde.png
│ │ │ └── TAR23-028_BSAM_LOGO_CMYK_Sobre-verde.jpg
│ │ └── 06_greyscale
│ │ │ ├── TAR23-028_BSAM_LOGO_CMYK_Escala de grises.ai
│ │ │ ├── TAR23-028_BSAM_LOGO_CMYK_Escala de grises.pdf
│ │ │ ├── TAR23-028_BSAM_LOGO_CMYK_Escala de grises_Mesa de trabajo 1.png
│ │ │ └── TAR23-028_BSAM_LOGO_CMYK_Escala-de-grises.jpg
│ └── LOGO_BSAM_CMYK_symbol
│ │ ├── 01_Positive_Negative
│ │ ├── 01_Positive
│ │ │ ├── TAR23-028_BSAM_LOGO_Siglas_CMYK_Positivo.ai
│ │ │ ├── TAR23-028_BSAM_LOGO_Siglas_CMYK_Positivo.jpg
│ │ │ ├── TAR23-028_BSAM_LOGO_Siglas_CMYK_Positivo.pdf
│ │ │ └── TAR23-028_BSAM_LOGO_Siglas_CMYK_Positivo.png
│ │ └── 02_Negative
│ │ │ ├── TAR23-028_BSAM_LOGO_Siglas_CMYK_Negativo.ai
│ │ │ ├── TAR23-028_BSAM_LOGO_Siglas_CMYK_Negativo.jpg
│ │ │ ├── TAR23-028_BSAM_LOGO_Siglas_CMYK_Negativo.pdf
│ │ │ └── TAR23-028_BSAM_LOGO_Siglas_CMYK_Negativo.png
│ │ ├── 02_on_light_background
│ │ ├── TAR23-028_BSAM_LOGO_Siglas_CMYK_Fondo claro.ai
│ │ ├── TAR23-028_BSAM_LOGO_Siglas_CMYK_Fondo claro.pdf
│ │ ├── TAR23-028_BSAM_LOGO_Siglas_CMYK_Fondo claro.png
│ │ └── TAR23-028_BSAM_LOGO_Siglas_CMYK_Fondo-claro.jpg
│ │ ├── 03_on_dark_background
│ │ ├── TAR23-028_BSAM_LOGO_Siglas_CMYK_Fondo oscuro.ai
│ │ ├── TAR23-028_BSAM_LOGO_Siglas_CMYK_Fondo oscuro.pdf
│ │ ├── TAR23-028_BSAM_LOGO_Siglas_CMYK_Fondo oscuro.png
│ │ └── TAR23-028_BSAM_LOGO_Siglas_CMYK_Fondo-oscuro.jpg
│ │ ├── 04_on_image
│ │ ├── TAR23-028_BSAM_LOGO_Siglas_CMYK_Sobre imagen.ai
│ │ ├── TAR23-028_BSAM_LOGO_Siglas_CMYK_Sobre imagen.pdf
│ │ └── TAR23-028_BSAM_LOGO_Siglas_CMYK_Sobre imagen.png
│ │ ├── 05_on_corporate_green
│ │ ├── TAR23-028_BSAM_LOGO_Siglas_CMYK_Sobre verde.ai
│ │ ├── TAR23-028_BSAM_LOGO_Siglas_CMYK_Sobre verde.pdf
│ │ ├── TAR23-028_BSAM_LOGO_Siglas_CMYK_Sobre verde.png
│ │ └── TAR23-028_BSAM_LOGO_Siglas_CMYK_Sobre-verde.jpg
│ │ └── 06_greyscale
│ │ ├── TAR23-028_BSAM_LOGO_Siglas_CMYK_Escala de grises.ai
│ │ ├── TAR23-028_BSAM_LOGO_Siglas_CMYK_Escala de grises.pdf
│ │ ├── TAR23-028_BSAM_LOGO_Siglas_CMYK_Escala de grises.png
│ │ └── TAR23-028_BSAM_LOGO_Siglas_CMYK_Escala-de-grises.jpg
├── README.md
└── RGB
│ ├── LOGO_BSAM_RGB_full
│ ├── 01_Positive_Negative
│ │ ├── 01_Positive
│ │ │ ├── TAR23-028_BSAM_LOGO_RGB_Positivo.ai
│ │ │ ├── TAR23-028_BSAM_LOGO_RGB_Positivo.jpg
│ │ │ ├── TAR23-028_BSAM_LOGO_RGB_Positivo.pdf
│ │ │ └── TAR23-028_BSAM_LOGO_RGB_Positivo.png
│ │ └── 02_Negative
│ │ │ ├── TAR23-028_BSAM_LOGO_RGB_Negativo.ai
│ │ │ ├── TAR23-028_BSAM_LOGO_RGB_Negativo.jpg
│ │ │ ├── TAR23-028_BSAM_LOGO_RGB_Negativo.pdf
│ │ │ └── TAR23-028_BSAM_LOGO_RGB_Negativo.png
│ ├── 02_on_light_background
│ │ ├── TAR23-028_BSAM_LOGO_RGB_Fondo claro.ai
│ │ ├── TAR23-028_BSAM_LOGO_RGB_Fondo claro.jpg
│ │ ├── TAR23-028_BSAM_LOGO_RGB_Fondo claro.pdf
│ │ └── TAR23-028_BSAM_LOGO_RGB_Fondo claro.png
│ ├── 03_on_dark_background
│ │ ├── TAR23-028_BSAM_LOGO_RGB_Fondo oscuro.ai
│ │ ├── TAR23-028_BSAM_LOGO_RGB_Fondo oscuro.jpg
│ │ ├── TAR23-028_BSAM_LOGO_RGB_Fondo oscuro.pdf
│ │ └── TAR23-028_BSAM_LOGO_RGB_Fondo oscuro.png
│ ├── 04_on_image
│ │ ├── TAR23-028_BSAM_LOGO_RGB_Sobre imagen.ai
│ │ ├── TAR23-028_BSAM_LOGO_RGB_Sobre imagen.pdf
│ │ └── TAR23-028_BSAM_LOGO_RGB_Sobre imagen.png
│ ├── 05_on_corporate_green
│ │ ├── TAR23-028_BSAM_LOGO_RGB_Sobre verde.ai
│ │ ├── TAR23-028_BSAM_LOGO_RGB_Sobre verde.jpg
│ │ ├── TAR23-028_BSAM_LOGO_RGB_Sobre verde.pdf
│ │ └── TAR23-028_BSAM_LOGO_RGB_Sobre verde.png
│ └── 06_greyscale
│ │ ├── TAR23-028_BSAM_LOGO_RGB_Escala de grises.ai
│ │ ├── TAR23-028_BSAM_LOGO_RGB_Escala de grises.jpg
│ │ ├── TAR23-028_BSAM_LOGO_RGB_Escala de grises.pdf
│ │ └── TAR23-028_BSAM_LOGO_RGB_Escala de grises.png
│ └── LOGO_BSAM_RGB_symbol
│ ├── 01_Positive_Negative
│ ├── 01_Positivo
│ │ ├── TAR23-028_BSAM_LOGO_SIGLAS_Positivo.ai
│ │ ├── TAR23-028_BSAM_LOGO_SIGLAS_Positivo.jpg
│ │ ├── TAR23-028_BSAM_LOGO_SIGLAS_Positivo.pdf
│ │ └── TAR23-028_BSAM_LOGO_SIGLAS_Positivo.png
│ └── 02_Negativo
│ │ ├── TAR23-028_BSAM_LOGO_SIGLAS_Negativo.ai
│ │ ├── TAR23-028_BSAM_LOGO_SIGLAS_Negativo.jpg
│ │ ├── TAR23-028_BSAM_LOGO_SIGLAS_Negativo.pdf
│ │ └── TAR23-028_BSAM_LOGO_SIGLAS_Negativo.png
│ ├── 02_on_light_background
│ ├── TAR23-028_BSAM_LOGO_SIGLAS_Fondo claro.ai
│ ├── TAR23-028_BSAM_LOGO_SIGLAS_Fondo claro.jpg
│ ├── TAR23-028_BSAM_LOGO_SIGLAS_Fondo claro.pdf
│ └── TAR23-028_BSAM_LOGO_SIGLAS_Fondo claro.png
│ ├── 03_on_dark_background
│ ├── TAR23-028_BSAM_LOGO_SIGLAS_Fondo oscuro.ai
│ ├── TAR23-028_BSAM_LOGO_SIGLAS_Fondo oscuro.jpg
│ ├── TAR23-028_BSAM_LOGO_SIGLAS_Fondo oscuro.pdf
│ └── TAR23-028_BSAM_LOGO_SIGLAS_Fondo oscuro.png
│ ├── 04_on_image
│ ├── TAR23-028_BSAM_LOGO_SIGLAS_Sobre imagen.ai
│ ├── TAR23-028_BSAM_LOGO_SIGLAS_Sobre imagen.pdf
│ └── TAR23-028_BSAM_LOGO_SIGLAS_Sobre imagen.png
│ ├── 05_on_corporate_green
│ ├── TAR23-028_BSAM_LOGO_SIGLAS_Sobre verde.ai
│ ├── TAR23-028_BSAM_LOGO_SIGLAS_Sobre verde.jpg
│ ├── TAR23-028_BSAM_LOGO_SIGLAS_Sobre verde.pdf
│ └── TAR23-028_BSAM_LOGO_SIGLAS_Sobre verde.png
│ └── 06_greyscale
│ ├── TAR23-028_BSAM_LOGO_SIGLAS_Escala de grises.ai
│ ├── TAR23-028_BSAM_LOGO_SIGLAS_Escala de grises.jpg
│ ├── TAR23-028_BSAM_LOGO_SIGLAS_Escala de grises.pdf
│ └── TAR23-028_BSAM_LOGO_SIGLAS_Escala de grises.png
├── Gemfile
├── LICENSE
├── README.md
├── _config.yml
├── _includes
├── ctl_link.md
├── head_custom.html
├── header_custom.html
├── lang_list.html
├── nav_footer_custom.html
├── res_link.md
├── res_table.md
├── title.html
└── toc_heading_custom.html
├── _layouts
└── control.md
├── _sass
├── color_schemes
│ └── tarlogic.scss
└── custom
│ └── setup.scss
├── assets
├── captures
│ └── GalaxyBudsPairing.pcapng
└── img
│ ├── BSAM logo dark.png
│ ├── BSAM logo light.png
│ ├── BSAM.png
│ ├── bluetooth-bsam-Information-gathering.jpg
│ ├── bluetooth-bsam-application.jpg
│ ├── bluetooth-bsam-authentication.jpg
│ ├── bluetooth-bsam-discovery.jpg
│ ├── bluetooth-bsam-encryption.jpg
│ ├── bluetooth-bsam-pairing.jpg
│ ├── bluetooth-bsam-services.jpg
│ ├── bsam-au-01_connection_request.png
│ ├── bsam-au-01_connection_stablishment.png
│ ├── bsam-au-03_connection_complete.png
│ ├── bsam-au-03_create_connection.png
│ ├── bsam-au-03_disconnect.png
│ ├── bsam-au-03_forced_disconnection.png
│ ├── bsam-di-01_adv_modes.png
│ ├── bsam-di-02_rssi.png
│ ├── bsam-di-03_august_device_name.png
│ ├── bsam-di-04_microsoft_beacon.png
│ ├── bsam-di-04_samsung_beacon.png
│ ├── bsam-di-04_samsung_eir.png
│ ├── bsam-di-05_extended_inquiry_result.png
│ ├── bsam-di-06_august.png
│ ├── bsam-en-01_connection_request.png
│ ├── bsam-en-01_connection_stablishment.png
│ ├── bsam-en-02_pairing_process.png
│ ├── bsam-en-02_pairing_request.png
│ ├── bsam-en-02_pairing_response.png
│ ├── bsam-ig-01_nrnd.png
│ ├── bsam-ig-04_core-ver.png
│ ├── bsam-ig-04_lmp-version-res.png
│ ├── bsam-pa-01_io_cap_request.png
│ ├── bsam-pa-01_io_cap_request_reply.png
│ ├── bsam-pa-01_link_key_request_negative_reply.png
│ ├── bsam-pa-01_pairing_default_config.png
│ ├── bsam-pa-01_simple_pairing_complete.png
│ ├── bsam-pa-02_pairing_io_caps.png
│ ├── bsam-pa-02_pairing_io_caps_le.png
│ ├── bsam-pa-03_oob_data_no_present.png
│ ├── bsam-pa-04_pairing_legacy_confirm.png
│ ├── bsam-pa-04_pairing_legacy_response_no_sec.png
│ ├── bsam-pa-04_pairing_legacy_resquest_no_sec.png
│ ├── bsam-pa-05_io_cap_response.png
│ ├── bsam-pa-05_pairing_no_user_interaction.png
│ ├── bsam-pa-06_pairing_confirm.png
│ ├── bsam-pa-06_pairing_failed_confirm_value_failed.png
│ ├── bsam-pa-06_pairing_random.png
│ ├── bsam-pa-06_pairing_request.png
│ ├── bsam-pa-06_pairing_response.png
│ ├── bsam-pa-08_bluez_linkkey.png
│ ├── bsam-res-01_bc417.png
│ ├── bsam-res-02_fccid-report.png
│ ├── bsam-se-01_sdptool.png
│ ├── bsam-se-02_gatt_profiler.png
│ ├── doc_baseband_link_layer.drawio
│ ├── doc_baseband_link_layer.png
│ ├── doc_data_link_layer.drawio
│ ├── doc_data_link_layer.png
│ ├── doc_l2cap_bframe.drawio
│ ├── doc_l2cap_bframe.png
│ ├── doc_l2cap_gframe.drawio
│ ├── doc_l2cap_gframe.png
│ ├── doc_logical_transport.drawio
│ ├── doc_logical_transport.png
│ └── doc_physical_architecture_host_controller.png
└── favicon.png
/.gitattributes:
--------------------------------------------------------------------------------
1 | *.exe filter=lfs diff=lfs merge=lfs -text
2 | *.png filter=lfs diff=lfs merge=lfs -text
3 | *.gem filter=lfs diff=lfs merge=lfs -text
4 | *.pdf filter=lfs diff=lfs merge=lfs -text
5 | *.jpg filter=lfs diff=lfs merge=lfs -text
6 | *.ai filter=lfs diff=lfs merge=lfs -text
7 | *.xlsx filter=lfs diff=lfs merge=lfs -text
8 | BSAM_branding/ filter=lfs diff=lfs merge=lfs -text
9 |
--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
1 | # Ruby & Bundle
2 | Gemfile.lock
3 | .bundle/
4 |
5 | # Jekyll
6 | _site/
7 | .jekyll-cache
8 |
9 | # DrawIO
10 | *.drawio.bkp
11 | *.drawio.dtmp
12 |
--------------------------------------------------------------------------------
/01_documentation/00_index.en.md:
--------------------------------------------------------------------------------
1 | ---
2 | layout: default
3 | title: Documentation
4 | description: Documentation on the Bluetooth security standard. Basic concepts of the technology's operation and the layers that compose it
5 | nav_order: 1
6 | has_children: true
7 | lang: en
8 | page_id: doc_index
9 | permalink: documentation/
10 | ---
11 |
12 | # Bluetooth documentation
13 | This section contains documentation about the Bluetooth standard. It deals with the technology itself and not its security.
14 |
15 | This section focuses on explaining some basic concepts, on how and where to look for more information and proposes some summary articles on topics of this technology.
16 |
--------------------------------------------------------------------------------
/01_documentation/00_index.es.md:
--------------------------------------------------------------------------------
1 | ---
2 | layout: default
3 | title: Documentación
4 | description: Documentación sobre el estandar de seguridad Bluetooth. Conceptos básicos del funcionamiento de la tecnología y las capas que lo componen.
5 | nav_order: 1
6 | has_children: true
7 | lang: es
8 | page_id: doc_index
9 | permalink: documentacion/
10 | ---
11 |
12 | # Documentación Bluetooth
13 | Esta sección contiene documentación sobre del estándar Bluetooth. Trata de la tecnología en sí misma y no de su seguridad.
14 |
15 | Esta sección se enfoca en explicar algunos conceptos básicos, además de indicar cómo y dónde buscar más información y proponer algunos artículos de resumen de temas relacionados con esta tecnología.
16 |
--------------------------------------------------------------------------------
/01_documentation/01_bluetooth_core_specification.en.md:
--------------------------------------------------------------------------------
1 | ---
2 | layout: default
3 | title: Bluetooth Core Specification
4 | description: The Bluetooth Core Specification is a comprehensive technical document that contains all the information needed to develop interoperable Bluetooth devices.
5 | parent: Documentation
6 | nav_order: 0
7 | lang: en
8 | page_id: doc_bluetooth_core_specification
9 | permalink: documentation/bluetooth-core-specification/
10 | ---
11 |
12 | # {{ page.title }}
13 |
14 | Bluetooth is a communication technology that is documented in the _Bluetooth Core Specification_ that standardizes it.
15 |
16 | This document is maintained by the _Bluetooth Special Interest Group, Inc._ or _Bluetooth SIG_, a private association of companies interested in the technology. The members of this group are responsible for the development of Bluetooth.
17 |
18 | As the technology evolves, the _Bluetooth SIG_ publishes new versions of the _Bluetooth Core Specification_ in the [specifications section of SIG's website](https://www.bluetooth.com/specifications/specs/?types=specs-docs&keyword=core+specification&filter=). It should be noted that these specifications have a _Status_ indicating whether that specification is fit for use or already obsolete.
19 |
20 | The specification, in its various versions, contains all the necessary information about the protocol to develop a device that can interoperate with other Bluetooth devices. This includes information about physical transport, the lowest layers of the protocol, up to the transport of application-level data. For this reason, it is a very extensive and rather complex specification.
21 |
22 | Often, in this methodology, you will find references to the _Bluetooth Core Specification_ document where you can find more detailed information on the referenced topics.
23 |
24 |
25 | ## Other Bluetooth SIG documents
26 |
27 | Besides the core protocol specification, the _SIG_ also publishes other documents of interest such as the [Bluetooth Assigned Numbers](https://www.bluetooth.com/specifications/specs/?types=specs-docs&keyword=assigned+numbers&filter=) where numerical values and constants used in Bluetooth are listed, such as manufacturer identifiers or constants for the identification of Bluetooth versions.
28 |
29 | The [GATT Specification Supplement](https://www.bluetooth.com/specifications/specs/?types=specs-docs&keyword=GATT+Specification+Supplement&filter=) is also of special interest, as it contains all the definitions of the _GATT characteristics_ and other descriptors of Bluetooth services.
30 |
31 |
32 | ## External references
33 |
34 | *
35 | *
36 | *
37 | *
38 |
--------------------------------------------------------------------------------
/01_documentation/01_bluetooth_core_specification.es.md:
--------------------------------------------------------------------------------
1 | ---
2 | layout: default
3 | title: Especificaciones de Bluetooth Core
4 | description: La especificación Bluetooth Core Specification es un documento técnico completo que contiene toda la información necesaria para desarrollar dispositivos Bluetooth interoperables.
5 | parent: Documentación
6 | nav_order: 0
7 | lang: es
8 | page_id: doc_bluetooth_core_specification
9 | permalink: documentacion/bluetooth-core-specification/
10 | ---
11 |
12 | # {{ page.title }}
13 |
14 | Bluetooth es una tecnología de comunicaciones estandarizada y especificada en el documento: el _Bluetooth Core Specification_.
15 |
16 | Este documento está mantenido por el _Bluetooth Special Interest Group, Inc._ o _Bluetooth SIG_, una asociación privada de compañías que impulsan el desarrollo de la tecnología. Los miembros de este grupo se encargan de dirigir el desarrollo de la tecnología Bluetooth.
17 |
18 | A medida que la tecnología se desarrolla, el _Bluetooth SIG_ publica nuevas versiones del _Bluetooth Core Specification_ en la [sección de _specifications_ de la web del SIG](https://www.bluetooth.com/specifications/specs/?types=specs-docs&keyword=core+specification&filter=). Ha de tenerse en cuenta que estas especificaciones tienen un _Status_ que indica si esa especificación es apta para su uso o si ya está obsoleta.
19 |
20 | El estandar Bluetooth, en sus distintas versiones, contiene toda la información necesaria acerca del protocolo para desarrollar un dispositivo que pueda interoperar con otros dispositivos Bluetooth. Esto incluye información acerca del transporte físico, las capas más bajas del protocolo, hasta el transporte de datos a nivel de aplicación. Por este motivo, se trata de una especificación extensa y compleja.
21 |
22 | A menudo, en esta metodología se encuentran referencias al documento _Bluetooth Core Specification_, con indicaciones sobre dónde encontrar más información detallada de los temas referenciados.
23 |
24 |
25 | ## Otros documentos del Bluetooth SIG
26 |
27 | Además de la especificación del protocolo, el _Bluetooth SIG_ también publica otros documentos de interés como el [Bluetooth Assigned Numbers](https://www.bluetooth.com/specifications/specs/?types=specs-docs&keyword=assigned+numbers&filter=), donde se listan valores numéricos y constantes usados en Bluetooth como pueden ser identificadores de fabricantes o contantes para la identificación de versiones de Bluetooth.
28 |
29 | También es de especial interés el [GATT Specification Supplement](https://www.bluetooth.com/specifications/specs/?types=specs-docs&keyword=GATT+Specification+Supplement&filter=) que contiene todas las definiciones de las características _GATT_ y otros descriptores de servicios Bluetooth.
30 |
31 |
32 | ## Referencias externas
33 |
34 | *
35 | *
36 | *
37 | *
38 |
--------------------------------------------------------------------------------
/01_documentation/02_physical_architecture.en.md:
--------------------------------------------------------------------------------
1 | ---
2 | layout: default
3 | title: Physical architecture
4 | description: Bluetooth physical architecture - Host and Controller, two essential elements for communication
5 | parent: Documentation
6 | nav_order: 1
7 | lang: en
8 | page_id: doc_physical_architecture
9 | permalink: documentation/physical-architecture/
10 | ---
11 |
12 | # Bluetooth physical architecture
13 |
14 | The physical architecture of Bluetooth is split into two main elements: _Host_ and _Controller_.
15 |
16 | 
17 |
18 | ## Bluetooth Controller
19 |
20 | A controller is a _chip_, or a set of them, capable of transmitting and receiving radio waves, responsible for performing the lower-level tasks of the Bluetooth communication protocol.
21 |
22 | A controller may support one or more Bluetooth technologies. There are controllers that only support _Bluetooth LE_, others that support _Bluetooth BR/EDR_, and others that support combined operation in both modes.
23 |
24 | The controller, besides having the hardware to convert radio signals into bits and vice versa, also has multiple responsibilities when it comes to creating, maintaining, and closing connections. The lower layers of the Bluetooth standard are implemented in the firmware of these controllers, and they have packet processing capability without the need for these packets to reach the Host.
25 |
26 |
27 | ## Host
28 |
29 | The _Host_ refers to the hardware that uses a _Controller_ to communicate via Bluetooth. This _Host_ must run a _software stack_ that provides an abstraction and allows applications to interact with Bluetooth devices independently of the hardware.
30 |
31 | This software run on the _Host_ is responsible for functions related to discovery and pairing processes. Some of these functions include enumerating nearby devices, controlling whether a device should be discoverable or not, enumerating the capabilities of the _Host_ to decide which pairing methods are available, intervening during the pairing process to allow the user to confirm or deny this action, or storing pairing keys in a secure place.
32 |
33 |
34 | ## Host Controller Interface or HCI
35 |
36 | Host Controller Interface_ or _HCI_ refers to the protocol used to communicate a _Host_ with a _Controller_. The _HCI_ protocol usually limits the ability of a _Host_ to modify the behaviour of a _Controller_. Overcoming this barrier involves modifying the _Controller_ or modifying the _Controller_ firmware.
37 |
--------------------------------------------------------------------------------
/01_documentation/02_physical_architecture.es.md:
--------------------------------------------------------------------------------
1 | ---
2 | layout: default
3 | title: Arquitectura física
4 | description: Arquitectura física de Bluetooth - Host y Controller, dos elementos esenciales para la comunicación
5 | parent: Documentación
6 | nav_order: 1
7 | lang: es
8 | page_id: doc_physical_architecture
9 | permalink: documentacion/physical-architecture/
10 | ---
11 |
12 | # Arquitectura física de Bluetooth
13 |
14 | La arquitectura física de Bluetooth está dividida en dos elementos principales: _Host_ y _Controller_.
15 |
16 | 
17 |
18 |
19 | ## Controlador Bluetooth
20 |
21 | El controlador Bluetooth (_Controller_) es un _"chip"_, o conjunto de ellos, con capacidad para transmitir y recibir ondas de radio, y está encargado de realizar las tareas de más bajo nivel de las comunicaciones Bluetooth.
22 |
23 | Un controller puede tener soporte para una o más tecnologías Bluetooth. Existen controllers que sólo soportan _Bluetooth LE_, otros que soportan _Bluetooth BR/EDR_ y otros que soportan operación combinada en ambos modos.
24 |
25 | El controller, además de tener el hardware para convertir señales de radio en bits y viceversa, también tiene múltiples responsabilidades a la hora crear, mantener y cerrar conexiones. Las capas inferiores del estándar de Bluetooth están implementadas en el firmware de en estos controladores y estos tienen capacidad de procesamiento de paquetes sin necesidad de que estos paquetes lleguen al Host.
26 |
27 |
28 | ## Host
29 |
30 | El término _Host_ se refiere al hardware que hace uso de un _Controller_ para poder comunicarse vía Bluetooth. Este _Host_ ha de ejecutar un software o _stack_ que provee una abstracción y permite a las aplicaciones interactuar con dispositivos Bluetooth de manera independiente del hardware del _Controller_.
31 |
32 | El software ejecutado en el _Host_ es responsable de funciones relacionadas con los procesos de descubrimiento y emparejamiento. Algunas de estas funciones son enumerar los dispositivos cercanos, controlar si un dispositivo debe ser descubrible o no, enumerar las capacidades del _Host_ para decidir qué métodos de emparejamiento están disponibles, la intervención durante el proceso de emparejamiento para permitir al usuario confirmar o denegar esta acción o el almacenamiento de claves de emparejamiento en un lugar seguro.
33 |
34 |
35 | ## Host Controller Interface o HCI
36 |
37 | _Host Controller Interface_ o _HCI_ se refiere al protocolo utilizado para comunicar un _Host_ con un _Controller_. El protocolo _HCI_ suele delimitar la capacidad que un _Host_ tiene para modificar el comportamiento de un _Controller_. Superar esta barrera implica la modificación del _Controller_ o la modificación del firmware del _Controller_.
38 |
--------------------------------------------------------------------------------
/01_documentation/03_baseband_link_layer.en.md:
--------------------------------------------------------------------------------
1 | ---
2 | layout: default
3 | title: 'Baseband Link Layer: LMP and LL'
4 | description: LMP and LL - Bluetooth link layer protocols for establishing and managing connections between controllers
5 | parent: Documentation
6 | nav_order: 2
7 | lang: en
8 | page_id: doc_baseband_link_layer
9 | permalink: documentation/baseband-link-layer/
10 | ---
11 |
12 | # {{ page.title }}
13 |
14 | Link layer protocols are used to control and negotiate all aspects of the operation of the Bluetooth connection between two controllers.
15 |
16 | Link layer protocols are managed in the controller and Bluetooth hosts do not have knowledge about the exchanged link layer packets.
17 |
18 | Bluetooth controllers may support different modes of operation such as Bluetooth Low Energy and/or Bluetooth Basic Rate and/or Bluetooth Extended Data Rate. Depending on the support of those modes, different link layer protocols may be used by the controllers.
19 |
20 | 
21 |
22 |
23 | ## LMP (Link Manager Protocol)
24 |
25 | Link Manager Protocol (LMP) is the link layer protocol used to stablish and manage connections between BR (Basic Rate) and EDR (Extended Data Rate) controllers, most commonly known as Bluetooth Classic.
26 |
27 | The full Link Manager Protocol (LMP) specification can be found in the Bluetooth Core Specification V5.3, Vol. 2, Part C.
28 |
29 | ## LL (Link Layer)
30 |
31 | Link Layer (LL) is the link layer protocol used to stablish and manage conections between BLE (Bluetooth Low Energy) controllers.
32 |
33 | Link Layer (LL) specification can be found in the Bluetooth Core Specification V5.3, Vol. 6, Part B.
34 |
--------------------------------------------------------------------------------
/01_documentation/03_baseband_link_layer.es.md:
--------------------------------------------------------------------------------
1 | ---
2 | layout: default
3 | title: 'Capa de enlace de banda base: LMP y LL'
4 | description: LMP y LL - Protocolos de capa de enlace de Bluetooth para establecer y gestionar conexiones entre controladores
5 | parent: Documentación
6 | nav_order: 2
7 | lang: es
8 | page_id: doc_baseband_link_layer
9 | permalink: documentacion/baseband-link-layer/
10 | ---
11 |
12 | # {{ page.title }}
13 |
14 | Los protocolos de capa de enlace tienen como función negociar y controlar todos los aspectos de la operación de conexiones entre dos controladores Bluetooth.
15 |
16 | Los protocolos de capa de enlace se gestionan e implementan en el controlador Bluetooth y el 'Host' no tiene conocimiento acerca de que paquetes de capa de enlace intercambia el controlador.
17 |
18 | Los controladores Bluetooth pueden soportar distintos modos de operación como Bluetooth LE y/o BR/EDR. Dependiendo de los modos de operación soportados, se utilizarán distintos protocolos de capa de enlace.
19 |
20 | 
21 |
22 |
23 | ## LMP (Link Manager Protocol)
24 |
25 | El Link Manager Protocol (LMP) es el protocolo de capa de enlace usado en conexiones entre controladores que se establecen en modos BR (Basic Rate) y EDR (Extended Data Rate), más comúnmente conocido como "Bluetooth Classic".
26 |
27 | La especificación completa del Link Manager Protocol (LMP) se encuentra en el documento Bluetooth Core Specification V5.3, Vol. 2, Part C.
28 |
29 |
30 | ## LL (Link Layer)
31 |
32 | El Link Layer (LL) es el protocolo usado para establecer y gestionar conexiones entre controllers BLE (Bluetooth Low Energy).
33 |
34 | La especificación del Link Layer (LL) se encuentra en el documento Bluetooth Core Specification V5.3, Vol. 6, Part B.
35 |
--------------------------------------------------------------------------------
/01_documentation/04_logical_transport.en.md:
--------------------------------------------------------------------------------
1 | ---
2 | layout: default
3 | title: 'Logical Transport: ACL and SCO'
4 | description: Bluetooth logical transport - ACL and SCO, protocols for data and voice transmission
5 | parent: Documentation
6 | nav_order: 3
7 | lang: en
8 | page_id: doc_logical_transport
9 | permalink: documentation/logical-transport/
10 | ---
11 |
12 | # {{ page.title }}
13 |
14 | Logical transport protocols are used to stablish and manage connections between Bluetooth Hosts.
15 |
16 | The logical transport layers are the lowest communication layers available to a Host and implementation of logical transport protocols are part of the host Bluetooth stack.
17 |
18 | There are two logical transport protocols depending on the characteristics of a connection: ACL and SCO.
19 |
20 | 
21 |
22 |
23 | ## ACL (Asynchronous Connection-Less)
24 |
25 | The ACL protocol is an asynchronous connection-less oriented protocol.
26 |
27 | Asynchronous means that this protocol is meant to exchange irregular amounts of data in time. Upper layers of this protocols may need to send varying amounts of data depending on external factors such as device usage, interaction or data availability...
28 |
29 | Connection-less refers to the capability to setup both unicast and multicast channels for data transmission.
30 |
31 | ACL protocol will use as much bandwidth as available in a certain moment. This means that connection speed is dependent on other connections and other exchanges of information, slowing down when multiple devices request transmission at the same time. It also means that there may be times when ACL provides huge bandwidths and allows for high amounts of data transfer.
32 |
33 | This is the de-facto protocol for Bluetooth logical transport.
34 |
35 |
36 | ## SCO (Synchronous Connection-Oriented)
37 |
38 | The SCO protocol is a synchronous connection-oriented protocol.
39 |
40 | Synchronous means that this protocol is meant to exchange fixed bandwidth data in time. Upper layers of this protocol will have the capability to transmit the same amount of data through time.
41 |
42 | Connection-oriented refers to the unicast only capability of the protocol.
43 |
44 | In practice, SCO is implemented as fixed time ACL slots, thus priorizing low latency comunications.
45 |
46 | The characteristics of this logical transport make it ideal for the transmission of data and voice streams such as phone call audio. The streams do not require high bandwidth but require low latency and consistent voice streams.
47 |
48 |
--------------------------------------------------------------------------------
/01_documentation/04_logical_transport.es.md:
--------------------------------------------------------------------------------
1 | ---
2 | layout: default
3 | title: 'Transporte lógico: ACL y SCO'
4 | description: Transporte lógico Bluetooth - ACL y SCO, protocolos para la transmisión de datos y voz
5 | parent: Documentación
6 | nav_order: 3
7 | lang: es
8 | page_id: doc_logical_transport
9 | permalink: documentacion/logical-transport/
10 | ---
11 |
12 | # {{ page.title }}
13 |
14 | Los protocolos de la capa de transporte lógico se usan para establecer y gestionar conexiones entre hosts de Bluetooth.
15 |
16 | Las capas de transporte lógico son las capas de comunicación más bajas disponibles para un host y su implementación corresponde al stack de Bluetooth del host.
17 |
18 | Existen dos protocolos de transporte lógico disponibles en función de las características de una conexión: ACL y SCO.
19 |
20 | 
21 |
22 |
23 | ## ACL (Asynchronous Connection-Less)
24 |
25 | El protocolo ACL es asíncrono y no está orientado a conexión.
26 |
27 | Asíncrono se refiere a que este protocolo está pensado para intercambiar cantidades de datos irregulares a lo largo del tiempo. Las capas superiores que usen este protocolo necesitarán enviar datos que varían según factores externos como el uso del dispositivo, la interacción el mismo o la disponibilidad de datos...
28 |
29 | No orientado a conexión se refiere a la capacidad para establecer enlaces "unicast" y "multicast", es decir, con uno o varios dispositivos simultáneamente.
30 |
31 | El protocolo ACL usará el ancho de banda disponible en cada momento. Esto significa que la velocidad del enlace es dependiente de otras conexiones e intercambios de información, reduciendo la velocidad cuando múltiples dispositivos solicitan el uso del enlace al mismo tiempo. Esto también significa que habrá momentos en los que ACL proveerá anchos de banda muy grandes permitiendo el intercambio de grandes cantidades de información.
32 |
33 | Este es el protocolo por defecto para el transporte lógico en Bluetooth.
34 |
35 |
36 | ## SCO (Synchronous Connection-Oriented)
37 |
38 | El protocolo SCO es síncrono y orientado a conexión.
39 |
40 | Síncrono se refiere a que este protocolo está pensado para transmitir un ancho de banda fijo y constante. Las capas superiores que usen este protocolo de enlace tendrán la capacidad para enviar y recibir cantidades de datos fijas en el tiempo.
41 |
42 | Orientado a conexión se refiere a que este enlace solo permite conexiones "unicast", es decir, con un único dispositivo.
43 |
44 | En la práctica, SCO se implementa como un slot ACL de tiempo fijo, por este motivo, SCO prioriza el intercambio de información con baja latencia.
45 |
46 | Las características de este transporte lógico lo hacen ideal para la transmisión de datos y voz como en el caso de las llamadas de voz. Estos streams de audio y datos no requieren una calidad excelente por lo que el ancho de banda no ha de ser muy grande, pero si requieren baja latencia y una transmisión de datos consistente e invariable.
--------------------------------------------------------------------------------
/01_documentation/05_data_link_layer.en.md:
--------------------------------------------------------------------------------
1 | ---
2 | layout: default
3 | title: 'Data Link Layer: L2CAP'
4 | description: L2CAP is a Bluetooth data link layer protocol for multiplexing, segmentation, and abstraction of data
5 | parent: Documentation
6 | nav_order: 4
7 | lang: en
8 | page_id: doc_data_link_layer
9 | permalink: documentation/data-link-layer/
10 | ---
11 |
12 | # {{ page.title }}
13 |
14 | The Logical Link Control and Adaptation Layer Protocol (L2CAP) resides in the data link layer. L2CAP provides connection-oriented and connectionless data services to upper layer protocols.
15 |
16 | The focus of this protocol is to add protocol multiplexing capability, segmentation and reassembly operation and group abstractions.
17 |
18 | It is important to note that L2CAP specification is only defined for ACL logical transports and no SCO support is planned.
19 |
20 | 
21 |
22 | ## L2CAP packet structure
23 |
24 | L2CAP general packet structure is defined as a _basic frame_ or _b-frame_.
25 |
26 | 
27 |
28 | L2CAP provides different channels (CID - Channel identifier) where different protocols or services can be multiplexed. Some of the most common CIDs are `0x0001` for the Signaling Channel, `0x0002` for the Connectionless Channel or `0x0006` for the SMP (Security Manager Protocol).
29 |
30 | Particularly, the Connectionless Channel defines an extended packet structure called _group frame_ or _g-frame_ that provides a second layer for service multiplexing called _Protocol/Service Multiplexer_ or _PSM_.
31 |
32 | 
34 |
35 | PSM services are classified in two ranges. The first is assigned by the Bluetooth SIG while the second is free to be assigned by vendors. Bluetooth SIG assigned PSM services can be found in the Bluetooth Assigned numbers document at Sección 2.5. PSM services are further described in the Bluetooth Core Spec V5.3 Vol 3 Part A Section 4.2.
36 |
--------------------------------------------------------------------------------
/01_documentation/05_data_link_layer.es.md:
--------------------------------------------------------------------------------
1 | ---
2 | layout: default
3 | title: 'Capa de enlace de datos: L2CAP'
4 | description: L2CAP es un protocolo de capa de enlace de datos de Bluetooth para multiplexar, segmentar y abstraer datos
5 | parent: Documentación
6 | nav_order: 4
7 | lang: es
8 | page_id: doc_data_link_layer
9 | permalink: documentacion/data-link-layer/
10 | ---
11 |
12 | # {{ page.title }}
13 |
14 | El Protocolo de Control de Enlace Lógico y Adaptación (L2CAP) reside en la capa de enlace de datos. L2CAP proporciona servicios de datos orientados a la conexión y sin conexión a los protocolos de la capa superior.
15 |
16 | El objetivo de este protocolo es añadir capacidad de multiplexación de protocolos, operación de segmentación y reensamblaje y abstracciones de grupo.
17 |
18 | Es importante tener en cuenta que la especificación L2CAP sólo está definida para transportes lógicos ACL y no está prevista la compatibilidad con SCO.
19 |
20 | 
21 |
22 | ## Estructura de paquetes L2CAP
23 |
24 | La estructura general de los paquetes L2CAP se define como una trama _basic frame_ or _b-frame_.
25 |
26 | 
27 |
28 | L2CAP proporciona diferentes canales (CID - Identificador de canal) donde se pueden multiplexar diferentes protocolos o servicios. Algunos de los CID más comunes son 0x0001 para el canal de señalización, `0x0002` para el canal sin conexión o `0x0006` para el SMP (Security Manager Protocol).
29 |
30 | En particular, el canal sin conexión define una estructura de paquete extendida llamada _group frame_ o _g-frame_ que proporciona una segunda capa para la multiplexación de servicios llamada multiplexor de protocolo/servicio ( _Protocol/Service Multiplexer_ ) o _PSM_.
31 |
32 | 
33 |
34 |
35 | Los servicios PSM se clasifican en dos rangos. El primero es asignado por el Bluetooth SIG, mientras que el segundo es libre de ser asignado por los proveedores. Los servicios PSM asignados por el Bluetooth SIG se pueden encontrar en el documento de números asignados por Bluetooth en la Sección 2.5. Los servicios PSM se describen con más detalle en la especificación Bluetooth Core V5.3 Vol 3 Parte A Sección 4.2.
--------------------------------------------------------------------------------
/01_documentation/06_le_modes.en.md:
--------------------------------------------------------------------------------
1 | ---
2 | layout: default
3 | title: Bluetooth LE connection mode
4 | description: List of connection modes and procedures between Bluetooth Low Energy devices
5 | parent: Documentation
6 | nav_order: 10
7 | lang: en
8 | page_id: doc_le_connection
9 | permalink: documentation/bluetooth-le-connection-mode/
10 | ---
11 |
12 | # {{ page.title }}
13 |
14 | According to __Bluetooth Core V5.3, Vol. 3, Part C, Section 10, titled "SECURITY ASPECTS - LE PHYSICAL TRANSPORT"__, the modes and procedures are defined in the same manner for both asynchronous ACL and synchronous CIS connections. This section aims to establish how BLE devices will be paired in terms of security. It's important to note that each mode and procedure comes with specific requirements that are not elaborated here, and it will be essential to consult the mentioned section of the standard for detailed information.
15 |
16 |
17 | ## Connection modes
18 |
19 |
20 | In Bluetooth LE, there are five connection modes that are subdivided into levels:
21 |
22 | * _LE Security Mode 1_:
23 |
24 | - _Level 1_: No Security (no security or encryption)
25 | - _Level 1_: Unauthenticated pairing with encryption
26 | - _Level 1_: Authenticated pairing with encryption
27 | - _Level 1_: Authenticated pairing with LE Secure Connection pairing using a secure 128-bit key
28 |
29 | * _LE Security Mode 2_:
30 |
31 | - _Level 1_: Unauthenticated pairing with data signing
32 | - _Level 1_: Authenticated pairing with data signing
33 |
34 | * _Mixed security Mode_:
35 |
36 | - These are security configurations based on each type of security mode and configuration supported on each device.
37 |
38 | * _Secure Connections Only Mode_:
39 |
40 | - Only secure and authenticated connections are allowed
41 |
42 | * _LE Security Mode 3_:
43 |
44 | - _Level 1_: No Security
45 | - _Level 2_: Use of an unauthenticated broadcast code
46 | - _Level 3_: Use of an authenticated broadcast code
47 |
48 | ## Procedure
49 |
50 | The procedures are not exclusive to any specific mode but are necessary to access a security mode in Bluetooth LE.
51 |
52 | * _Authentication procedure_
53 |
54 | - The authentication procedure covers _LE Security Mode 1_ and is only performed after the connection has been established.
55 | - Authenticationo in _LE Security Mode 1_ is achieved by enabling encryption.
56 |
57 | * _Data Signing_
58 |
59 | - Data signing is used to transfer authenticated data between two devices in an unencrypted communication.
60 | - When _LE Security Mode 2_is requested, the connection data must be signed.
61 |
62 | * _Authorization procedure_
63 |
64 | - A service may require authorization before granting access, which is user confirmation to proceed with the procedure.
65 | - Authentication does not necessarily provide authorization. Authorization may be granted through user confirmation after successful authentication.
66 |
67 | * _Encryption procedure_
68 |
69 | - Central device encrypts the connection using _Encryption Session Setup_ to provide integrity and confidentiality.
70 | - Peripheral device could encrypt the connection with the _Security Request_ command.
71 |
--------------------------------------------------------------------------------
/03_controls/00_index.en.md:
--------------------------------------------------------------------------------
1 | ---
2 | layout: control
3 | title: Controls
4 | summary: Bluetooth security controls
5 | description: Technical controls to evaluate Bluetooth security according to the BSAM methodology and classified according to the operation of the Bluetooth protocol
6 | nav_order: 3
7 | has_children: true
8 | lang: en
9 | page_id: cont_index
10 | permalink: controls/
11 | ---
12 |
13 | Within BSAM, controls are the technical checks that must be carried out to assess, from a security standpoint, a device with Bluetooth capabilities.
14 |
15 | Excluding the initial information gathering section, the **security controls** have been grouped into 6 blocks according to the standard operation of the Bluetooth protocol.
16 |
17 | All controls are categorized according to whether they affect **Bluetooth Classic** (BR/EDR) or **Bluetooth LE** (BLE).
--------------------------------------------------------------------------------
/03_controls/00_index.es.md:
--------------------------------------------------------------------------------
1 | ---
2 | layout: control
3 | title: Controles
4 | summary: Controles de seguridad Bluetooth
5 | description: Controles técnicos para evaluar la seguridad Bluetooth según la metodología BSAM y clasificados según el funcionamiento del protocolo Bluetooth
6 | nav_order: 3
7 | has_children: true
8 | lang: es
9 | page_id: cont_index
10 | permalink: controles/
11 | ---
12 |
13 | En la metodología BSAM los controles son las verificaciones técnicas que deben ser llevadas a cabo para analizar desde el punto de vista de la seguridad un dispositivo con capacidades Bluetooth.
14 |
15 | Excluyendo la sección inicial de recopilación de información, los **controles de seguridad** se han agrupado en 6 bloques conforme al funcionamiento estándar del protocolo Bluetooth.
16 |
17 | Todos los controles estan categorizados según affecten a **Bluetooth Classic** (BR/EDR) o a **Bluetooth LE** (BLE).
--------------------------------------------------------------------------------
/03_controls/01_information_gathering/00_index.en.md:
--------------------------------------------------------------------------------
1 | ---
2 | layout: control
3 | title: Information gathering
4 | summary: Information gathering in Bluetooth device components
5 | description: Information gathering controls in device components of the Bluetooth BSAM security methodology
6 | image: /assets/img/bluetooth-bsam-Information-gathering.jpg
7 | parent: Controls
8 | nav_order: 1
9 | has_children: true
10 | lang: en
11 | page_id: cont_info_index
12 | permalink: controls/bluetooth-information-gathering/
13 | ---
14 |
15 | 
16 | Bluetooth component **information gathering** controls (**BSAM-IG**) focus on gathering public information about the device and its various components.
17 |
18 | The goal of these controls is to obtain valuable security-related information, such as the enumeration of known vulnerabilities. This information can help to accelerate the device's security analysis and technical testing using public information.
19 |
20 | These controls are aligned with [NIST 8228 Considerations for Managing Internet of Things (IoT) Cybersecurity and Privacy Risks](https://csrc.nist.gov/pubs/ir/8228/final)
21 |
--------------------------------------------------------------------------------
/03_controls/01_information_gathering/00_index.es.md:
--------------------------------------------------------------------------------
1 | ---
2 | layout: control
3 | title: Recopilación de información
4 | summary: Recopilación de información en componentes Bluetooth
5 | description: Controles de recopilación de información en componentes de dispositivos de la metodologia de seguridad Bluetooth BSAM
6 | image: /assets/img/bluetooth-bsam-Information-gathering.jpg
7 | parent: Controles
8 | nav_order: 1
9 | has_children: true
10 | lang: es
11 | page_id: cont_info_index
12 | permalink: controles/recopilacion-informacion-bluetooth/
13 | ---
14 |
15 | 
16 | Los controles de **recopilación de información** en componentes del dispositivo Bluetooth (**BSAM-IG**) se centran en la recopilación de información pública del dispositivo y de sus distintos componentes.
17 |
18 | El objetivo de estos controles es obtener información valiosa desde el punto de vista de la seguridad, como la enumeración de vulnerabilidades ya conocidas. Esta información puede ayudar a agilizar el análisis de seguridad del dispositivo y las pruebas técnicas utilizando información pública.
19 |
20 | Estos controles están alineados con las [consideraciones para la gestión de riesgos de ciberseguridad y la privacidad de internet de las cosas del NIST 8228](https://csrc.nist.gov/pubs/ir/8228/final)
--------------------------------------------------------------------------------
/03_controls/01_information_gathering/02_controller_vulnerabilities.en.md:
--------------------------------------------------------------------------------
1 | ---
2 | layout: control
3 | title: BSAM-IG-02
4 | summary: Known Bluetooth controller vulnerabilities
5 | description: How to identify vulnerabilities in your Bluetooth controller to ensure its security.
6 | parent: Information gathering
7 | grand_parent: Controls
8 | nav_order: 2
9 | lang: en
10 | page_id: cont_info_02
11 | permalink: controls/bluetooth-controller-vulnerabilities/
12 | tags:
13 | - BR/EDR
14 | - BLE
15 | ---
16 |
17 |
18 | The lower layers of the Bluetooth standard are implemented in the controller firmware, which is updated less frequently than the host and could contain critical vulnerabilities.
19 |
20 | Identifying known vulnerabilities is a fundamental step in a security audit. It needs to be verified whether these vulnerabilities affect the analyzed device to avoid false positives.
21 |
22 |
23 | ## Description
24 |
25 | The enumeration of known vulnerabilities can be done by searching in vulnerability databases or in general-purpose search engines.
26 |
27 | It important to verify the applicability of each of the vulnerabilities found against the analyzed device.
28 |
29 |
30 | ## Related resources
31 |
32 | Resources that can be useful for the identification of the driver model on the device can be found in the following table:
33 |
34 | {% include res_table.md resources='BSAM-RES-01,BSAM-RES-02' %}
35 |
36 | For vulnerability enumeration the following resources may be of interest:
37 |
38 | {% include res_table.md resources='BSAM-RES-03' %}
39 |
40 |
41 | ## Example case
42 |
43 | For an ESP32 Bluetooth controller, the following results have been identified in different search engines:
44 |
45 | * [https://vuldb.com/?id.178685](https://vuldb.com/?id.178685)
46 | * [https://vuldb.com/?id.145789](https://vuldb.com/?id.145789)
47 | * [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15894](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15894)
48 | * [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17391](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17391)
49 | * [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11015](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11015)
50 | * [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13594](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13594)
51 | * [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13595](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13595)
52 | * [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28135](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28135)
53 | * [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28136](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28136)
54 | * [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28139](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28139)
55 | * [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34173](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34173)
56 | * [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41104)
57 |
58 | Known vulnerabilities should be validated and classified to assess which ones affect and which ones are not applicable to our device.
59 |
--------------------------------------------------------------------------------
/03_controls/02_discovery/00_index.en.md:
--------------------------------------------------------------------------------
1 | ---
2 | layout: control
3 | title: Discovery
4 | summary: Security in the Bluetooth discovery process
5 | description: Controls for the analysis of information transmitted during Bluetooth device discovery
6 | image: /assets/img/bluetooth-bsam-discovery.jpg
7 | parent: Controls
8 | nav_order: 2
9 | has_children: true
10 | lang: en
11 | page_id: cont_disco_index
12 | permalink: controls/bluetooth-discovery/
13 | ---
14 |
15 | 
16 | This group of controls (**BSAM-DI**) focuses on the security of the **Bluetooth discovery process**.
17 |
18 | The goal is the evaluation of the configuration of the analyzed device as well as the study of the data it publicly transmits in the discovery phase, verifying that sensitive data or vulnerable configurations are not exposed.
19 |
20 | The following tests aim to analyze security in **Bluetooth discovery mode**
21 |
--------------------------------------------------------------------------------
/03_controls/02_discovery/00_index.es.md:
--------------------------------------------------------------------------------
1 | ---
2 | layout: control
3 | title: Descubrimiento
4 | summary: Seguridad en proceso de descubrimiento Bluetooth
5 | description: Controles para el análisis de la información transmitida durante el descubrimiento de dispositivos Bluetooth.
6 | image: /assets/img/bluetooth-bsam-discovery.jpg
7 | parent: Controles
8 | nav_order: 2
9 | has_children: true
10 | lang: es
11 | page_id: cont_disco_index
12 | permalink: controles/descubrimiento-bluetooth/
13 | ---
14 |
15 | 
16 | Este grupo de controles (**BSAM-DI**) se enfoca en la seguridad del proceso de **descubrimiento en Bluetooth**.
17 |
18 | El objetivo es la evaluación de la configuración del dispositivo analizado así como el estudio de los datos que transmite públicamente en la fase de descubrimiento, verificando que no se exponen datos sensibles o configuraciones vulnerables.
19 |
20 | Las siguientes pruebas tienen como objetivo analizar la seguridad **Bluetooth en modo descubrimiento**.
--------------------------------------------------------------------------------
/03_controls/02_discovery/03_generic_name.en.md:
--------------------------------------------------------------------------------
1 | ---
2 | layout: control
3 | title: BSAM-DI-03
4 | summary: Generic device naming
5 | description: Avoid using Bluetooth device names that reveal personal or device information.
6 | parent: Discovery
7 | grand_parent: Controls
8 | nav_order: 3
9 | lang: en
10 | page_id: cont_disco_03
11 | permalink: controls/bluetooth-device-name/
12 | tags:
13 | - BR/EDR
14 | - BLE
15 | ---
16 |
17 | Bluetooth devices can send publicly and without the need of authentication or authorization their name and or any other related data.
18 |
19 | The Bluetooth name of a device can give information about the type of device, its user or include the MAC or ID itself. It is recommended that the device has a generic name and discloses the minimum necessary information.
20 |
21 | Knowing who owns a Bluetooth device allows targeted attacks and leads to a privacy problem by being able to uniquely identify a device at a specific time and place.
22 |
23 | ## Description
24 |
25 | The device name may appear during discovery, in BLE announcements or in `Inquiry` responses, or by requesting it with a `HCI_Remote_Name_Request` message.
26 |
27 | In the first case, the name can simply be found during the discovery process, so any Bluetooth application will be useful to display it. However, some devices do not send the name in the discovery packets, so it will be necessary to actively request it.
28 |
29 | For this second case, a connection is established with the device and the name is requested with the HCI command `HCI_Remote_Name_Request`.
30 |
31 | The name obtained in this way must not contain data indicating the purpose of the device or personal data of its user.
32 |
33 |
34 | ## Related resources
35 |
36 | To obtain the name in the manner described above, the following resources may be useful:
37 |
38 | {% include res_table.md resources='BSAM-RES-04,BSAM-RES-05,BSAM-RES-07,BSAM-RES-08' %}
39 |
40 |
41 | ## Example case
42 |
43 | We will use Wireshark with [BTVS](https://learn.microsoft.com/en-us/windows-hardware/drivers/bluetooth/testing-btp-tools-btvs) (btvs.exe -Mode wireshark) (btvs.exe -Mode wireshark) to capture packets for analysis.
44 |
45 | Upon opening Wireshark, packets from nearby devices' advertisements are received. Some devices may include data in their advertisement packets, such as the _device name_ field value `L600474`.
46 |
47 | 
48 |
49 | The name indicates to a potential attacker the existence of this device and may even provide the device model.
50 |
--------------------------------------------------------------------------------
/03_controls/02_discovery/03_generic_name.es.md:
--------------------------------------------------------------------------------
1 | ---
2 | layout: control
3 | title: BSAM-DI-03
4 | summary: Nombre del dispositivo genérico
5 | description: Evita usar nombres de dispositivos Bluetooth que revelen información personal o del dispositivo.
6 | parent: Descubrimiento
7 | grand_parent: Controles
8 | nav_order: 3
9 | lang: es
10 | page_id: cont_disco_03
11 | permalink: controles/nombre-dispositivo-bluetooth/
12 | tags:
13 | - BR/EDR
14 | - BLE
15 | ---
16 |
17 | Los dispositivos Bluetooth pueden enviar de manera pública, y sin necesidad de autenticación o autorización, su nombre y otros datos relacionados.
18 |
19 | El nombre Bluetooth de un dispositivo puede dar información sobre el tipo de dispositivo, su usuario, incluir la propia MAC o un ID único. Es recomendable que el dispositivo tenga un nombre genérico y desvele la mínima información necesaria.
20 |
21 | El conocer a quien pertenece un dispositivo Bluetooth permite ataques dirigidos y deriva en un problema de privacidad al poder identificar un dispositivo de manera univoca en un momento y lugar concreto.
22 |
23 | ## Descripción del proceso
24 |
25 | El nombre del dispositivo puede aparecer durante el descubrimiento, en los anuncios BLE o en las respuestas de `Inquiry`, o solicitándolo con un mensaje `HCI_Remote_Name_Request`.
26 |
27 | En el primer caso, se puede encontrar el nombre simplemente durante el proceso de descubrimiento, por lo que cualquier aplicación Bluetooth será de utilidad para mostrarlo. Sin embargo, algunos dispositivos no envían el nombre en los paquetes de descubrimiento, por lo que será necesario solicitarlo activamente.
28 |
29 | Para este segundo caso, se establece una conexión con el dispositivo y se solicita el nombre con el mandato HCI `HCI_Remote_Name_Request`.
30 |
31 | El nombre obtenido de esta forma no debe contener datos que indiquen el propósito del dispositivo ni datos personales de su usuario.
32 |
33 | ## Recursos relacionados
34 |
35 | Para obtener el nombre pueden ser útiles los siguientes recursos:
36 |
37 | {% include res_table.md resources='BSAM-RES-04,BSAM-RES-05,BSAM-RES-07,BSAM-RES-08' %}
38 |
39 | ## Caso de ejemplo
40 | Usaremos Wireshark con [BTVS](https://learn.microsoft.com/es-es/windows-hardware/drivers/bluetooth/testing-btp-tools-btvs) (btvs.exe -Mode wireshark) para realizar la captura de paquetes para su análisis.
41 |
42 | Al abrir Wireshark se reciben los paquetes de anuncio de los dispositivos cercanos. Alguno dispositivos pueden enviar datos en sus paquetes de anuncio, como el valor del _device name_ `L600474`.
43 |
44 | 
45 |
46 | El nombre indica a un posible atacante la existencia de este dispositivo y puede proporcionar incluso el modelo del mismo.
--------------------------------------------------------------------------------
/03_controls/02_discovery/05_discoverable_by_default.en.md:
--------------------------------------------------------------------------------
1 | ---
2 | layout: control
3 | title: BSAM-DI-05
4 | summary: Device discoverablility
5 | description: Check that your Bluetooth device is not discoverable by default to reduce attack surface.
6 | parent: Discovery
7 | grand_parent: Controls
8 | nav_order: 5
9 | lang: en
10 | page_id: cont_disco_05
11 | permalink: controls/bluetooth-device-discovery/
12 | tags:
13 | - BR/EDR
14 | - BLE
15 | ---
16 |
17 | Bluetooth devices have the ability to be discoverable at all times, either because they actively advertise themselves by sending _advertising_ packets or because they respond to _inquiry_ type queries by indicating that they are available. This is for the convenience of the user, so that the devices automatically connect when they are nearby.
18 | It is a good practice that this discovery is not active by default and that it is only active on user demand, so that the user can activate and deactivate this state to avoid being detected and identified when it is not necessary, even penalizing the usability and user experience.
19 |
20 | Discoverable devices by default allow the extraction of some of the information needed to be impersonated (MAC, Name, Supported Bluetooth Version...), as well as other relevant information. It is recommended to keep them non-discoverable as long as it is not necessary for pairing or connection.
21 |
22 | Devices with input controls, such as buttons and keyboards, or similar items, should allow to change the discoverability status via these controls.
23 |
24 |
25 | ## Description
26 |
27 | To fulfil the requirement it must be proven that the device is only discoverable by changing the state to discoverable and only for a limited time or until a connection is established or the state is manually deactivated.
28 |
29 |
30 | ## Related resources
31 |
32 | To test the discoverability of the device, Bluetooth LE `beacons` or `Extended Inquiry Response` messages can be obtained using the following resources:
33 |
34 | {% include res_table.md resources='BSAM-RES-04,BSAM-RES-05,BSAM-RES-07,BSAM-RES-08' %}
35 |
36 |
37 | ## Example case
38 |
39 | Bluetooth headphones are turned on to carry out this analysis. Opening Wireshark with [BTVS](https://learn.microsoft.com/en-us/windows-hardware/drivers/bluetooth/testing-btp-tools-btvs) allows the capture of packets for analysis. The "beacons" provide visibility of the device emitting them, in this case, the headphones.
40 |
41 | 
42 |
43 | The control _FAIL_ when the device is discoverable by default.
44 |
45 | This behavior could be improved by making the headset not discoverable unless the user forces this mode. To achieve automatic connection of the headset, the headset would have to try to initiate a connection to the mobile device or computer to which it was previously connected.
46 |
--------------------------------------------------------------------------------
/03_controls/02_discovery/05_discoverable_by_default.es.md:
--------------------------------------------------------------------------------
1 | ---
2 | layout: control
3 | title: BSAM-DI-05
4 | summary: Descubrimiento de dispositivo
5 | description: Comprueba que tu dispositivo Bluetooth no sea descubrible por defecto para reducir la superficie de ataque.
6 | parent: Descubrimiento
7 | grand_parent: Controles
8 | nav_order: 5
9 | lang: es
10 | page_id: cont_disco_05
11 | permalink: controles/descubrimiento-dispositivos-bluetooth/
12 | tags:
13 | - BR/EDR
14 | - BLE
15 | ---
16 |
17 | Los dispositivos Bluetooth tienen la capacidad de ser descubribles en todo momento, ya sea porque se anuncian activamente mediante el envío de paquetes de _advertising_ o porque ante consultas de tipo _inquiry_ responden indicando que se encuentran disponibles. Esto es así por comodidad de cara al usuario, de manera que los dispositivos se conectan automáticamente cuando estén cerca.
18 | Es una buena práctica que este descubrimiento no este activo por defecto y que lo esté únicamente bajo demanda del usuario, de manera que pueda activar y desactivar este estado para no ser detectado e identificado cuando no es necesario, aun penalizando la usabilidad y experiencia de usuario.
19 |
20 |
21 | Los dispositivos descubribles por defecto permiten la extracción de parte de la información necesaria para ser suplantados (MAC, Nombre, Versión de Bluetooth soportada...), además de otra información relevante. Se recomienda mantener el dispositivo en estado _no descubrible_ mientras no sea necesario realizar el proceso de emparejamiento o la conexión.
22 |
23 | Los dispositivos con controles de entrada, como botones y teclados, o elementos similares, deben permitir cambiar el estado de descubribilidad mediante estos controles.
24 |
25 | ## Descripción del proceso
26 |
27 | Para cumplir el requisito se debe validar que sólo es posible descubrir el dispositivo al cambiar el estado a descubrible y sólo durante un tiempo limitado o hasta que se establezca una conexión o se desactive el estado manualmente.
28 |
29 | ## Recursos relacionados
30 |
31 | Para comprobar la descubribilidad del dispositivo se pueden obtener los `beacons` de Bluetooth LE o los mensajes de `Extended Inquiry Response` mediante los siguientes recursos:
32 |
33 | {% include res_table.md resources='BSAM-RES-04,BSAM-RES-05,BSAM-RES-07,BSAM-RES-08' %}
34 |
35 | ## Caso de ejemplo
36 |
37 | Se encienden unos auriculares Bluetooth para llevar a cabo este análisis. Al abrir Wireshark con [BTVS](https://learn.microsoft.com/es-es/windows-hardware/drivers/bluetooth/testing-btp-tools-btvs) es posible capturar los paquetes para su posterior análisis. Los `beacons` ofrecen visibilidad sobre el dispositivo que los emite, en este caso, los auriculares.
38 |
39 | 
40 |
41 | El resultado del control será _FAIL_ cuando un dispositivo es descubrible por defecto.
42 |
43 | Se puede mejorar este comportamiento haciendo que los auriculares no fuesen descubribles a menos que el usuario forzase ese modo. Para lograr la conexión automática de los auriculares, deberían ser estos los que tratasen de iniciar una conexión con el dispositivo móvil u ordenador al que estaban conectados previamente.
44 |
--------------------------------------------------------------------------------
/03_controls/03_pairing/00_index.en.md:
--------------------------------------------------------------------------------
1 | ---
2 | layout: control
3 | title: Pairing
4 | summary: Security in the Bluetooth pairing process
5 | description: Bluetooth BSAM security controls associated with the device pairing process
6 | image: /assets/img/bluetooth-bsam-pairing.jpg
7 | parent: Controls
8 | nav_order: 3
9 | has_children: true
10 | lang: en
11 | page_id: cont_pair_index
12 | permalink: controls/bluetooth-pairing/
13 | ---
14 |
15 | 
16 | This section (**BSAM-PA**) deals with possible configuration and operation issues of the **pairing** process.
17 |
18 | The objective of this group is the evaluation of the configuration of the analyzed device as well as the study of the supported pairing modes, making sure that no sensitive data or vulnerable configurations are exposed, and that no pairing of devices is allowed without user notification and supervision.
19 |
--------------------------------------------------------------------------------
/03_controls/03_pairing/00_index.es.md:
--------------------------------------------------------------------------------
1 | ---
2 | layout: control
3 | title: Emparejamiento
4 | summary: Seguridad en el proceso de emparejamiento Bluetooth
5 | description: Controles de seguridad de la metodologia de seguridad Bluetooth BSAM asociados al proceso de emparejamiento de dispositivos
6 | image: /assets/img/bluetooth-bsam-pairing.jpg
7 | parent: Controles
8 | nav_order: 3
9 | has_children: true
10 | lang: es
11 | page_id: cont_pair_index
12 | permalink: controles/emparejamiento-bluetooth/
13 | ---
14 |
15 | 
16 | Esta sección contiene controles (**BSAM-PA**) relacionados con problemas de configuración y operación del proceso de **emparejamiento**.
17 |
18 | El objetivo de este grupo de controles es la evaluación de la configuración del dispositivo analizado, así como el estudio de los modos de emparejamiento soportados, verificando de que no se exponen datos sensibles o configuraciones vulnerables, y que no se permite el emparejamiento de dispositivos sin la notificación y supervisión del usuario.
19 |
--------------------------------------------------------------------------------
/03_controls/03_pairing/01_pairable_default.en.md:
--------------------------------------------------------------------------------
1 | ---
2 | layout: control
3 | title: BSAM-PA-01
4 | summary: Pairable mode by default
5 | description: Check that your Bluetooth device is not in pairing mode by default. Prevent an attacker from being able to pair with your device without your intervention
6 | parent: Pairing
7 | grand_parent: Controls
8 | nav_order: 1
9 | lang: en
10 | page_id: cont_pair_01
11 | permalink: controls/bluetooth-device-pairing-mode/
12 | tags:
13 | - BR/EDR
14 | - BLE
15 | ---
16 |
17 | The first step when using a Bluetooth device is pairing, at which time trust is established between the two to allow future connections. This pairing for security reasons must require user validation and supervision so that a new pairing attempt can validate or cancel the process.
18 |
19 | Devices configured to answer to pairing requests without user intervention allow the extraction of part of the information necessary to be impersonated (MAC, Name, Bluetooth Version supported...). It is recommended to prevent a device from being paired with other devices if it is not necessary. Preferably, the pairing mode should require physical user intervention such as pressing a button.
20 |
21 | A paired device can make requests and interact with the audited device and may therefore pose a security risk if the device contains sensitive information.
22 |
23 |
24 | ## Description
25 |
26 | It must be proven that it is only possible to pair with the device by changing its status to pairable. The change of mode to pairable mode must require user intervention to be enabled. Pairable mode must be enabled for a limited time, until a pairing is performed, or the user manually deactivates the status.
27 |
28 |
29 | ## Related resources
30 |
31 | To check if the device is pairable, a pairing process can be initiated with user tools or by using libraries such as Scapy. From the resources section, the following may be useful:
32 |
33 | {% include res_table.md resources='BSAM-RES-04,BSAM-RES-05,BSAM-RES-06,BSAM-RES-07' %}
34 |
35 |
36 | ## Example case
37 |
38 | A Bluetooth headset is discoverable and pairable after it is turned on. During that time, another unpaired device can access information about these headsets through pairing requests without the user being notified.
39 |
40 | We will use Wireshark with [BTVS](https://learn.microsoft.com/en-us/windows-hardware/drivers/bluetooth/testing-btp-tools-btvs) (btvs.exe -Mode wireshark) to capture packets for analysis.
41 |
42 | We are pairing headphones with the laptop, which initiates a new connection by requesting the input/output capabilities, 'IO Capability,' with the _IO Capability Request_ command:
43 |
44 | 
45 |
46 | The headphones, at that moment, allow the connection as they respond with 'IO Capability' using the _IO Capability Request Reply_ command:
47 |
48 | 
49 |
50 | The procedure culminates with the establishment of the connection, notified by the _Simple Pairing Complete_ command:
51 |
52 | 
53 |
54 | The check control _FAIL_ because the device is pairable by default.
55 |
--------------------------------------------------------------------------------
/03_controls/03_pairing/06_known_pins.en.md:
--------------------------------------------------------------------------------
1 | ---
2 | layout: control
3 | title: BSAM-PA-06
4 | summary: Known Pin Codes
5 | description: Check that your Bluetooth device is not fixed PIN code. This is important to prevent an attacker from being able to decrypt the PIN code and take control of the pairing process
6 | parent: Pairing
7 | grand_parent: Controls
8 | nav_order: 6
9 | lang: en
10 | page_id: cont_pair_06
11 | permalink: controls/bluetooth-known-pin-codes/
12 | tags:
13 | - BR/EDR
14 | - BLE
15 | ---
16 |
17 |
18 | One of the methods used during pairing to generate the shared key between devices involves sharing a randomly generated PIN code by one of the devices. From this PIN number, which the user must input, the link key is generated, making it crucial to prevent the generated number from being predictable. In some cases, such as car radios or Apple TVs, the PIN can be a fixed 4-digit number.
19 |
20 | The randomness of the seeds used in cryptographic procedures to generate Bluetooth link keys is of paramount importance. When a fixed parameter, such as the PIN code, is used, the entropy of this input is reduced, leading to a decrease in the level of security and, as a result, weakening the protection of the device's link keys. This is because link keys can potentially be derived from this fixed PIN code, compromising the system's security.
21 |
22 | ## Description
23 |
24 | To verify the validity of the control, multiple pairings should be performed to collect data that allows the detection of patterns in known fixed PIN numbers.
25 |
26 | The task to be performed consists of verifying that the following is not met:
27 |
28 | * Constant PIN number: the same PIN number is used for each pairing, which is not secure for ensuring protection against MITM attacks.
29 |
30 | Control is met it the received PIN number are not repeated.
31 |
32 | ## Related resources
33 |
34 | Some resources related to this control are the following:
35 |
36 | {% include res_table.md resources='BSAM-RES-04,BSAM-RES-05,BSAM-RES-07' %}
37 |
38 | ## Example case
39 |
40 | To evaluate the security of the system PIN generation, multiple pairing processes are initiated with a cell phone by capturing them using the technique {% include res_link.md res='BSAM-RES-05' %}. During this process it is evident that the device consistently displays a fixed PIN with the value `0000`.
41 |
42 | Therefore, this device does not overcome the control since the generation of PIN codes is predictable, so it is possible to take control of a pairing process.
43 |
--------------------------------------------------------------------------------
/03_controls/03_pairing/06_known_pins.es.md:
--------------------------------------------------------------------------------
1 | ---
2 | layout: control
3 | title: BSAM-PA-06
4 | summary: Código PIN conocidos
5 | description: Comprueba que tu dispositivo Bluetooth no utiliza un código PIN fijo. Es importante para evitar que un atacante pueda descifrar el código PIN y tomar el control del proceso de emparejamiento
6 | parent: Emparejamiento
7 | grand_parent: Controles
8 | nav_order: 6
9 | lang: es
10 | page_id: cont_pair_06
11 | permalink: controles/codigo-pin-conocido-bluetooth/
12 | tags:
13 | - BR/EDR
14 | - BLE
15 | ---
16 |
17 | Uno de los métodos utilizados durante el emparejamiento para generar la clave compartida entre los dispositivos consiste en compartir un código PIN generado aleatoriamente por uno de los dispositivos. A partir de este número PIN, que el usuario debe introducir, se genera la clave de enlace, por lo que es fundamental evitar que el número generado sea predecible. En algunos casos, como las radios de los automóviles o en los Apple TV, el PIN puede ser un número fijo de 4 dígitos.
18 |
19 | La aleatoriedad de las semillas utilizadas en los procedimientos criptográficos para generar claves de enlace en Bluetooth es de suma importancia. Cuando se emplea un parámetro fijo, como el código PIN, se disminuye la entropía de esta entrada, lo que conlleva a una reducción en el nivel de seguridad y, por ende, debilita la protección de las claves de enlace del dispositivo. Esto se debe a que las claves de enlace pueden ser potencialmente derivadas a partir de este código PIN fijo, lo que compromete la seguridad del sistema.
20 |
21 |
22 | ## Descripción del proceso
23 |
24 | Para comprobar la validez del control se deben realizar múltiples emparejamientos para recopilar datos que permitan detectar que los números PIN son fijos.
25 |
26 | La tara a realizar consiste en comprobar que no se cumple:
27 |
28 | * Número PIN constante: se usa el mismo número PIN para cada emparejamiento, lo que no es seguro para garantizar la protección contra MITM.
29 |
30 | El control se cumple si no se repiten los números PIN recibidos.
31 |
32 | ## Caso de ejemplo
33 |
34 | Para evaluar la seguridad de la generación de PIN del sistema se inician múltiples procesos de emparejamiento con un teléfono móvil capturándose mediante la técnica {% include res_link.md res='BSAM-RES-05' %}. Durante este proceso se evidencia que el dispositivo siempre indica el mismo número pin con el valor `0000`.
35 |
36 | Por lo tanto, este dispositivo no supera el control ya que la generación de códigos PIN es predecible por lo que es posible hacerse con el control de un proceso de emparejamiento.
37 |
38 | ## Recursos relacionados
39 |
40 | Para comprobar este control, pueden ser útiles los siguientes recursos:
41 |
42 | {% include res_table.md resources='BSAM-RES-04,BSAM-RES-05,BSAM-RES-07' %}
--------------------------------------------------------------------------------
/03_controls/03_pairing/09_min_pin_length.en.md:
--------------------------------------------------------------------------------
1 | ---
2 | layout: control
3 | title: BSAM-PA-09
4 | summary: Minimum PIN code length
5 | description: Check that your Bluetooth device requires a PIN code of at least 8 digits in BR/EDR and 6 digits in BLE. This is important to prevent an attacker from being able to brute-force the PIN code
6 | parent: Pairing
7 | grand_parent: Controls
8 | nav_order: 9
9 | lang: en
10 | page_id: cont_pair_09
11 | permalink: controls/bluetooth-pin-code-lenght/
12 | tags:
13 | - BR/EDR
14 | - BLE
15 | ---
16 |
17 |
18 | In a pairing process with Passkey (or PIN number) the device prompts the user or automatically generates a PIN number that must be entered at both paired ends. In addition to authenticating that both devices belong to the same user, the PIN number is used to generate the link key that will authenticate the devices in future connections, so the length must be adequate to avoid brute force attacks.
19 |
20 | PIN numbers shorter than 8 digits in BR/EDR or 6 digits in BLE are not recommended due to their weakness against brute force attacks, so whether the device requests the PIN from the user or generates it automatically, the device must verify that the length is not shorter than 8 digits in BR/EDR and equal 6 digits in BLE.
21 |
22 |
23 | ## Description
24 |
25 | To check that short PIN numbers are not supported, you can try pairing with another device. When entering a number shorter than 8 digits in BR/EDR or 6 digits in BLE the device must reject it. If the PIN is generated by the device, it must be longer than 8 digits in BR/EDR and equal 6 digits in BLE.
26 |
27 | In case the device is not the initiator, it must reject pairing attempts that specify a PIN number that is too short.
28 |
29 | These tests can be performed with Bluetooth test devices that support PIN or Passkey authentication or using a PC with the operating system's own tools.
30 |
31 | ## Related resources
32 |
33 | Some resources related to this control are the following:
34 |
35 | {% include res_table.md resources='BSAM-RES-04,BSAM-RES-05,BSAM-RES-07,BSAM-RES-09' %}
36 |
37 | ## Example case
38 |
39 | The security of the Bluetooth communications of a car's radio/infotainment unit is being evaluated. After verifying controls {% include ctl_link.md ctl='BSAM-PA-02' %}, {% include ctl_link.md ctl='BSAM-PA-06' %}, and {% include ctl_link.md ctl='BSAM-PA-07' %}, it is concluded that the analyzed device exposes physical capabilities consistent with the available hardware, specifically a display and a YES/NO input, as there is no full keyboard. Due to these input/output capabilities, the most secure authentication method involves comparing a PIN generated through automatic methods based on secure entropy sources.
40 |
41 | To assess the security of PIN generation, the PIN must have a length of 6 digits. This is crucial because the not provided values internally are completed upt to 6 digits by the Bluetooth _toolbox_ with __00__ on the left side of the entered Pin Code. This reduces the variability of the _Random Value_ field in the _Pairing Random_ command.
42 |
43 | This simplifies the process of regenerating link passwords, enabling attacks of the __store now, decrypt later__ type.
44 |
45 | The check control _FAIL_ if the generated Pin Code does not have 6 digits.
--------------------------------------------------------------------------------
/03_controls/03_pairing/10_link_key_storage.en.md:
--------------------------------------------------------------------------------
1 | ---
2 | layout: control
3 | title: BSAM-PA-10
4 | summary: Storage of Bluetooth Link keys
5 | description: Ensure that your Bluetooth device stores link keys securely to prevent attacks.
6 | parent: Pairing
7 | grand_parent: Controls
8 | nav_order: 10
9 | lang: en
10 | page_id: cont_pair_10
11 | permalink: controls/storage-bluetooth-link-keys/
12 | tags:
13 | - BR/EDR
14 | - BLE
15 | ---
16 |
17 | The pairing process concludes with the establishment of a link key between the devices that both must keep authenticating and encrypt future connections.
18 |
19 | The storage of these link keys can be critical to maintain confidentiality in Bluetooth connections, so their storage must be secure. On Linux systems, it is common for them to be stored in clear files protected by access permissions. this protection may not be sufficient on a device without encrypted storage: an attacker can access the stored data, extract the keys, and use them if they are valid to communicate with the other end.
20 |
21 | In small devices or devices with proprietary implementations (Bluetooth headsets and speakers, for example), this storage may be defined by the manufacturer and the confidentiality of the keys must be verified by reversing techniques or by accessing the device's firmware.
22 |
23 | ## Description
24 |
25 | Verifying that key confidentiality is protected requires knowledge of the device software and the presence of TPM chips.
26 |
27 | On devices with standard operating systems, it will be possible to use the tools available. in the case of Linux systems, the BlueZ stack stores the link keys in plain text files that can usually be found in `/var/lib/bluetooth`. Android also stores bluetooth keys in `/data/misc/bluedroid/bt_config.conf` in a plaintext format. Windows uses the following registry key: `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\`.
28 |
29 | For devices with proprietary firmware, it may be necessary to extract the firmware and examine it using reversing techniques or source code review processes, if available.
30 |
31 |
32 | ## Example case
33 |
34 | The following screenshot shows the content of the device information file 84:5F:04:F1:45:CA in the `/var/lib/bluetooth` path of a Linux device, paired with our driver (20:81:9A:10:00:00:00), in which the link key value is found:
35 |
36 | 
37 |
38 | The files are protected by administrator user privileges, but on a device with accessible storage, this information can be extracted. To prevent this, unauthorized access to the storage must be prevented, e.g., by encryption.
39 |
--------------------------------------------------------------------------------
/03_controls/03_pairing/10_link_key_storage.es.md:
--------------------------------------------------------------------------------
1 | ---
2 | layout: control
3 | title: BSAM-PA-10
4 | summary: Almacenamiento de claves de enlace Bluetooth
5 | description: Asegúrate de que tu dispositivo Bluetooth almacene las claves de enlace de forma segura para evitar ataques.
6 | parent: Emparejamiento
7 | grand_parent: Controles
8 | nav_order: 10
9 | lang: es
10 | page_id: cont_pair_10
11 | permalink: controles/almacenamiento-claves-enlace-bluetooth/
12 | tags:
13 | - BR/EDR
14 | - BLE
15 | ---
16 |
17 | El proceso de emparejamiento concluye con el establecimiento de una clave de enlace entre los dispositivos que ambos deben conservar para autenticarse y cifrar futuras conexiones.
18 |
19 | El almacenamiento de estas claves de enlace puede ser crítico para mantener la confidencialidad en las conexiones Bluetooth, por lo que su almacenamiento debe ser seguro. En los sistemas Linux es habitual que se almacenen en ficheros en claro protegidos por los permisos de acceso. Esta protección puede no ser suficiente en un dispositivo sin almacenamiento cifrado: un atacante puede acceder a los datos almacenados, extraer las claves y utilizarlas mientras sean válidas para comunicarse con el otro extremo.
20 |
21 | En dispositivos pequeños o con implementaciones propietarias (auriculares y altavoces Bluetooth, por ejemplo), este almacenamiento puede estar definido por el fabricante y se debe verificar la confidencialidad de las claves mediante técnicas de reversing o accediendo al firmware del dispositivo.
22 |
23 | ## Descripción del proceso
24 |
25 | Verificar que la confidencialidad de las claves está protegida requiere conocer el software del dispositivo y la presencia de chips TPM.
26 |
27 | En dispositivos con sistemas operativos estándar, será posible utilizar las herramientas de que disponen. En el caso de sistemas Linux, la pila BlueZ almacena las claves de enlace en ficheros de texto plano que habitualmente pueden encontrarse en `/var/lib/bluetooth`. En el caso de Android, las claves también se pueden encontrar en `/data/misc/bluedroid/bt_config.conf`. Windows hace uso de la siguiente clave de registro `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\`.
28 |
29 | En dispositivos con firmware propio puede ser necesario extraer el firmware y examinarlo mediante técnicas de reversing o mediante procesos de revisión de código fuente, si este está disponible.
30 |
31 | ## Caso de ejemplo
32 |
33 | La siguiente captura muestra el contenido del fichero de información del dispositivo 84:5F:04:F1:45:CA en la ruta `/var/lib/bluetooth` de un dispositivo con Linux, emparejado con nuestro controlador (20:81:9A:10:00:00), en el que se encuentra el valor de la clave de enlace:
34 |
35 | 
36 |
37 | Los ficheros están protegidos por los privilegios de usuario administrador, pero en un dispositivo con almacenamiento accesible, esta información puede ser extraída. Para evitarlo, se debe evitar el acceso no autorizado al almacenamiento, por ejemplo, mediante cifrado.
38 |
--------------------------------------------------------------------------------
/03_controls/04_authentication/00_index.en.md:
--------------------------------------------------------------------------------
1 | ---
2 | layout: control
3 | title: Authentication
4 | summary: Security in the Bluetooth authentication process
5 | description: BSAM security methodology controls focused on the Bluetooth device authentication process
6 | image: /assets/img/bluetooth-bsam-authentication.jpg
7 | parent: Controls
8 | nav_order: 4
9 | has_children: true
10 | lang: en
11 | page_id: cont_auth_index
12 | permalink: controls/bluetooth-authentication/
13 | ---
14 |
15 | 
16 | This group of controls (**BSAM-AU**) focuses on the security of the **authentication** process of Bluetooth devices.
17 |
18 | The objective of this group is the evaluation of the configuration of the analyzed device, making sure that it does not allow the authentication of unknown devices, avoiding exfiltrating information that should not be known without a legitimate authentication process.
19 |
--------------------------------------------------------------------------------
/03_controls/04_authentication/00_index.es.md:
--------------------------------------------------------------------------------
1 | ---
2 | layout: control
3 | title: Autenticación
4 | summary: Seguridad en el proceso de autenticación Bluetooth
5 | description: Controles de la metodología de seguridad BSAM orientados al proceso de autenticación de dispositivos en Bluetooth
6 | image: /assets/img/bluetooth-bsam-authentication.jpg
7 | parent: Controles
8 | nav_order: 4
9 | has_children: true
10 | lang: es
11 | page_id: cont_auth_index
12 | permalink: controles/autenticacion-bluetooth/
13 | ---
14 |
15 | 
16 | Este grupo de controles (**BSAM-AU**) se enfoca en la seguridad del proceso de **autenticación** de dispositivos en Bluetooth.
17 |
18 | El objetivo de estos controles es la evaluación de la configuración del dispositivo analizado, verificando que no se permite la autenticación de dispositivos no conocidos, evitando exfiltrar información que no debería conocerse sin un proceso de autenticación previo.
19 |
--------------------------------------------------------------------------------
/03_controls/05_encryption/00_index.en.md:
--------------------------------------------------------------------------------
1 | ---
2 | layout: control
3 | title: Encryption
4 | summary: Security in encryption of Bluetooth communications
5 | description: BSAM methodology controls to evaluate the secure and encrypted transmission of information over Bluetooth
6 | image: /assets/img/bluetooth-bsam-encryption.jpg
7 | parent: Controls
8 | nav_order: 5
9 | has_children: true
10 | lang: en
11 | page_id: cont_enc_index
12 | permalink: controls/bluetooth-encryption/
13 | ---
14 |
15 | 
16 | This group of controls (**BSAM-EN**) focuses on the security of the **encryption** process of Bluetooth communications.
17 |
18 | The objective of this group is the evaluation of the configuration of the analyzed device, making sure that it does not allow the transmission of sensitive data in the clear or the downgrade of the encryption mechanisms, avoiding the exfiltration of information that should not be public.
19 |
--------------------------------------------------------------------------------
/03_controls/05_encryption/00_index.es.md:
--------------------------------------------------------------------------------
1 | ---
2 | layout: control
3 | title: Cifrado
4 | summary: Seguridad en cifrado de las comunicaciones Bluetooth
5 | description: Controles de la metología BSAM para evaluar la transmisión de información a través de Bluetooth de forma segura y cifrada
6 | image: /assets/img/bluetooth-bsam-encryption.jpg
7 | parent: Controles
8 | nav_order: 5
9 | has_children: true
10 | lang: es
11 | page_id: cont_enc_index
12 | permalink: controles/cifrado-bluetooth/
13 | ---
14 |
15 | 
16 | Este grupo de controles (**BSAM-EN**) se enfoca en la seguridad del proceso de **cifrado** de las comunicaciones de Bluetooth.
17 |
18 | El objetivo de este grupo es la evaluación de la configuración del dispositivo analizado, verificando que no se permite la transmisión de datos sensibles en claro o el downgrade de los mecanismos de cifrado, evitando exfiltrar información que no debería ser pública.
19 |
--------------------------------------------------------------------------------
/03_controls/06_services/00_index.en.md:
--------------------------------------------------------------------------------
1 | ---
2 | layout: control
3 | title: Services
4 | summary: Security in Bluetooth services
5 | description: Bluetooth BSAM methodology controls for the security of applications exposed through Bluetooth services
6 | image: /assets/img/bluetooth-bsam-services.jpg
7 | parent: Controls
8 | nav_order: 6
9 | has_children: true
10 | lang: en
11 | page_id: cont_services_index
12 | permalink: controls/bluetooth-services/
13 | ---
14 |
15 | 
16 | This group of controls (**BSAM-SE**) focuses on the **security of available Bluetooth services** in a device.
17 |
18 | The objective of this group is the evaluation of the configuration of the analysed device, making sure that it does not allow the access to services without proper authorization to avoid exfiltrating information that should not be known without a proper access clearance.
19 |
--------------------------------------------------------------------------------
/03_controls/06_services/00_index.es.md:
--------------------------------------------------------------------------------
1 | ---
2 | layout: control
3 | title: Servicios
4 | summary: Seguridad en servicios Bluetooth
5 | description: Controles de la metodologia de Bluetooth BSAM en la seguridad de las aplicaciones expuestas a través de servicios Bluetooth
6 | image: /assets/img/bluetooth-bsam-services.jpg
7 | parent: Controles
8 | nav_order: 6
9 | has_children: true
10 | lang: es
11 | page_id: cont_services_index
12 | permalink: controles/servicios-bluetooth/
13 | ---
14 |
15 | 
16 | Este grupo de controles (**BSAM-SE**) se enfoca en la **seguridad de los servicios Bluetooth** disponibles en un dispositivo Bluetooth.
17 |
18 | El objetivo de estos controles es la evaluación de la configuración del dispositivo analizado, verificando que no se permite el acceso a servicios sin la autorización adecuada, evitando exfiltrar información que no debería conocerse sin unas credenciales adecuadas.
19 |
--------------------------------------------------------------------------------
/03_controls/07_application/00_index.en.md:
--------------------------------------------------------------------------------
1 | ---
2 | layout: control
3 | title: Application
4 | summary: Bluetooth application layer security
5 | description: Bluetooth security controls for Bluetooth service-exposed applications in the Bluetooth BSAM security methodology
6 | image: /assets/img/bluetooth-bsam-application.jpg
7 | parent: Controls
8 | nav_order: 7
9 | has_children: true
10 | lang: en
11 | page_id: cont_app_index
12 | permalink: controls/bluetooth-application/
13 | ---
14 |
15 | 
16 | This group of controls (BSAM-AP) focuses on the **security of applications exposed** via Bluetooth services in a device.
17 |
18 | The objective of this group is the evaluation of the configuration of the analysed device, making sure that applications in the device exposed via Bluetooth services are properly configured and that are securely designed and developed.
19 |
--------------------------------------------------------------------------------
/03_controls/07_application/00_index.es.md:
--------------------------------------------------------------------------------
1 | ---
2 | layout: control
3 | title: Aplicación
4 | summary: Seguridad en la capa de aplicación Bluetooth
5 | description: Controles en aplicaciones expuestas a través de servicios Bluetooth en la metodologia de seguridad Bluetooth BSAM
6 | image: /assets/img/bluetooth-bsam-application.jpg
7 | parent: Controles
8 | nav_order: 7
9 | has_children: true
10 | lang: es
11 | page_id: cont_app_index
12 | permalink: controles/aplicacion-bluetooth/
13 | ---
14 |
15 | 
16 | Este grupo de controles (**BSAM-AP**) se enfoca en la **seguridad de las aplicaciones expuestas** a través de servicios de Bluetooth un dispositivo.
17 |
18 | El objetivo de estos controles es la evaluación de la configuración del dispositivo analizado, verificando que las aplicaciones que un dispositivo Bluetooth expone están correctamente diseñadas y son seguras.
19 |
--------------------------------------------------------------------------------
/03_controls/07_application/01_controller_updates.en.md:
--------------------------------------------------------------------------------
1 | ---
2 | layout: control
3 | title: BSAM-AP-01
4 | summary: Controller firmware update
5 | description: Check that your Bluetooth device has a mechanism to update the controller firmware. This is important to fix bugs and security vulnerabilities that may be found
6 | parent: Application
7 | grand_parent: Controls
8 | nav_order: 1
9 | lang: en
10 | page_id: cont_app_01
11 | permalink: controls/bluetooth-controller-firmware-update/
12 | tags:
13 | - BR/EDR
14 | - BLE
15 | ---
16 |
17 | Bluetooth devices may have driver firmware update capabilities.
18 |
19 | There is always a possibility that either bugs or security flaws will be found in a device's controller firmware. The only mechanism that can be used to solve those bugs and security flaws is via firmware updates.
20 |
21 | For the above reasons, it is fundamental to include a controller firmware update mechanism in a device, otherwise if a problem is found, it will be impossible to fix it without recalling all the devices in use.
22 |
23 |
24 | ## Description
25 |
26 | The procedure consists on verifying that there is in place any update mechanism to update controller firmware in the device under study.
27 |
28 | Each manufacturer may choose to include different proprietary mechanisms.
29 |
30 | This control is considered satisfactory when it is verified that the device supports remote firmware updates.
31 |
32 | ## Related resources
33 |
34 | To check this control, the following resources may be useful:
35 |
36 | {% include res_table.md resources='BSAM-RES-04,BSAM-RES-05' %}
37 |
--------------------------------------------------------------------------------
/03_controls/07_application/01_controller_updates.es.md:
--------------------------------------------------------------------------------
1 | ---
2 | layout: control
3 | title: BSAM-AP-01
4 | summary: Actualización del firmware del controller
5 | description: Comprueba que tu dispositivo Bluetooth tiene un mecanismo para actualizar el firmware del controlador. Es importante para corregir errores y vulnerabilidades de seguridad que se puedan encontrar
6 | parent: Aplicación
7 | grand_parent: Controles
8 | nav_order: 1
9 | lang: es
10 | page_id: cont_app_01
11 | permalink: controles/actualizacion-firmware-controlador-bluetooth/
12 | tags:
13 | - BR/EDR
14 | - BLE
15 | ---
16 |
17 | Los dispositivos bluetooth pueden contar con capacidades de actualizacion del firmware del controlador.
18 |
19 | Siempre existe la posibilidad de que se encuentren errores o vulnerabilidades de seguridad en el firmware del controlador de un dispositivo. El único mecanismo que se puede utilizar para solucionar estos errores y vulnerabilidades de seguridad es mediante actualizaciones de firmware.
20 |
21 | Por las razones mencionadas anteriormente es fundamental incluir un mecanismo de actualización del firmware del controlador en un dispositivo. De lo contrario, si se encuentra un problema, será inviable sin tener que retirar todos los dispositivos en uso.
22 |
23 | ## Descripción del proceso
24 | El procedimiento consiste en verificar que existe un mecanismo de actualización para actualizar el firmware del controlador en el dispositivo en estudio.
25 |
26 | Cada fabricante puede optar por incluir diferentes mecanismos propietarios.
27 |
28 | Este control es satisfactorio cuando se verifique que el dispositivo admite actualizaciones de firmware de manera remota.
29 |
30 | ## Recursos relacionados
31 | Para verificar este control los siguientes recursos pueden ser útiles:
32 |
33 | {% include res_table.md resources='BSAM-RES-04,BSAM-RES-05' %}
34 |
--------------------------------------------------------------------------------
/03_controls/07_application/02_bt_stack_updates.en.md:
--------------------------------------------------------------------------------
1 | ---
2 | layout: control
3 | title: BSAM-AP-02
4 | summary: Bluetooth stack update
5 | description: Verify that your Bluetooth device supports Bluetooth stack updates to fix errors and vulnerabilities.
6 | parent: Application
7 | grand_parent: Controls
8 | nav_order: 2
9 | lang: en
10 | page_id: cont_app_02
11 | permalink: controls/bluetooth-stack-update/
12 | tags:
13 | - BR/EDR
14 | - BLE
15 | ---
16 | The bluetooth standard evolves and from time to time a new version becomes available, so the devices can include mechanisms to update this bluetooth standard by a bluetooth stack with new capabilities and wich fixes security issues.
17 |
18 | There is always a possibility that either bugs or security flaws will be found in a device's Bluetooth stack during the lifespan of the device. The only mechanism that can be used to solve those bugs and security flaws is via Bluetooth stack (a part of device's firmware) updates.
19 |
20 | For the above reasons, it is fundamental to include a Bluetooth stack update or a full firmware update mechanism in a device, otherwise if a problem is found, it will be impossible to fix it without recalling all the devices in use.
21 |
22 |
23 | ## Description
24 |
25 | The procedure consists on verifying that there is in place any update mechanism to update Bluetooth stack software in the device under study.
26 |
27 | Each manufacturer may choose to include different proprietary mechanisms.
28 |
29 | This control is considered satisfactory when it is verified that the device supports remote Bluetooth stack updates.
30 |
31 | ## Related resources
32 |
33 | To check this control, the following resources may be useful:
34 |
35 | {% include res_table.md resources='BSAM-RES-04,BSAM-RES-05' %}
36 |
--------------------------------------------------------------------------------
/03_controls/07_application/02_bt_stack_updates.es.md:
--------------------------------------------------------------------------------
1 | ---
2 | layout: control
3 | title: BSAM-AP-02
4 | summary: Actualización del stack de Bluetooth
5 | description: Comprueba que tu dispositivo Bluetooth admite actualizaciones de la pila Bluetooth para corregir errores y vulnerabilidades.
6 | parent: Aplicación
7 | grand_parent: Controles
8 | nav_order: 2
9 | lang: es
10 | page_id: cont_app_02
11 | permalink: controles/actualizacion-stack-bluetooth/
12 | tags:
13 | - BR/EDR
14 | - BLE
15 | ---
16 |
17 | El estándar de bluetooth evoluciona y cada cierto tiempo aparece una nueva versión disponible por lo que los dispositivos puede contar con mecanismos de actualización de este estándar de bluetooth por una pila de bluetooth con nuevas capacidades y que arregle problemas de seguridad.
18 |
19 | Durante la vida útil de un dispositivo que utiliza tecnología Bluetooth es posible que se encuentren errores o vulnerabilidades de seguridad en la pila Bluetooth. El único mecanismo que se puede utilizar para solucionar estas vulnerabilidas de seguridad es mediante actualizaciones de pila de Bluetooth (una parte del firmware del dispositivo).
20 |
21 | Por las razones mencionadas anteriormente es fundamental incluir un mecanismo de actualización de la pila de Bluetooth o del firmware que incluye esta en un dispositivo. De lo contrario, si se encuentra un problema, será inviable solucionarlo sin tener que retirar todos los dispositivos en uso.
22 |
23 | ## Descripción del proceso
24 |
25 | El procedimiento consiste en verificar que existe un mecanismo de actualización para actualizar la pila de Bluetooth del controlador en el dispositivo en estudio.
26 |
27 | Cada fabricante puede optar por incluir diferentes mecanismos propietarios.
28 |
29 | Este control es satisfactorio cuando se verifique que el dispositivo admite actualizaciones de la pila de bluetooth de manera remota.
30 |
31 | ## Recursos relacionados
32 | Para verificar este control los siguientes recursos pueden ser útiles:
33 |
34 | {% include res_table.md resources='BSAM-RES-04,BSAM-RES-05' %}
--------------------------------------------------------------------------------
/03_controls/07_application/03_bt_app_updates.en.md:
--------------------------------------------------------------------------------
1 | ---
2 | layout: control
3 | title: BSAM-AP-03
4 | summary: Application software update
5 | description: Check that your Bluetooth device has a mechanism to update the application software. This is important to fix bugs and security vulnerabilities that may be found
6 | parent: Application
7 | grand_parent: Controls
8 | nav_order: 3
9 | lang: en
10 | page_id: cont_app_03
11 | permalink: controls/bluetooth-software-update/
12 | tags:
13 | - BR/EDR
14 | - BLE
15 | ---
16 |
17 | Devices with Bluetooth capabilities require tools and applications that make use of these communications. If new functionalities are to be added or problems corrected, these devices must have an update mechanism.
18 |
19 | There is always a possibility that either bugs or security flaws will be found in a device's application software during thea device's lifespan. These applications can refer to applications on devices like smartphones, but they can also include applications that consume Bluetooth resources on not so powerful embedded systems, such as applications developed on open hardware and software platforms. The only mechanism that can be used to solve those bugs and security flaws is via software updates.
20 |
21 | For the above reasons, it is fundamental to include an application software update mechanism that consumes Bluetooth controller resources on a device, otherwise if a problem is found, it will be impossible to fix it without recalling all the devices in use.
22 |
23 |
24 | ## Description
25 |
26 | The procedure consists on verifying that there is in place any update mechanism to update application software in the device under study.
27 |
28 | Each manufacturer may choose to include different proprietary mechanisms.
29 |
30 | This control is considered satisfactory when it is verified that the device supports remote software updates.
31 |
32 | ## Related resources
33 |
34 | To check this control, the following resources may be useful:
35 |
36 | {% include res_table.md resources='BSAM-RES-04,BSAM-RES-05' %}
37 |
--------------------------------------------------------------------------------
/03_controls/07_application/03_bt_app_updates.es.md:
--------------------------------------------------------------------------------
1 | ---
2 | layout: control
3 | title: BSAM-AP-03
4 | summary: Actualización de la aplicación
5 | description: Comprueba que tu dispositivo Bluetooth tiene un mecanismo para actualizar el software de la aplicación. Es importante para corregir errores y vulnerabilidades de seguridad que se puedan encontrar
6 | parent: Aplicación
7 | grand_parent: Controles
8 | nav_order: 3
9 | lang: es
10 | page_id: cont_app_03
11 | permalink: controles/actualizacion-software-bluetooth/
12 | tags:
13 | - BR/EDR
14 | - BLE
15 | ---
16 |
17 | Los dispositivos con capacidades Bluetooth requieren de herramientas y aplicaciones que hagan uso de estas comunicaciones, si se quiere dotar de nuevas funcionalidades o corregir problemas, estos dispositivos han de contar con un mecanismo de actualización.
18 |
19 | En la vida útil de un dispositivo existe la posibilidd de que se encuentren errores o vulnerabilidades de seguridad en las aplicaciones software. Estas aplicaciones pueden ser entendidas como aplicaciones en dispositivos como los smartphones pero también aplicaciones que consumen los recursos Bluetooth en sistemas embedidos menos potentes como las aplicaciones realizadas en plataformas de hardware y software libre. El único mecanismo que se puede utilizar para solucionar estos errores y vulnerabilidades de seguridad es mediante actualizaciones de las aplicaciones software.
20 |
21 | Por las razones mencionadas anteriormente es fundamental incluir un mecanismo de actualización del software que consume los recursos del controlador Bluetooth en un dispositivo. De lo contrario, si se encuentra un problema, será inviable solucionarlo sin tener que retirar todos los dispositivos en uso.
22 |
23 | ## Descripción del proceso
24 |
25 | El procedimiento consiste en verificar que existe un mecanismo de actualización para actualizar el software del controlador en el dispositivo en estudio.
26 |
27 | Cada fabricante puede optar por incluir diferentes mecanismos propietarios.
28 |
29 | Este control es satisfactorio cuando se verifique que el dispositivo admite actualizaciones del software de manera remota.
30 |
31 | ## Recursos relacionados
32 | Para verificar este control los siguientes recursos pueden ser útiles:
33 |
34 | {% include res_table.md resources='BSAM-RES-04,BSAM-RES-05' %}
--------------------------------------------------------------------------------
/03_controls/07_application/04_signed_updates.en.md:
--------------------------------------------------------------------------------
1 | ---
2 | layout: control
3 | title: BSAM-AP-04
4 | summary: Digitally signed updates
5 | description: Digitally signed updates - Verify if updates are digitally signed to prevent malicious software
6 | parent: Application
7 | grand_parent: Controls
8 | nav_order: 4
9 | lang: en
10 | page_id: cont_app_04
11 | permalink: controls/digital-signature-bluetooth-updates/
12 | tags:
13 | - BR/EDR
14 | - BLE
15 | ---
16 |
17 |
18 | For each of the available update mechanisms in a device, a check to verify if updates are digitally signed is needed.
19 |
20 | If a device uses and accepts non-signed updates or software, then, it is possible to craft custom software pieces, firmwares and applications that may access data or perform malicious actions by using the device in ways non-intended by the manufacturer and user.
21 |
22 |
23 | ## Description
24 |
25 | In order to check wether updates are digitally signed, multiple techniques may be used:
26 | * Source code review.
27 | * Sligtly modifying random bytes of a valid update file and trying to use the modifyed software. Beware that this may result in a bricked device if the software is finnaly installed.
28 |
29 | This control is considered satisfactory when it is verified that the device does not remotely accept minimally modified updates.
--------------------------------------------------------------------------------
/03_controls/07_application/04_signed_updates.es.md:
--------------------------------------------------------------------------------
1 | ---
2 | layout: control
3 | title: BSAM-AP-04
4 | summary: Firma digital de actualizaciones
5 | description: Actualizaciones firmadas digitalmente - Verifica si las actualizaciones están firmadas digitalmente para evitar software malicioso
6 | parent: Aplicación
7 | grand_parent: Controles
8 | nav_order: 4
9 | lang: es
10 | page_id: cont_app_04
11 | permalink: controles/firma-digital-actualizaciones-bluetooth/
12 | tags:
13 | - BR/EDR
14 | - BLE
15 | ---
16 |
17 | Para cada uno de los mecanismos de actualización disponibles en un dispositivo es necesario realizar una verificación para asegurar que estén firmadas digitalmente las actualizaciones.
18 |
19 | Si un dispositivo utiliza y acepta actualizaciones o software no firmados, entonces es posible crear piezas de software personalizadas, firmware y aplicaciones que puedan acceder a datos o realizar acciones maliciosas al utilizar el dispositivo de maneras no previstas por el fabricante y el usuario.
20 |
21 | ## Descripción del proceso
22 |
23 | Para verificar si las actualizaciones están firmadas digitalmente, se pueden utilizar múltiples técnicas:
24 |
25 | * Revisión del código fuente.
26 | * Modificar ligeramente bytes aleatorios de un archivo de actualización válido y tratar de usar el software modificado. Tenga en cuenta que esto puede resultar en un dispositivo inutilizable si finalmente se instala el software modificado.
27 |
28 | Este control es satisfactorio cuando se verifique que el dispositivo no admite de manera remota actualizaciones minimamente modificadas.
--------------------------------------------------------------------------------
/03_controls/07_application/05_replay_attacks.en.md:
--------------------------------------------------------------------------------
1 | ---
2 | layout: control
3 | title: BSAM-AP-05
4 | summary: Replay attacks
5 | description: Check if your device is vulnerable to replay attacks. This is important to prevent valid packets from being reused to perform unauthorized actions
6 | parent: Application
7 | grand_parent: Controls
8 | nav_order: 5
9 | lang: en
10 | page_id: cont_app_05
11 | permalink: controls/bluetooth-replay-attacks/
12 | tags:
13 | - BR/EDR
14 | - BLE
15 | ---
16 |
17 | In a replay attack (or relay attack) an attacker intercepts and retransmits a valid message. This attack exploits the possibility that a legitimate message can be intercepted and forwarded by an attacker without being detected because there is no mechanism to validate and prevent sending the same message multiple times.
18 |
19 | If an application requires custom security methods and decides to use cryptography for a particular service, application layer security methods must be adecuate to prevent replay attacks.
20 |
21 | Not complying with this control may mean that, despite of the efforts of using application level security measures, theese can be bypassed.
22 |
23 |
24 | ## Description
25 |
26 | The procedure consists on capturing a valid packet or transaction of a service with custom security measures in place and sending it back to check wether it performs the desired actions or if the packet is ignored.
27 |
28 | This control is considered satisfactory when it is verified that the device does not remotely accept the same update packet twice.
29 |
30 | ## Related resources
31 |
32 | To check this control, the following resources may be useful:
33 |
34 | {% include res_table.md resources='BSAM-RES-04,BSAM-RES-05' %}
35 |
--------------------------------------------------------------------------------
/03_controls/07_application/05_replay_attacks.es.md:
--------------------------------------------------------------------------------
1 | ---
2 | layout: control
3 | title: BSAM-AP-05
4 | summary: Ataques de repetición (Replay)
5 | description: Comprueba si tu dispositivo es vulnerable a ataques de repetición. Es importante para evitar que se puedan reutilizar paquetes válidos para realizar acciones no autorizadas.
6 | parent: Aplicación
7 | grand_parent: Controles
8 | nav_order: 5
9 | lang: es
10 | page_id: cont_app_05
11 | permalink: controles/ataques-repeticion-bluetooth/
12 | tags:
13 | - BR/EDR
14 | - BLE
15 | ---
16 |
17 | En un ataque de repetición (o ataque de retransmisión) un atacante intercepta y retransmite un mensaje válido. Este ataque explota la posibilidad de que un mensaje legítimo pueda ser interceptado y reenviado por un atacante sin ser detectado que no existe ningún mecanismo que valide y evite enviar el mismo mensaje en múltiples ocasiones.
18 |
19 | Si una aplicación requiere métodos de seguridad personalizados y decide utilizar la criptografía para un servicio en particular, los métodos de seguridad a nivel de la capa de aplicación deben ser adecuados para evitar ataques de repetición.
20 |
21 | No cumplir con este control puede significar que, a pesar de los esfuerzos por utilizar medidas de seguridad a nivel de aplicación, estas pueden eludirse.
22 |
23 |
24 | ## Descripción del proceso
25 |
26 | El procedimiento consiste en capturar un paquete o transacción válida de un servicio con medidas de seguridad personalizadas y enviarlo de vuelta para comprobar si realiza las acciones deseadas o si el paquete se ignora.
27 |
28 | Este control se considera satisfactorio cuando se verifica que el dispositivo no acepta de forma remota el mismo paquete de actualización por segunda vez.
29 |
30 | ## Recursos relacionados
31 |
32 | Para verificar este control, los siguientes recursos pueden ser útiles:
33 |
34 | {% include res_table.md resources='BSAM-RES-04,BSAM-RES-05' %}
--------------------------------------------------------------------------------
/03_controls/07_application/06_packet_injection.en.md:
--------------------------------------------------------------------------------
1 | ---
2 | layout: control
3 | title: BSAM-AP-06
4 | summary: Packet forging/injection attacks
5 | description: Apply secure encryption methods in the Bluetooth application to prevent spoofing and packet injection attacks.
6 | parent: Application
7 | grand_parent: Controls
8 | nav_order: 6
9 | lang: en
10 | page_id: cont_app_06
11 | permalink: controls/bluetooth-packet-injection/
12 | tags:
13 | - BR/EDR
14 | - BLE
15 | ---
16 |
17 | A packet injection attack is the deliberate sending of altered or crafted data packets for the purpose of manipulating or disrupting the normal operations of your connected devices. This is possible when there is no verification that the packet is correctly formatted or sent by a legitimate device.
18 |
19 | If an application requires custom security methods and decides to use cryptography for a particular service, application layer security methods must be adecuate to prevent packet forging and injection attacks.
20 |
21 | Not complying with this control may mean that, despite of the efforts of using application level security measures, theese can be bypassed.
22 |
23 |
24 | ## Description
25 |
26 | The procedure consists on studying and analyzing if the selected encryption methods are secure against packet forging and packet injection attacks.
27 |
28 | This control is considered satisfactory when it is verified that the mechanism for generating a valid packet is not so trivial that it allows the creation of new packets without knowledge of the encryption key for the packet.
29 |
30 | ## Related resources
31 |
32 | To check this control, the following resources may be useful:
33 |
34 | {% include res_table.md resources='BSAM-RES-04,BSAM-RES-05' %}
35 |
36 | ## Example case
37 |
38 | During an audit, a device with custom application layer encryption is found. Particularly, an user is able to set a secret password in the device that cyphers the traffic at application layer.
39 |
40 | Data packets exchanged with the device include a PDU that contains a _sequence_ number to avoid replay attacks, as in {% include ctl_link.md ctl='BSAM-AP-05' %}. This number gets incremented each time a packet is sent and it is checked that the new number is greater than the latest record in the device. The PDU also contains a CRC32 field to verify the integrity of the packet.
41 |
42 | Packets are encrypted using an stream cypher. This means that a pseudo-random stream is generated and xored to the original packet.
43 |
44 | In this scenario, an attacker can captura an encrypted message _c_ for a an unknown plaintext _m_. The attacker can compute an encrypted message _c'_ = _c_ ⊕ (Δ, CRC(Δ)) that will correctly decrypt to a message _m'_ = _m_ ⊕ Δ . If the attacker uses the Δ changes to modify the _sequence_ number part of the message, it is able to reinject packets back to the device without knowing its contents.
45 |
--------------------------------------------------------------------------------
/03_controls/07_application/06_packet_injection.es.md:
--------------------------------------------------------------------------------
1 | ---
2 | layout: control
3 | title: BSAM-AP-06
4 | summary: Ataques de inyección de paquetes Bluetooth
5 | description: Aplica métodos de cifrado seguros en la aplicación Bluetooth para prevenir ataques de suplantación e inyección de paquetes.
6 | parent: Aplicación
7 | grand_parent: Controles
8 | nav_order: 6
9 | lang: es
10 | page_id: cont_app_06
11 | permalink: controles/inyeccion-paquetes-bluetooth/
12 | tags:
13 | - BR/EDR
14 | - BLE
15 | ---
16 |
17 | Un ataque de inyección de paquetes consiste en el envío deliberado de paquetes de datos alterados o fabricados con el objetivo de manipular o perturbar las operaciones normales de sus dispositivos conectados. Esto es posible cuando no hay ningún tipo de comprobación de que el paquete tiene un formato correcto o es enviado por un dispositivo legítimo.
18 |
19 | Si una aplicación requiere métodos de seguridad personalizados y decide utilizar la criptografía para un servicio en particular, los métodos de seguridad a nivel de la capa de aplicación deben ser adecuados para prevenir ataques de suplantación e inyección de paquetes.
20 |
21 | No cumplir con este control puede significar que, a pesar de los esfuerzos por utilizar medidas de seguridad a nivel de aplicación, estos puedan eludirse.
22 |
23 |
24 | ## Descripción del proceso
25 |
26 | El procedimiento consiste en estudiar y analizar si los métodos de cifrado seleccionados son seguros contra ataques de suplantación e inyección de paquetes.
27 |
28 | Este control se considera satisfactorio cuando se verifica que el mecanismo de generación de un paquete válido no es tan trivial que permita elaborar nuevos paquetes sin conocer la clave de cifrado del paquete.
29 |
30 |
31 | ## Recursos relacionados
32 |
33 | Para verificar este control, los siguientes recursos pueden ser útiles:
34 |
35 | {% include res_table.md resources='BSAM-RES-04,BSAM-RES-05' %}
36 |
37 | ## Caso de ejemplo
38 |
39 | Durante una auditoría se encuentra un dispositivo con cifrado personalizado a nivel de aplicación. En particular, un usuario puede establecer una contraseña secreta en el dispositivo que cifra el tráfico a nivel de aplicación.
40 |
41 | Los paquetes de datos intercambiados con el dispositivo incluyen una PDU que contiene un número de _secuencia_ para evitar ataques de repetición, como se describe en {% include ctl_link.md ctl='BSAM-AP-05' %}. Este número se incrementa cada vez que se envía un paquete y se verifica que el nuevo número sea mayor que el último registro en el dispositivo. La PDU también contiene un campo CRC32 para verificar la integridad del paquete.
42 |
43 | Los paquetes están cifrados usando un cifrado de flujo. Esto significa que se genera un flujo pseudoaleatorio y se realiza una operación XOR con el paquete original.
44 |
45 | En este escenario, un atacante puede capturar un mensaje cifrado c para un texto plano desconocido _m_. El atacante puede calcular un mensaje cifrado _c'_ = _c_ ⊕ (Δ, CRC(Δ)) que se descifrará correctamente en un mensaje _m'_ = _m_ ⊕ Δ . Si el atacante utiliza los cambios Δ para modificar la parte del número de _secuencia_ del mensaje, puede reinyectar paquetes en el dispositivo sin conocer su contenido.
46 |
--------------------------------------------------------------------------------
/03_controls/07_application/07_secure_implementations.en.md:
--------------------------------------------------------------------------------
1 | ---
2 | layout: control
3 | title: BSAM-AP-07
4 | summary: Secure services
5 | description: Check that the applications using Bluetooth on your device are implemented securely. This is important to prevent a malformed message from causing any vulnerabilities
6 | parent: Application
7 | grand_parent: Controls
8 | nav_order: 7
9 | lang: en
10 | page_id: cont_app_07
11 | permalink: controls/secure-bluetooth-services/
12 | tags:
13 | - BR/EDR
14 | - BLE
15 | ---
16 |
17 | Applications use Bluetooth services to transmit information among paired devices.
18 |
19 | Data should always be treated as untrusted, so these applications must implement the necessary controls to validate that both input and output data are appropriate.
20 |
21 | ## Description
22 |
23 | To verify that Bluetooth services used by applications are implemented securely, the following recommendations can be employed:
24 | * Source Code Review: Provides a comprehensive view of the implementation and allows validation of whether it's a secure implementation.
25 | * Fuzzing: Allows for the creation of data flows that are not as expected by the application, and in the event of validation issues in their content, it can reveal faults in a device.
26 | * Reverse Engineering: If the source code is not available, reverse engineering can be used to evaluate the mechanisms handling data for implementation issues.
27 |
28 | The ultimate goal of this control is to ensure that in the face of random data inputs, the application can maintain its integrity and functionality.
--------------------------------------------------------------------------------
/03_controls/07_application/07_secure_implementations.es.md:
--------------------------------------------------------------------------------
1 | ---
2 | layout: control
3 | title: BSAM-AP-07
4 | summary: Aplicaciones seguras
5 | description: Comprueba que las apliacaciones que utilizan Bluetooth en tu dispositivo están implementados de forma segura. Es importante para evitar que un mensaje malformado pueda causar una vulnerabilidad
6 | parent: Aplicación
7 | grand_parent: Controles
8 | nav_order: 7
9 | lang: es
10 | page_id: cont_app_07
11 | permalink: controles/aplicaciones-bluetooth-seguras/
12 | tags:
13 | - BR/EDR
14 | - BLE
15 | ---
16 |
17 | Las aplicaciones utilizan los servicios Bluetooth para transmitir información entre los dispositivos emparejados.
18 |
19 | Siempre se han de tratar los datos como no confiables, por lo que estas aplicaciones han de implementar los controles necesarios para validar que los datos de entrada y salida son adecuados.
20 |
21 | ## Descripción del proceso
22 |
23 | Para comprobar que los servicios bluetooth utilizados por las aplicaciones estan implementados de manera segura se pueden utilizar las siguientes recomendaciones:
24 |
25 | * Revisión del código fuente: Proporciona una visión completa de la implementación y permite validar si se trata de una implementación segura.
26 | * Fuzzing: Permite crear fujos de datos que no son los esperados por la aplicacion y ante problemas de validacion en su contenido puede evidenciar fallos en un dispositivo.
27 | * Ingeniería inversa: En caso de no disponer del codigo fuente, mediante ingenieria inversa se podra evaluar los mecanismos que tratan los datos en busca de problemas de implementacion.
28 |
29 | El objetivo final de este control es asegurar que ante entradas de datos aleatorios, la aplicacion es capaz de mantener su integridad y el funcionamiento.
--------------------------------------------------------------------------------
/04_resources/00_index.en.md:
--------------------------------------------------------------------------------
1 | ---
2 | layout: default
3 | title: Resources
4 | summary: Bluetooth testing resources
5 | description: Collection of resources and tools for conducting Bluetooth security testing according to the BSAM methodology
6 | nav_order: 4
7 | has_children: true
8 | lang: en
9 | page_id: BSAM_resources
10 | permalink: resources/
11 | ---
12 |
13 | # BSAM methodology resources
14 |
15 | In this section, resources and tools are listed that enable the execution or evaluation of the Bluetooth security controls from previous sections.
--------------------------------------------------------------------------------
/04_resources/00_index.es.md:
--------------------------------------------------------------------------------
1 | ---
2 | layout: default
3 | title: Recursos
4 | summary: Recursos para pruebas Bluetooth
5 | description: Recopilación de recursos y herramientas para la realización de pruebas de seguridad Bluetooth según la metodología BSAM
6 | nav_order: 4
7 | has_children: true
8 | lang: es
9 | page_id: BSAM_resources
10 | permalink: recursos/
11 | ---
12 |
13 | # Recursos de la metodología BSAM
14 |
15 | En este apartado se listan recursos y herramientas que permiten la ejecución o la evaluación de los controles de seguridad Bluetooth de las secciones anteriores.
16 |
--------------------------------------------------------------------------------
/04_resources/01_physical_identification.en.md:
--------------------------------------------------------------------------------
1 | ---
2 | layout: default
3 | title: BSAM-RES-01
4 | summary: Physical identification of the controller
5 | description: Identify the Bluetooth controller of your device by disassembling it or searching for information about it online.
6 | parent: Resources
7 | nav_order: 0
8 | lang: en
9 | page_id: BSAM_resources_01
10 | permalink: resources/identify-bluetooth-controller-physically/
11 | ---
12 |
13 | # {{ page.summary }}
14 |
15 | It is sometimes possible to identify the Bluetooth controller of a device by disassembling the device and analyzing the printed circuit boards of the device.
16 |
17 | To identify the Bluetooth controller several strategies can be used.
18 |
19 | One possible strategy is to try to locate discrete antennas or antennas on the PCB itself. Bluetooth chips and/or other communication chips will be physically close to these antennas. An example of this can be identified in the following image where a PCB antenna can be recognized on the left of the picture (snaking copper track only connected at one end). If we follow the track, after passing through some very small components it ends up connected to a chip marked `CSR BC417`, a Bluetooth controller.
20 |
21 | 
22 |
23 | Another alternative could be to search for the silkscreen of all the chips present on a PCB in search engines or on the website of the different chip manufacturers found.
24 |
25 | This search is also useful to verify that our candidate found by the first strategy really is a Bluetooth driver.
26 |
27 | ## Recommendations
28 |
29 | - It is advisable to photograph or record the disassembly process. If you have any doubts about the assembly process, you can consult the video of the disassembly.
30 |
31 | - It is interesting to take detailed photographs of all the printed circuit boards and chips contained in the device. These images can be used for further analysis or for later documentation in the report.
32 |
--------------------------------------------------------------------------------
/04_resources/01_physical_identification.es.md:
--------------------------------------------------------------------------------
1 | ---
2 | layout: default
3 | title: BSAM-RES-01
4 | summary: Identificación física del controlador
5 | description: Identifica el controlador Bluetooth de tu dispositivo desmontándolo o buscando información sobre él en línea.
6 | parent: Recursos
7 | nav_order: 0
8 | lang: es
9 | page_id: BSAM_resources_01
10 | permalink: recursos/identificar-controlador-bluetooth-fisicamente/
11 | ---
12 |
13 | # {{ page.summary }}
14 |
15 | En ocasiones, es posible identificar el controlador de Bluetooth de un dispositivo desmontando el dispositivo y analizando las placas de circuitos impresos del mismo.
16 |
17 | Para identificar el controlador de Bluetooth se pueden seguir diversas estrategias.
18 |
19 | Una posible estrategia es tratar de localizar antenas externas o en la propia PCB. Los chips Bluetooth y, posiblemente otros chips de comunicación se encontrarán físicamente cerca de estas antenas. Un ejemplo de esto se puede identificar en la siguiente imagen donde se reconoce una antena PCB a la izquierda de la foto (pista de cobre serpenteante solo conectada en un extremo). Siguiendo la pista, tras pasar por algunos componentes de tamaño muy reducido acaba conectada a un chip marcado como `CSR BC417`, un controlador Bluetooth.
20 |
21 | 
22 |
23 | Otra alternativa es la búsqueda de la serigrafía de todos los chips presentes en una placa de circuito impreso en motores de búsqueda o en la web de los distintos fabricantes de chips encontrados.
24 |
25 | Esta búsqueda también es útil para verificar que el chip candidato, encontrado mediante la primera estrategia, realmente se trata de un controlador Bluetooth.
26 |
27 | ## Recomendaciones
28 |
29 | - Es recomendable fotografiar o grabar en video el proceso de desmontaje. En caso de duda en el proceso de montaje se puede consultar el video del desmontaje.
30 |
31 | - Es interesante realizar fotografías detalle de todas las placas de circuitos impresos y de los chips que contiene el dispositivo. Estas imágenes pueden ser utilizadas para otros análisis o para posterior documentación en el informe.
32 |
--------------------------------------------------------------------------------
/04_resources/02_report_controller_identification.en.md:
--------------------------------------------------------------------------------
1 | ---
2 | layout: default
3 | title: BSAM-RES-02
4 | summary: Identify controller through reports
5 | description: Identify the Bluetooth controller of your device by searching for radio certification reports
6 | parent: Resources
7 | nav_order: 1
8 | lang: en
9 | page_id: BSAM_resources_02
10 | permalink: resources/identify-controller-reports/
11 | ---
12 |
13 | # {{ page.summary }}
14 |
15 | In order to be marketed in different countries, devices with wireless communications have to pass certification processes to ensure that they do not interfere with other devices.
16 |
17 | Since Bluetooth is a wireless technology, if the device has already been certified, it is sometimes possible to obtain the certification reports. These reports may contain very relevant information for our analysis such as pictures of the printed circuit boards, transmitting and receiving power metrics, Bluetooth driver models...
18 |
19 | In some cases, this search may require the use of search engines or the study of the web pages of the main regulatory agencies but in other cases, the certification itself requires the device to be marked with a unique identifier.
20 |
21 | An example of the latter would be the 'FCC ID', a visible identifier that has to be marked on devices certified by the 'FCC'. On a device tested, the text `FCC ID: A3LSMR177R` is found. After a search, the device report is found at . In the report for this FCC identifier we can find pictures and even the Bluetooth driver of the device.
22 |
23 | 
24 |
25 | ## Telecommunications regulatory agencies
26 | Some of the telecommunications regulatory agencies that may contain reports on wireless communications devices are listed in the table below:
27 |
28 | | Name | URL |
29 | |:------------|:--------------------------------|
30 | | UKCA | |
31 | | FCC | |
32 | | ISED | |
33 | | TELEC | |
34 | | ACMA | |
35 | | KCC | |
36 | | Vietnam MIC | |
37 | | Taiwan BSMI | |
38 | | CTIA | |
39 |
--------------------------------------------------------------------------------
/04_resources/02_report_controller_identification.es.md:
--------------------------------------------------------------------------------
1 | ---
2 | layout: default
3 | title: BSAM-RES-02
4 | summary: Identificación del controlador mediante informes
5 | description: Identifica el controlador Bluetooth de tu dispositivo buscando los informes de certificación de radio.
6 | parent: Recursos
7 | nav_order: 1
8 | lang: es
9 | page_id: BSAM_resources_02
10 | permalink: recursos/identificar-controlador-informes/
11 | ---
12 |
13 | # {{ page.summary }}
14 |
15 | Para poder ser comercializados en distintos países, los dispositivos con comunicaciones inalámbricas han de pasar procesos de certificación para asegurar que no producen interferencias en otros dispositivos.
16 |
17 | Dado que Bluetooth es una tecnología inalámbrica, si el dispositivo ya ha sido certificado, en ocasiones es posible obtener los informes de certificación. Estos informes pueden contener información muy relevante para nuestro análisis como fotos de las placas de circuito impreso, métricas de potencia de emisión y recepción, modelos de controlador Bluetooth...
18 |
19 | En algunos casos esta búsqueda puede requerir el uso de motores de búsqueda o el estudio de las páginas web de las principales agencias reguladoras, aunque en otros casos, la propia certificación requiere que el dispositivo sea marcado con un identificador único.
20 |
21 | Un ejemplo de esto último sería el `FCC ID`, un identificador visible que ha de ser marcado en dispositivos certificados por la `FCC`. En un dispositivo analizado, se encuentra el texto `FCC ID: A3LSMR177R`. Tras una búsqueda se encuentra el reporte del dispositivo en [https://fcc.report/FCC-ID/A3LSMR177R](https://fcc.report/FCC-ID/A3LSMR177R). En el informe correspondiente a este identificador FCC podemos encontrar fotografías e incluso el controlador Bluetooth del dispositivo.
22 |
23 | 
24 |
25 | ## Agencias reguladoras de las telecomunicaciones
26 | Algunas de las agencias reguladoras de las telecomunicaciones que pueden contener informes sobre dispositivos con comunicaciones inalámbricas se listan en la tabla a continuación:
27 |
28 | | Nombre | URL |
29 | |:------------|:--------------------------------|
30 | | UKCA | |
31 | | FCC | |
32 | | ISED | |
33 | | TELEC | |
34 | | ACMA | |
35 | | KCC | |
36 | | Vietnam MIC | |
37 | | Taiwan BSMI | |
38 | | CTIA | |
39 |
--------------------------------------------------------------------------------
/04_resources/03_database_search.en.md:
--------------------------------------------------------------------------------
1 | ---
2 | layout: default
3 | title: BSAM-RES-03
4 | summary: Vulnerability database search
5 | description: Search for information about the vulnerabilities of your Bluetooth device in specialized databases and general search engines
6 | parent: Resources
7 | nav_order: 2
8 | lang: en
9 | page_id: BSAM_resources_03
10 | permalink: resources/bluetooth-vulnerability-database-search/
11 | ---
12 |
13 | # {{ page.summary }}
14 |
15 | Vulnerability enumeration can generally be done by searching vulnerability databases or general purpose search engines such as Google.
16 |
17 | ## Vulnerability databases
18 | Some of the most common vulnerability databases are listed below:
19 |
20 | | Name | URL |
21 | |:--------------|:------------------------------|
22 | | Exploit DB | |
23 | | VulnDB | |
24 | | NIST NVD | |
25 | | MITRE CVE | |
26 |
27 | It is important to conduct multiple searches with different keywords and to complement these searches in specialized databases with searches in more generic engines.
28 |
--------------------------------------------------------------------------------
/04_resources/03_database_search.es.md:
--------------------------------------------------------------------------------
1 | ---
2 | layout: default
3 | title: BSAM-RES-03
4 | summary: Búsqueda en bases de datos de vulnerabilidades
5 | description: Busca información sobre las vulnerabilidades de tu dispositivo Bluetooth en bases de datos especializadas y motores de búsqueda generales
6 | parent: Recursos
7 | nav_order: 2
8 | lang: es
9 | page_id: BSAM_resources_03
10 | permalink: recursos/buscar-base-datos-vulnerabilidades-bluetooth/
11 | ---
12 |
13 | # {{ page.summary }}
14 |
15 | La enumeración de vulnerabilidades generalmente puede realizarse con búsquedas en bases de datos de vulnerabilidades o en motores de búsqueda de propósito general como Google.
16 |
17 | ## Bases de datos de vulnerabilidades
18 | A continuación, se enumeran algunas de las bases de datos de vulnerabilidades más comunes:
19 |
20 | | Nombre | URL |
21 | |:--------------|:------------------------------|
22 | | Exploit DB | |
23 | | VulnDB | |
24 | | NIST NVD | |
25 | | MITRE CVE | |
26 |
27 | Es importante realizar múltiples búsquedas con distintas palabras claves y complementar estas búsquedas en bases de datos especializadas con búsquedas en motores más genéricos.
28 |
--------------------------------------------------------------------------------
/04_resources/06_controller_debug_mode.en.md:
--------------------------------------------------------------------------------
1 | ---
2 | layout: default
3 | title: BSAM-RES-06
4 | summary: Enabling debug mode on a Bluetooth controller
5 | description: Enable debug mode on a Bluetooth controller to capture data packets and other valuable information
6 | parent: Resources
7 | nav_order: 5
8 | lang: en
9 | page_id: BSAM_resources_06
10 | permalink: resources/enable-bluetooth-debug-mode/
11 | ---
12 |
13 | # {{ page.summary }}
14 |
15 | {: .note }
16 | > This resource relies on unofficial or undocumented functionalities. There is no known maintenance of these tools so it is not possible to ensure that they may work correctly in all scenarios.
17 |
18 | Some manufacturers seem to include undocumented debug or diagnostic modes in their devices.
19 |
20 | These diagnostic modes are not standardised but enable functionalities not available in common modes of operation. Examples of such functionalities are the ability to display all sent and received Link Layer packets.
21 |
22 | Some known procedures for enabling these debug modes are listed below.
23 |
24 |
25 | ## Broadcom/Cypress
26 |
27 | | Supported Devices |
28 | |:--------------------------|
29 | | Cypress CYW20735B1 |
30 | | Cypress CYW20819A |
31 |
32 | This procedure is only documented on Linux. All the devices listed above expose a UART interface when connected to a machine. To be recognised as Bluetooth devices, it is necessary to run the `btattach` process to flag them as bluetooth capable. This may be done using the [Bluetooth Attach Service](https://github.com/TarlogicSecurity/Bluetooth-Attach-Service) tools.
33 |
34 | When running the `btattach` process, some devices expose a special interface via debugfs. To enable diagnostic mode, write a `1` to the `vendor_diag` file for your device.
35 |
36 | ```
37 | echo 1 > /sys/kernel/debug/bluetooth/hciX/vendor_diag
38 | ```
39 |
40 | If our board does not expose the `vendor_diag` file, there is the possibility to enable diagnostic mode via a manufacturer-specific HCI command. This can be done with `hcitool`:
41 |
42 | ```bash
43 | hcitool cmd 0x3f 0xf0 0x01
44 | ```
45 |
--------------------------------------------------------------------------------
/04_resources/06_controller_debug_mode.es.md:
--------------------------------------------------------------------------------
1 | ---
2 | layout: default
3 | title: BSAM-RES-06
4 | summary: Modo depuración en controladores Bluetooth
5 | description: Habilita el modo de depuración en un controlador Bluetooth para capturar paquetes de datos y otra información valiosa.
6 | parent: Recursos
7 | nav_order: 5
8 | lang: es
9 | page_id: BSAM_resources_06
10 | permalink: recursos/habilitar-depuracion-bluetooth/
11 | ---
12 |
13 | # {{ page.summary }}
14 |
15 | {: .note }
16 | > Esta técnica se basa en funcionalidades no oficiales o no documentadas. No existe un mantenimiento conocido de estas herramientas por lo que no se puede asegurar que funcionen correctamente en todos los escenarios.
17 |
18 | Algunos fabricantes parecen incluir modos de depuración o diagnóstico no documentados en sus dispositivos.
19 |
20 | Estos modos de diagnóstico no están estandarizados pero habilitan funcionalidades no disponibles en modos de operación comunes. Ejemplos de estas funcionalidades son la capacidad para mostrar todos los paquetes de la capa "Link Layer" enviados y recibidos.
21 |
22 | A continuación se listan algunos procedimientos conocidos para habilitar estos modos de depuración.
23 |
24 | ## Broadcom/Cypress
25 |
26 | | Dispositivos compatibles |
27 | |:--------------------------|
28 | | Cypress CYW20735B1 |
29 | | Cypress CYW20819A |
30 |
31 | Este procedimiento solo está documentado en Linux. Todos los dispositivos listados anteriormente exponen una interfaz UART cuando se conectan a una máquina. Para ser reconocidos como dispositivos Bluetooth, es necesario ejecutar el proceso `btattach`. Esto se puede realizar usando las herramientas de [Bluetooth Attach Service](https://github.com/TarlogicSecurity/Bluetooth-Attach-Service).
32 |
33 | Cuando se ejecuta el proceso `btattach`, algunos dispositivos exponen una interfaz especial mediante debugfs. Para habilitar el modo diagnóstico se ha de escribir un `1` en el archivo `vendor_diag` correspondiente a nuestro dispositivo.
34 |
35 | ```
36 | echo 1 > /sys/kernel/debug/bluetooth/hciX/vendor_diag
37 | ```
38 |
39 | Si nuestra tarjeta no expone el archivo `vendor_diag`, existe la posibilidad de activar el modo de diagnóstico mediante un comando HCI específico del fabricante. Esto se puede hacer con `hcitool`:
40 |
41 | ```bash
42 | hcitool cmd 0x3f 0xf0 0x01
43 | ```
44 |
--------------------------------------------------------------------------------
/04_resources/08_device_discovery.en.md:
--------------------------------------------------------------------------------
1 | ---
2 | layout: default
3 | title: BSAM-RES-08
4 | summary: Device discovery
5 | description: Bluetooth device discovery is the process of finding Bluetooth devices within the communication range of another Bluetooth device
6 | parent: Resources
7 | nav_order: 7
8 | lang: en
9 | page_id: BSAM_resources_08
10 | permalink: resources/device-discovery/
11 | ---
12 |
13 | # Bluetooth device discovery
14 |
15 | Device discovery procedures are used to enumerate Bluetooth devices in the communication range of another Bluetooth device. It should be noted that these procedures are different depending on the variants of Bluetooth used.
16 |
17 |
18 | ## Bluetooth LE
19 |
20 | The discovery process in Bluetooth LE can be entirely passive. It consists of listening on the 3 announcement channels awaiting for announcement packets coming from other devices.
21 |
22 | It is possible that many tools send packets to complete the information received in the announcement packets. An example of a common data request could be a name request after discovering a device in an announcement packet that does not expose this data.
23 |
24 |
25 | ## Bluetooth BR/EDR
26 |
27 | In Bluetooth BR/EDR the discovery process is active. A discovery request has to be sent and devices respond to it. These discovery requests can request more or less data up to and including optional `RSSI` or manufacturer data.
28 |
29 | Many tools that perform Bluetooth BR/EDR discovery send name request requests to complete the discovery process.
30 |
31 | At a low level, initiating a discovery consists of notifying the driver that you want to perform an `Inquiry scan` and/or a `Page scan`. This is done using the `HCI Write Scan Enable Command` described in Bluetooth Core V5.3, Vol. 4, Part E, Section 7.3.18.
32 |
33 |
34 | ## Bluetooth discovery tools
35 |
36 | Virtually any device with support for Bluetooth communications has some tool that allows Bluetooth device discovery as it is a basic process to establish a connection. However, it is important to know that not all tools request the same information and follow the same procedure.
37 |
38 | In order to know which procedure is being used and to be able to extract as much information as possible, it is recommended to capture the discovery processes using the resource {% include res_link.md res='BSAM-RES-05' %}. This will allow further analysis with specialised tools showing all exchanged data and not only name and MAC as in many cases.
39 |
40 | Some of the following tools can be used to start the discovery processes:
41 |
42 | * Android Bluetooth settings screen
43 | * iOS Bluetooth settings screen
44 | * Windows Bluetooth settings screen
45 | * Bluetooth settings screen of any Linux distribution
46 | * bluetoothctl
47 | * Scapy
48 | * [Acrylic Bluetooth LE Analyzer](https://www.acrylicwifi.com/bluetooth-analyzer/)
49 |
50 |
51 | ## External references
52 |
53 | * Bluetooth Core V5.3, Vol. 4, Part E, Section 7.3.18 - Write Scan Enable command
54 |
--------------------------------------------------------------------------------
/04_resources/08_device_discovery.es.md:
--------------------------------------------------------------------------------
1 | ---
2 | layout: default
3 | title: BSAM-RES-08
4 | summary: Descubrimiento de dispositivos
5 | description: El descubrimiento de dispositivos Bluetooth es el proceso de encontrar dispositivos Bluetooth en el área de alcance de otro dispositivo Bluetooth
6 | parent: Recursos
7 | nav_order: 7
8 | lang: es
9 | page_id: BSAM_resources_08
10 | permalink: recursos/device-discovery/
11 | ---
12 |
13 | # Descubrimiento de dispositivos Bluetooth
14 |
15 | El descubrimiento de dispositivos se trata de procedimientos usados para enumerar dispositivos Bluetooth en el rango de comunicaciones de otro dispositivo Bluetooth. Cabe destacar que estos procedimientos son distintos en función de las variantes de Bluetooth usadas.
16 |
17 |
18 | ## Bluetooth LE
19 |
20 | El proceso de descubrimiento en Bluetooth LE puede ser totalmente pasivo. Consiste en escuchar en los 3 canales de anuncio a la espera de paquetes de anuncio que provienen de otros dispositivos.
21 |
22 | Es posible que muchas herramientas envíen paquetes para completar la información recibida en los paquetes de anuncio. Un ejemplo de solicitud de datos común es la solicitud de nombre tras descubrir un dispositivo en un paquete de anuncio que no expone este dato.
23 |
24 |
25 | ## Bluetooth BR/EDR
26 |
27 | En Bluetooth BR/EDR el proceso de descubrimiento es activo. Se ha de enviar una petición de descubrimiento a la que los dispositivos responden. Estas peticiones de descubrimiento pueden solicitar más o menos datos hasta incluir datos opcionales de `RSSI` o datos del fabricante.
28 |
29 | Muchas herramientas que realizan descubrimiento en Bluetooth BR/EDR envían peticiones de solicitud de nombre para completar el proceso de descubrimiento.
30 |
31 | A bajo nivel, iniciar un descubrimiento consiste en notificar al controlador que se desea realizar un `Inquiry scan` y/o un `Page scan`. Esto se realiza mediante el comando `HCI Write Scan Enable Command` descrito en Bluetooth Core V5.3, Vol. 4, Part E, Section 7.3.18.
32 |
33 |
34 | ## Herramientas de descubrimiento Bluetooth
35 |
36 | Prácticamente cualquier dispositivo con soporte para comunicaciones Bluetooth tiene alguna herramienta que permite el descubrimiento de dispositivos Bluetooth por ser un proceso básico para establecer una conexión. Sin embargo, es importante saber que no todas las herramientas solicitan la misma información y siguiendo el mismo procedimiento.
37 |
38 | Con el objetivo de conocer qué procedimiento se está usando y para poder extraer la máxima cantidad de información posible se recomienda capturar los procesos de descubrimiento usando la técnica {% include res_link.md res='BSAM-RES-05' %}. Esto permitirá el posterior análisis con herramientas especializadas que muestren todos los datos intercambiados y no solo nombre y MAC como en muchos casos.
39 |
40 | Para iniciar los procesos de descubrimiento pueden usarse algunas de las siguientes herramientas:
41 |
42 | * Pantalla de ajustes de Bluetooth de Android
43 | * Pantalla de ajustes de Bluetooth de iOS
44 | * Pantalla de ajustes de Bluetooth de Windows
45 | * Pantalla de ajustes de Bluetooth de cualquier distribución de Linux
46 | * bluetoothctl
47 | * Scapy
48 | * [Acrylic Bluetooth LE Analyzer](https://www.acrylicwifi.com/bluetooth-analyzer/)
49 |
50 |
51 | ## Referencias externas
52 |
53 | * Bluetooth Core V5.3, Vol. 4, Part E, Section 7.3.18 - Write Scan Enable command
54 |
--------------------------------------------------------------------------------
/04_resources/09_controller_attributes.en.md:
--------------------------------------------------------------------------------
1 | ---
2 | layout: default
3 | title: BSAM-RES-09
4 | summary: Changing the attributes of a controller
5 | description: Changing the attributes of a Bluetooth controller can allow impersonating another device or simulating different scenarios
6 | parent: Resources
7 | nav_order: 8
8 | lang: en
9 | page_id: BSAM_resources_09
10 | permalink: resources/change-controller-attributes/
11 | ---
12 |
13 | # {{ page.summary }}
14 |
15 | Many of the functions and procedures of the Bluetooth standard depend on device-specific parameters, such as: the device name, address, input and output capabilities (if it has a display or keyboard), the version of the Bluetooth standard it supports, the driver firmware version, etc. These parameters are generically referred to as device attributes and many of them are relevant during the establishment of a connection to identify or authenticate the device against other devices.
16 |
17 | Being able to set device attributes is a necessary skill to, among other things, impersonate a known device against others or to simulate different scenarios.
18 |
19 | For this purpose, the different attributes of a driver can be modified. Some of them can be modified through mechanisms provided by the Bluetooth standard. Others have to be modified using the manufacturer's own mechanisms or even by modifying the firmware they run.
20 |
21 |
22 | ## Standard mechanisms
23 |
24 | These are mechanisms supported by the Bluetooth standard and should be compatible with all Bluetooth adapters on the market. Normally these procedures are done by sending HCI packets.
25 |
26 |
27 | ### Name modification
28 |
29 | The `Local Name` is the name that our controller exposes to other devices. This parameter can be modified via standard HCI commands. More specifically this must be done through a `HCI Write Local Name Command`. This command is documented in Bluetooth Core V5.3, Vol. 4, Part E, Section 7.3.11.
30 |
31 |
32 | ### Modifying the device class
33 |
34 | The `Device Class` can be modified by the `HCI Write Class of Device Command` command documented in Bluetooth Core V5.3, Vol. 4, Part E, Section 7.3.26.
35 |
36 |
37 | ## Vendor-specific mechanisms
38 |
39 | ### Broadcom / Cypress
40 |
41 | The manufacturers Broadcom and Cypress implement many non-standard HCI commands that allow modification of attributes of their drivers. These commands are not officially documented, but some of the known commands that may be useful are listed below:
42 |
43 | | Comand | Opcode | Parameters |
44 | |:--------------|:----------|:------------------|
45 | | Write Address | 0xfc01 | MAC addr |
46 | | Write RAM | 0xfc4c | MAC, Data |
47 |
48 | Through these commands you can overwrite memory regions containing data such as the supported LMP version, the manufacturer identification, the _features_ and _extended features_ of your driver.
49 |
50 |
51 | ## External references
52 |
53 | * Bluetooth Core V5.3, Vol. 4, Part E, Section 7.3.11 - Write Local Name command
54 | * Bluetooth Core V5.3, Vol. 4, Part E, Section 7.3.26 - Write Class of Device command
55 |
--------------------------------------------------------------------------------
/04_resources/09_controller_attributes.es.md:
--------------------------------------------------------------------------------
1 | ---
2 | layout: default
3 | title: BSAM-RES-09
4 | summary: Cambiar los atributos de un controlador
5 | description: Cambiar los atributos de un controlador Bluetooth puede permitir hacerse pasar por otro dispositivo o simular diferentes escenarios
6 | parent: Recursos
7 | nav_order: 8
8 | lang: es
9 | page_id: BSAM_resources_09
10 | permalink: recursos/cambiar-atributos-controlador/
11 | ---
12 |
13 | # {{ page.summary }}
14 |
15 | Muchas de las funciones y procedimientos del estándar Bluetooth dependen de parámetros específicos de cada dispositivo, como, por ejemplo: el nombre, la dirección, las capacidades de entrada y salida (si tiene pantalla o teclado), la versión del estándar Bluetooth que soporta, la versión del firmware del controlador, etc. A estos parámetros se los denomina, de forma genérica, atributos del dispositivo, y muchos de ellos son relevantes durante el establecimiento de una conexión, para identificar o autenticar al dispositivo frente a otros.
16 |
17 | Ser capaz de establecer los atributos del dispositivo es una habilidad necesaria para, entre otras cosas, suplantar a un dispositivo conocido frente a otros o simular diferentes escenarios.
18 |
19 | Para ello, los distintos atributos de un controlador pueden ser modificados. Algunos de ellos pueden ser modificados a través de mecanismos provistos por el estándar de Bluetooth. Otros han de ser modificados usando mecanismos propios del fabricante o incluso mediante la modificación del firmware que ejecutan.
20 |
21 |
22 | ## Mecanismos estándar
23 |
24 | Se trata de mecanismos soportados por el estándar Bluetooth y que deberían ser compatibles con todos los adaptadores Bluetooth del mercado. Normalmente estos procedimientos se hacen mediante el envío de paquetes HCI.
25 |
26 |
27 | ### Modificación del nombre
28 |
29 | El `Local Name` es el nombre que el controlador expone a otros dispositivos. Este parámetro puede ser modificado a través de comandos HCI estándar. Más concretamente esto se debe hacer a través de un `HCI Write Local Name Command`. Este comando se encuentra documentado en el Bluetooth Core V5.3, Vol. 4, Part E, Section 7.3.11.
30 |
31 |
32 | ### Modificación de la clase de dispositivo
33 |
34 | El `Device Class` puede ser modificado mediante el comando `HCI Write Class of Device Command` documentado en el Bluetooth Core V5.3, Vol. 4, Part E, Section 7.3.26.
35 |
36 |
37 | ## Mecanismos propios de fabricante
38 |
39 | ### Broadcom / Cypress
40 |
41 | Los fabricantes Broadcom y Cypress implementan muchos comandos HCI no estándar que permiten la modificación de atributos de sus controladores. Estos comandos no se encuentran documentados oficialmente aunque a continuación se listan algunos de los conocidos que pueden ser de utilidad:
42 |
43 | | Comando | Opcode | Parametros |
44 | |:--------------|:----------|:------------------|
45 | | Write Address | 0xfc01 | Dirección MAC |
46 | | Write RAM | 0xfc4c | Dirección, Datos |
47 |
48 | A través de estos comandos se pueden sobrescribir regiones de memoria que contienen datos como la versión de LMP soportada, la identificación del fabricante, los _features_ y _extended features_ de nuestro controlador.
49 |
50 |
51 | ## Referencias externas
52 |
53 | * Bluetooth Core V5.3, Vol. 4, Part E, Section 7.3.11 - Write Local Name command
54 | * Bluetooth Core V5.3, Vol. 4, Part E, Section 7.3.26 - Write Class of Device command
55 |
--------------------------------------------------------------------------------
/04_resources/10_link_key_management.en.md:
--------------------------------------------------------------------------------
1 | ---
2 | layout: default
3 | title: BSAM-RES-10
4 | summary: Link key management on the host
5 | description: Link key management on the host allows controlling the controller's responses to Bluetooth connection attempts
6 | parent: Resources
7 | nav_order: 9
8 | lang: en
9 | page_id: BSAM_resources_10
10 | permalink: resources/link-key-management/
11 | ---
12 |
13 | # {{ page.summary }}
14 |
15 | The host software stack, among many other functions, is responsible for link key management.
16 |
17 | Depending on the presence of link keys for connection to another device, the host is able to control (via the HCI protocol) some responses that the driver makes to an incoming or outgoing connection attempt. Although there are alternatives to this technique, such as the implementation of our host stack, it is sometimes easier to install or delete keys from another device on our host through APIs for this purpose.
18 |
19 | This resource is dependent on the host stack on which it is attempted.
20 |
21 |
22 | ## BlueZ link key management
23 |
24 | The BlueZ Bluetooth stack exposes different APIs to interact with it. The management (MGMT) API, described in the [mgmt-api.txt](https://github.com/bluez/bluez/blob/master/doc/mgmt-api.txt) file, allows manipulation of link keys, among other tasks.
25 |
26 | As indicated in the document, to use the API, a Bluetooth Management socket must be opened and the message format must be followed.
27 |
28 | The [Load Link Keys](https://github.com/bluez/bluez/blob/8c452c2ec1739efe581273bacd738e5294d0ca0f/doc/mgmt-api.txt#L788) command, in particular, allows you to modify the keys stored in the database: you pass it an array of keys to store. An empty array removes all keys from the database.
29 |
30 | To facilitate the use of this API, BlueZ provides the [btmgmt](https://github.com/bluez/bluez/blob/master/tools/btmgmt.c) tool. Although it does not implement all the commands specified in the API, it implements many of them and can serve as a base. The Load Link Keys command is not implemented in the tool, but there is a command line option and it does not require much effort to add the functionality.
31 |
--------------------------------------------------------------------------------
/04_resources/10_link_key_management.es.md:
--------------------------------------------------------------------------------
1 | ---
2 | layout: default
3 | title: BSAM-RES-10
4 | summary: Gestión de claves de enlace en el host
5 | description: La gestión de claves de enlace en el host permite controlar las respuestas del controlador a los intentos de conexión Bluetooth
6 | parent: Recursos
7 | nav_order: 9
8 | lang: es
9 | page_id: BSAM_resources_10
10 | permalink: recursos/gestion-claves-enlace/
11 | ---
12 |
13 | # {{ page.summary }}
14 |
15 | El stack de software del host, entre otras muchas funciones, es responsable de la gestión de claves de enlace.
16 |
17 | En función de la presencia de claves de enlace para la conexión con otro dispositivo, el host es capaz de controlar (a través del protocolo HCI) algunas respuestas que el controlador hace ante un intento de conexión entrante o saliente. Aunque existen alternativas a esta técnica, como la implementación de un stack de host propio, resulta más sencillo instalar o borrar claves de otro dispositivo en el host a través de APIs para ello.
18 |
19 | Esta técnica es dependiente del stack del host en el que se intenta realizar. A continuación se detalla la técnica para el stack BlueZ de sistemas Linux.
20 |
21 |
22 | ## Claves de enlace en BlueZ
23 |
24 | La pila de Bluetooth BlueZ expone diferentes APIs para interaccionar con ella. La management (MGMT) API, descrita en el documento [mgmt-api.txt](https://github.com/bluez/bluez/blob/master/doc/mgmt-api.txt), permite manipular las claves de enlace, entre otras tareas.
25 |
26 | Como se indica en el documento, para utilizar la API se debe abrir un Bluetooth Management socket y seguir el formato de mensajes.
27 |
28 | El comando [Load Link Keys](https://github.com/bluez/bluez/blob/8c452c2ec1739efe581273bacd738e5294d0ca0f/doc/mgmt-api.txt#L788), en concreto, permite modificar las claves almacenadas en la base de datos: se le pasa un array de claves para almacenar. Un array vacío elimina todas las claves de la base de datos.
29 |
30 | Para facilitar el uso de esta API, BlueZ provee de la herramienta [btmgmt](https://github.com/bluez/bluez/blob/master/tools/btmgmt.c). Aunque no implementa todos los comandos especificados en la API, sí implementa muchos y puede servir como base. El comando Load Link Keys no se encuentra implementado en la herramienta, pero existe la opción de línea de comandos y no se requiere mucho esfuerzo para añadir la funcionalidad.
31 |
--------------------------------------------------------------------------------
/05_annex/00_index.en.md:
--------------------------------------------------------------------------------
1 | ---
2 | layout: default
3 | title: Annexes
4 | Summary: BSAM Bluetooth appendices and information
5 | description: Appendices and relevant documentation on Bluetooth and BSAM methodology.
6 | nav_order: 5
7 | has_children: true
8 | lang: en
9 | page_id: BSAM_annex
10 | permalink: annex/
11 | ---
12 | # BSAM Annexes
13 | Here you can find a list of annexes with tables and extended information relevant to BSAM.
--------------------------------------------------------------------------------
/05_annex/00_index.es.md:
--------------------------------------------------------------------------------
1 | ---
2 | layout: default
3 | title: Anexos
4 | summary: Anexos e información Bluetooth de BSAM
5 | description: Anexos y documentación relevante sobre Bluetooth y sobre la metodología BSAM.
6 | nav_order: 5
7 | has_children: true
8 | lang: es
9 | page_id: BSAM_annex
10 | permalink: anexo/
11 | ---
12 | # Anexos BSAM
13 | Aquí podrás encontrar una lista de anexos con tablas e información extendida relevante para BSAM.
14 |
--------------------------------------------------------------------------------
/05_annex/02_external_resources.en.md:
--------------------------------------------------------------------------------
1 | ---
2 | layout: default
3 | title: External resources
4 | description: List of external Bluetooth resources relevant to the development or application of the BSAM methodology
5 | parent: Annexes
6 | nav_order: 1
7 | lang: en
8 | page_id: BSAM_annex-external-resources
9 | permalink: annex/external-resources/
10 | ---
11 |
12 | # {{ page.title }}
13 |
14 | This annex aims to compile a list of external resources that have been useful while developing BSAM.
15 |
16 |
17 | ## Bluetooth specifications
18 |
19 | * [Bluetooth SIG specifications web](https://www.bluetooth.com/specifications/specs/)
20 |
21 |
22 | ## Security standards and certifications
23 |
24 | * [ETSI EN 303 645 - Cyber Security for Consumer Internet of Things: Baseline Requirements V2.1.1](https://www.etsi.org/deliver/etsi_en/303600_303699/303645/02.01.01_60/en_303645v020101p.pdf)
25 | * [NIST IR 8259A - IoT Device Cybersecurity Capability Core Baseline](https://csrc.nist.gov/pubs/ir/8259/a/final)
26 |
27 |
28 | ## Security guides
29 |
30 | * [NIST SP 800-121 Rev. 2 - Guide to Bluetooth Security](https://csrc.nist.gov/pubs/sp/800/121/r2/upd1/final)
31 |
32 |
--------------------------------------------------------------------------------
/05_annex/02_external_resources.es.md:
--------------------------------------------------------------------------------
1 | ---
2 | layout: default
3 | title: Recursos externos
4 | description: Listado de recursos externos sobre Bluetooth relevantes para el desarrollo o aplicación de la metodología BSAM
5 | parent: Anexos
6 | nav_order: 1
7 | lang: es
8 | page_id: BSAM_annex-external-resources
9 | permalink: anexo/recursos-externos/
10 | ---
11 |
12 | # {{ page.title }}
13 |
14 | Este anexo trata de recopilar una lista de recursos externos que han sido de utilidad durante el desarrollo de BSAM.
15 |
16 |
17 | ## Especificaciones de Bluetooth
18 |
19 | * [Bluetooth SIG specifications web](https://www.bluetooth.com/specifications/specs/)
20 |
21 |
22 | ## Estándares de seguridad y certificaciones
23 |
24 | * [ETSI EN 303 645 - Cyber Security for Consumer Internet of Things: Baseline Requirements V2.1.1](https://www.etsi.org/deliver/etsi_en/303600_303699/303645/02.01.01_60/en_303645v020101p.pdf)
25 | * [NIST IR 8259A - IoT Device Cybersecurity Capability Core Baseline](https://csrc.nist.gov/pubs/ir/8259/a/final)
26 |
27 |
28 | ## Guías de seguridad
29 |
30 | * [NIST SP 800-121 Rev. 2 - Guide to Bluetooth Security](https://csrc.nist.gov/pubs/sp/800/121/r2/upd1/final)
31 |
--------------------------------------------------------------------------------
/06_contributors/00_index.en.md:
--------------------------------------------------------------------------------
1 | ---
2 | layout: default
3 | title: Contributors
4 | sumary: Bluetooth methodology collaborators
5 | description: BSAM Contributors. A list of all contributors who have made possible the development and evolution of the BSAM methodology.
6 | image: /assets/img/BSAM logo dark.png
7 | nav_order: 6
8 | has_children: false
9 | lang: en
10 | page_id: BSAM_contributors
11 | permalink: contributors/
12 | ---
13 |
14 | 
15 |
16 | # BSAM main contributors.
17 |
18 | BSAM has been made possible thanks to the work of [Tarlogic Security's](https://www.tarlogic.com/) cybersecurity innovation unit. This team's goal is to research and promote hardware security, IoT technologies, wireless communication protocols (Wi-Fi, Bluetooth, Zigbee, etc.), and emerging technologies.
19 |
20 | For example, they are responsible for developing the [Acrylic Wi-Fi](https://www.acrylicwifi.com/en/) product range, conducting research on security issues in smart meters with PRIME technology, and discovering Bluetooth vulnerabilities such as Bluetrust.
21 |
22 | - Antonio Vazquez
23 | - Francisco Manuel Alvarez Wic
24 | - Jesus Gomez Moreno
25 | - Miguel Tarascó
26 | - Andrés Tarascó
27 |
28 | ## Contributors
29 |
30 | Following are other people who have collaborated with BSAM to help it continue to grow as a reference methodology.
31 |
32 | You can collaborate with BSAM by proposing new controls, improving existing documentation, incorporating new features of the standard, or developing tools.
33 |
--------------------------------------------------------------------------------
/06_contributors/00_index.es.md:
--------------------------------------------------------------------------------
1 | ---
2 | layout: default
3 | title: Colaboradores
4 | summary: Colaboradores de la metodología Bluetooth
5 | description: Colaboradores de BSAM. Listado de todos los colaboradores que han hecho posible el desarrollo y evolución de la metodología BSAM
6 | image: /assets/img/BSAM logo dark.png
7 | nav_order: 6
8 | has_children: false
9 | lang: es
10 | page_id: BSAM_contributors
11 | permalink: colaboradores/
12 | ---
13 |
14 | 
15 |
16 | # Colaboradores principales de BSAM
17 |
18 | BSAM ha sido posible gracias al trabajo de la unidad de innovación en ciberseguridad de [Tarlogic Security](https://www.tarlogic.com/es/). Este equipo tiene como objetivo la investigación y divulgación en materia de seguridad hardware, en tecnologias IoT, en protocolos de comunicaciones inalámbricos (Wi-Fi, Bluetooth, Zigbee...) y en tecnologías emergentes.
19 |
20 | Por poner algunos ejemplos, son los responsables del desarrollo de la gama de productos [Acrylic Wi-Fi](https://www.acrylicwifi.com/), de investigaciones sobre los problemas de seguridad de los contadores inteligentes con tecnología PRIME y del descubrimiento de vulnerabilidades Bluetooth como Bluetrust.
21 |
22 | - Antonio Vazquez Blanco
23 | - Francisco Manuel Alvarez Wic
24 | - Jesus Gomez Moreno
25 | - Miguel Tarascó
26 | - Andrés Tarascó
27 |
28 | ## Colaboradores
29 |
30 | Puedes colaborar con BSAM proponiendo nuevos controles, mejorando la documentación existente, incorporando nuevas funcionalidades del estandar o desarrollando herramientas. A continuación, se muestran otras personas que han colaborado con BSAM para que siga creciendo como metodología de referencia.
31 |
--------------------------------------------------------------------------------
/BSAM-methodology-Checklist.xlsx:
--------------------------------------------------------------------------------
1 | version https://git-lfs.github.com/spec/v1
2 | oid sha256:912e06ae941593d5f58d0a93bc740151bbd693d1973c9146e42d98db86fcd771
3 | size 11594
4 |
--------------------------------------------------------------------------------
/BSAM_branding/CMYK/LOGO_BSAM_CMYK_full/01_Positive_ Negative/01_Positive/TAR23-028_BSAM_LOGO_CMYK_Positivo.ai:
--------------------------------------------------------------------------------
1 | version https://git-lfs.github.com/spec/v1
2 | oid sha256:48dc904b87e2dabd4536e8e47d1c697516b6ee8d0cf3430f7f8c91abb614b33c
3 | size 1275226
4 |
--------------------------------------------------------------------------------
/BSAM_branding/CMYK/LOGO_BSAM_CMYK_full/01_Positive_ Negative/01_Positive/TAR23-028_BSAM_LOGO_CMYK_Positivo.jpg:
--------------------------------------------------------------------------------
1 | version https://git-lfs.github.com/spec/v1
2 | oid sha256:40467033bb53bfe88c07c7c0d74f2b5a8d5c09e7ffbe5a6505ed06b02c9f085e
3 | size 177404
4 |
--------------------------------------------------------------------------------
/BSAM_branding/CMYK/LOGO_BSAM_CMYK_full/01_Positive_ Negative/01_Positive/TAR23-028_BSAM_LOGO_CMYK_Positivo.pdf:
--------------------------------------------------------------------------------
1 | version https://git-lfs.github.com/spec/v1
2 | oid sha256:733af5817bb549512854753ad0b7574415ad9034aa44d388fea8bcc7da1eee21
3 | size 216501
4 |
--------------------------------------------------------------------------------
/BSAM_branding/CMYK/LOGO_BSAM_CMYK_full/01_Positive_ Negative/01_Positive/TAR23-028_BSAM_LOGO_CMYK_Positivo.png:
--------------------------------------------------------------------------------
1 | version https://git-lfs.github.com/spec/v1
2 | oid sha256:ba61ae0d76f7f93eea22e6c416815d65e103bd959e328a68cd031c9ca607d640
3 | size 373369
4 |
--------------------------------------------------------------------------------
/BSAM_branding/CMYK/LOGO_BSAM_CMYK_full/01_Positive_ Negative/02_Negative/TAR23-028_BSAM_LOGO_CMYK_Negativo.ai:
--------------------------------------------------------------------------------
1 | version https://git-lfs.github.com/spec/v1
2 | oid sha256:70aa0a09c5d3d428d8bc1bde0896098693351a4d6192aa9d2795aac9cc7a07db
3 | size 1259395
4 |
--------------------------------------------------------------------------------
/BSAM_branding/CMYK/LOGO_BSAM_CMYK_full/01_Positive_ Negative/02_Negative/TAR23-028_BSAM_LOGO_CMYK_Negativo.jpg:
--------------------------------------------------------------------------------
1 | version https://git-lfs.github.com/spec/v1
2 | oid sha256:fd2da66bebbfcb6b3f99bdec3cec2949973378ed4ee10263684ebb5b23de7de0
3 | size 183717
4 |
--------------------------------------------------------------------------------
/BSAM_branding/CMYK/LOGO_BSAM_CMYK_full/01_Positive_ Negative/02_Negative/TAR23-028_BSAM_LOGO_CMYK_Negativo.pdf:
--------------------------------------------------------------------------------
1 | version https://git-lfs.github.com/spec/v1
2 | oid sha256:ed49eec363531381dca2128c3710edebd9a48505499d5e8b520dda5cd584bd79
3 | size 202336
4 |
--------------------------------------------------------------------------------
/BSAM_branding/CMYK/LOGO_BSAM_CMYK_full/01_Positive_ Negative/02_Negative/TAR23-028_BSAM_LOGO_CMYK_Negativo.png:
--------------------------------------------------------------------------------
1 | version https://git-lfs.github.com/spec/v1
2 | oid sha256:b60f6c7f216bccad6860e30ed88283bc97bd194adeb68074ea57637e47427700
3 | size 348790
4 |
--------------------------------------------------------------------------------
/BSAM_branding/CMYK/LOGO_BSAM_CMYK_full/02_on_light_background/TAR23-028_BSAM_LOGO_CMYK_Fondo claro.ai:
--------------------------------------------------------------------------------
1 | version https://git-lfs.github.com/spec/v1
2 | oid sha256:7a74cd81728e533bb56018f4a73005896aeef8cf36274a76f0f9fd26801782c0
3 | size 1278654
4 |
--------------------------------------------------------------------------------
/BSAM_branding/CMYK/LOGO_BSAM_CMYK_full/02_on_light_background/TAR23-028_BSAM_LOGO_CMYK_Fondo claro.jpg:
--------------------------------------------------------------------------------
1 | version https://git-lfs.github.com/spec/v1
2 | oid sha256:caa510f584a4273d9ca37fbc123d3c5b7a24c66abe65230fceb68972d77ae7b3
3 | size 303810
4 |
--------------------------------------------------------------------------------
/BSAM_branding/CMYK/LOGO_BSAM_CMYK_full/02_on_light_background/TAR23-028_BSAM_LOGO_CMYK_Fondo claro.pdf:
--------------------------------------------------------------------------------
1 | version https://git-lfs.github.com/spec/v1
2 | oid sha256:1ac460ff11ce32cbb49b28b13c53f785e89acacae242fa7d5b63eda0294facb5
3 | size 220467
4 |
--------------------------------------------------------------------------------
/BSAM_branding/CMYK/LOGO_BSAM_CMYK_full/02_on_light_background/TAR23-028_BSAM_LOGO_CMYK_Fondo claro.png:
--------------------------------------------------------------------------------
1 | version https://git-lfs.github.com/spec/v1
2 | oid sha256:87eebcd0a2fcaa8956b3ed40c9e15134ce34e42e784bc32b3e2c09358d591176
3 | size 384903
4 |
--------------------------------------------------------------------------------
/BSAM_branding/CMYK/LOGO_BSAM_CMYK_full/03_on_dark_background/TAR23-028_BSAM_LOGO_CMYK_Fondo oscuro.ai:
--------------------------------------------------------------------------------
1 | version https://git-lfs.github.com/spec/v1
2 | oid sha256:c039a699b19e001f464964bde1572c4f24772c40ed3fa195900b2511fdfe7cb9
3 | size 1261162
4 |
--------------------------------------------------------------------------------
/BSAM_branding/CMYK/LOGO_BSAM_CMYK_full/03_on_dark_background/TAR23-028_BSAM_LOGO_CMYK_Fondo oscuro.jpg:
--------------------------------------------------------------------------------
1 | version https://git-lfs.github.com/spec/v1
2 | oid sha256:bb9d0ee4fb5d9635841fa529367f2845962a077cf83322edb1f044f5cbacfed9
3 | size 302195
4 |
--------------------------------------------------------------------------------
/BSAM_branding/CMYK/LOGO_BSAM_CMYK_full/03_on_dark_background/TAR23-028_BSAM_LOGO_CMYK_Fondo oscuro.pdf:
--------------------------------------------------------------------------------
1 | version https://git-lfs.github.com/spec/v1
2 | oid sha256:5b9f6a1af95ed0dd5bad3fe486df97a5307323f5a9262aca3abd90e30c54c27b
3 | size 203039
4 |
--------------------------------------------------------------------------------
/BSAM_branding/CMYK/LOGO_BSAM_CMYK_full/03_on_dark_background/TAR23-028_BSAM_LOGO_CMYK_Fondo oscuro.png:
--------------------------------------------------------------------------------
1 | version https://git-lfs.github.com/spec/v1
2 | oid sha256:8b975ed0d7269c10d281ff41cf3ccb9deea48e5ae2ae14d8210062ac373aab23
3 | size 352867
4 |
--------------------------------------------------------------------------------
/BSAM_branding/CMYK/LOGO_BSAM_CMYK_full/04_on_image/TAR23-028_BSAM_LOGO_CMYK_Sobre imagen.ai:
--------------------------------------------------------------------------------
1 | version https://git-lfs.github.com/spec/v1
2 | oid sha256:2d01729f69da59f394f6fc38d97481db33ebc8435d120e477b4092cc794b8b6e
3 | size 1261174
4 |
--------------------------------------------------------------------------------
/BSAM_branding/CMYK/LOGO_BSAM_CMYK_full/04_on_image/TAR23-028_BSAM_LOGO_CMYK_Sobre imagen.pdf:
--------------------------------------------------------------------------------
1 | version https://git-lfs.github.com/spec/v1
2 | oid sha256:4888aa3843c5027cbf7dc6183f12808a8996fd96d6cf92510ef769c0efc34f74
3 | size 202140
4 |
--------------------------------------------------------------------------------
/BSAM_branding/CMYK/LOGO_BSAM_CMYK_full/04_on_image/TAR23-028_BSAM_LOGO_CMYK_Sobre imagen.png:
--------------------------------------------------------------------------------
1 | version https://git-lfs.github.com/spec/v1
2 | oid sha256:ac1f6d5868286985c68c147648e6e66cb0c7302dbd8d8e20c287cc785e64f533
3 | size 352859
4 |
--------------------------------------------------------------------------------
/BSAM_branding/CMYK/LOGO_BSAM_CMYK_full/05_on_corporate_green/TAR23-028_BSAM_LOGO_CMYK_Sobre verde.ai:
--------------------------------------------------------------------------------
1 | version https://git-lfs.github.com/spec/v1
2 | oid sha256:28a3c9f8d8d136801153c3f9c17be2531e503ef7b0f0caaed273a7f218dd5c16
3 | size 1277457
4 |
--------------------------------------------------------------------------------
/BSAM_branding/CMYK/LOGO_BSAM_CMYK_full/05_on_corporate_green/TAR23-028_BSAM_LOGO_CMYK_Sobre verde.pdf:
--------------------------------------------------------------------------------
1 | version https://git-lfs.github.com/spec/v1
2 | oid sha256:a0342d78b77f7e3059b569670ddba6599ed4c2b91d3e3a928c0cce9fcd6e00d9
3 | size 217921
4 |
--------------------------------------------------------------------------------
/BSAM_branding/CMYK/LOGO_BSAM_CMYK_full/05_on_corporate_green/TAR23-028_BSAM_LOGO_CMYK_Sobre verde.png:
--------------------------------------------------------------------------------
1 | version https://git-lfs.github.com/spec/v1
2 | oid sha256:c5c476b77ae75053443b725dfaa6ed24842d79281b2e390e5a3f3e4b19e75947
3 | size 382503
4 |
--------------------------------------------------------------------------------
/BSAM_branding/CMYK/LOGO_BSAM_CMYK_full/05_on_corporate_green/TAR23-028_BSAM_LOGO_CMYK_Sobre-verde.jpg:
--------------------------------------------------------------------------------
1 | version https://git-lfs.github.com/spec/v1
2 | oid sha256:18719375bcffdd6781736a38269f0c3647baebb4d1f5c6feebeae42a0d291499
3 | size 248987
4 |
--------------------------------------------------------------------------------
/BSAM_branding/CMYK/LOGO_BSAM_CMYK_full/06_greyscale/TAR23-028_BSAM_LOGO_CMYK_Escala de grises.ai:
--------------------------------------------------------------------------------
1 | version https://git-lfs.github.com/spec/v1
2 | oid sha256:5a0ae59e76807a21490a1c3e49eb009a69c9273c1bc9f277df1074bbde28b3c4
3 | size 1276036
4 |
--------------------------------------------------------------------------------
/BSAM_branding/CMYK/LOGO_BSAM_CMYK_full/06_greyscale/TAR23-028_BSAM_LOGO_CMYK_Escala de grises.pdf:
--------------------------------------------------------------------------------
1 | version https://git-lfs.github.com/spec/v1
2 | oid sha256:33b5c7f25beb841d13bb869d61b70f9f05ab02c4d4e8f2d0b3fbb328d1e82dae
3 | size 216883
4 |
--------------------------------------------------------------------------------
/BSAM_branding/CMYK/LOGO_BSAM_CMYK_full/06_greyscale/TAR23-028_BSAM_LOGO_CMYK_Escala de grises_Mesa de trabajo 1.png:
--------------------------------------------------------------------------------
1 | version https://git-lfs.github.com/spec/v1
2 | oid sha256:85bd64f8fbdef01733433e79575184772f2d4b16f0f793e74797fafbd091692e
3 | size 382048
4 |
--------------------------------------------------------------------------------
/BSAM_branding/CMYK/LOGO_BSAM_CMYK_full/06_greyscale/TAR23-028_BSAM_LOGO_CMYK_Escala-de-grises.jpg:
--------------------------------------------------------------------------------
1 | version https://git-lfs.github.com/spec/v1
2 | oid sha256:0fe727c000d5cbd8cba5930fb76e0c0a23b73fa079296fc7e33716c1fc2062b2
3 | size 183245
4 |
--------------------------------------------------------------------------------
/BSAM_branding/CMYK/LOGO_BSAM_CMYK_symbol/01_Positive_Negative/01_Positive/TAR23-028_BSAM_LOGO_Siglas_CMYK_Positivo.ai:
--------------------------------------------------------------------------------
1 | version https://git-lfs.github.com/spec/v1
2 | oid sha256:58c6e671700725a9660533d62e1f4621b5284394638ee6075224aa0dda0d3216
3 | size 1246862
4 |
--------------------------------------------------------------------------------
/BSAM_branding/CMYK/LOGO_BSAM_CMYK_symbol/01_Positive_Negative/01_Positive/TAR23-028_BSAM_LOGO_Siglas_CMYK_Positivo.jpg:
--------------------------------------------------------------------------------
1 | version https://git-lfs.github.com/spec/v1
2 | oid sha256:774a20cd152361ee92552ff9f5281231e832f56d399437cd06e78784884443af
3 | size 119758
4 |
--------------------------------------------------------------------------------
/BSAM_branding/CMYK/LOGO_BSAM_CMYK_symbol/01_Positive_Negative/01_Positive/TAR23-028_BSAM_LOGO_Siglas_CMYK_Positivo.pdf:
--------------------------------------------------------------------------------
1 | version https://git-lfs.github.com/spec/v1
2 | oid sha256:c078d3ffa2f80c9e35213f009c424e786b136329e7faca263e9ffb5ef6dcbc01
3 | size 187126
4 |
--------------------------------------------------------------------------------
/BSAM_branding/CMYK/LOGO_BSAM_CMYK_symbol/01_Positive_Negative/01_Positive/TAR23-028_BSAM_LOGO_Siglas_CMYK_Positivo.png:
--------------------------------------------------------------------------------
1 | version https://git-lfs.github.com/spec/v1
2 | oid sha256:cc53f0cebff67a89058337d4bb012b1ec5672e388716ae5e355d5a438641160c
3 | size 302958
4 |
--------------------------------------------------------------------------------
/BSAM_branding/CMYK/LOGO_BSAM_CMYK_symbol/01_Positive_Negative/02_Negative/TAR23-028_BSAM_LOGO_Siglas_CMYK_Negativo.ai:
--------------------------------------------------------------------------------
1 | version https://git-lfs.github.com/spec/v1
2 | oid sha256:ef15f41d1b294170470f576f63e4b7c411854278ed917f4e0f348e17991173f9
3 | size 1234672
4 |
--------------------------------------------------------------------------------
/BSAM_branding/CMYK/LOGO_BSAM_CMYK_symbol/01_Positive_Negative/02_Negative/TAR23-028_BSAM_LOGO_Siglas_CMYK_Negativo.jpg:
--------------------------------------------------------------------------------
1 | version https://git-lfs.github.com/spec/v1
2 | oid sha256:7eaf5226505e0a4c734e7eadbdc91dbf6c3ef025035b81ae2049419a0cca1de5
3 | size 123944
4 |
--------------------------------------------------------------------------------
/BSAM_branding/CMYK/LOGO_BSAM_CMYK_symbol/01_Positive_Negative/02_Negative/TAR23-028_BSAM_LOGO_Siglas_CMYK_Negativo.pdf:
--------------------------------------------------------------------------------
1 | version https://git-lfs.github.com/spec/v1
2 | oid sha256:c942bf634db5ea5aa35a3ff472bdbfb6fe98678b94a57e53a9a5d718bb05d8a2
3 | size 175202
4 |
--------------------------------------------------------------------------------
/BSAM_branding/CMYK/LOGO_BSAM_CMYK_symbol/01_Positive_Negative/02_Negative/TAR23-028_BSAM_LOGO_Siglas_CMYK_Negativo.png:
--------------------------------------------------------------------------------
1 | version https://git-lfs.github.com/spec/v1
2 | oid sha256:a83f8a6996cf298260a901ec19e02e00cccc13dd6eabbdc4a2bcd4d93a68d3dd
3 | size 283738
4 |
--------------------------------------------------------------------------------
/BSAM_branding/CMYK/LOGO_BSAM_CMYK_symbol/02_on_light_background/TAR23-028_BSAM_LOGO_Siglas_CMYK_Fondo claro.ai:
--------------------------------------------------------------------------------
1 | version https://git-lfs.github.com/spec/v1
2 | oid sha256:783c6b46d38073af980459af11f368917d093f5114d00e058ce512ade76e294b
3 | size 1249024
4 |
--------------------------------------------------------------------------------
/BSAM_branding/CMYK/LOGO_BSAM_CMYK_symbol/02_on_light_background/TAR23-028_BSAM_LOGO_Siglas_CMYK_Fondo claro.pdf:
--------------------------------------------------------------------------------
1 | version https://git-lfs.github.com/spec/v1
2 | oid sha256:67d0efb7ac2f9b21a7bc09dfb71e9b675f5783122a5388dc616dc12da410e45a
3 | size 190381
4 |
--------------------------------------------------------------------------------
/BSAM_branding/CMYK/LOGO_BSAM_CMYK_symbol/02_on_light_background/TAR23-028_BSAM_LOGO_Siglas_CMYK_Fondo claro.png:
--------------------------------------------------------------------------------
1 | version https://git-lfs.github.com/spec/v1
2 | oid sha256:c5c7e3ec1f6168e6f6012d374cea553143fc47a1d8c46caedd7a377ed5fa69af
3 | size 311425
4 |
--------------------------------------------------------------------------------
/BSAM_branding/CMYK/LOGO_BSAM_CMYK_symbol/02_on_light_background/TAR23-028_BSAM_LOGO_Siglas_CMYK_Fondo-claro.jpg:
--------------------------------------------------------------------------------
1 | version https://git-lfs.github.com/spec/v1
2 | oid sha256:74059adc89470bc776b91083f337cd9e0ee9de1774fb9094ab89c7c8939c2a34
3 | size 200499
4 |
--------------------------------------------------------------------------------
/BSAM_branding/CMYK/LOGO_BSAM_CMYK_symbol/03_on_dark_background/TAR23-028_BSAM_LOGO_Siglas_CMYK_Fondo oscuro.ai:
--------------------------------------------------------------------------------
1 | version https://git-lfs.github.com/spec/v1
2 | oid sha256:c039a699b19e001f464964bde1572c4f24772c40ed3fa195900b2511fdfe7cb9
3 | size 1261162
4 |
--------------------------------------------------------------------------------
/BSAM_branding/CMYK/LOGO_BSAM_CMYK_symbol/03_on_dark_background/TAR23-028_BSAM_LOGO_Siglas_CMYK_Fondo oscuro.pdf:
--------------------------------------------------------------------------------
1 | version https://git-lfs.github.com/spec/v1
2 | oid sha256:64b12c03d25e024e42f719798d6f60ac9cc947961c5e5e36d4c1fca7af8b0806
3 | size 176530
4 |
--------------------------------------------------------------------------------
/BSAM_branding/CMYK/LOGO_BSAM_CMYK_symbol/03_on_dark_background/TAR23-028_BSAM_LOGO_Siglas_CMYK_Fondo oscuro.png:
--------------------------------------------------------------------------------
1 | version https://git-lfs.github.com/spec/v1
2 | oid sha256:52efc8bd9188920498c7a3a7ccd3a92d97c94aa7f560959b9885a41366cc71bb
3 | size 286995
4 |
--------------------------------------------------------------------------------
/BSAM_branding/CMYK/LOGO_BSAM_CMYK_symbol/03_on_dark_background/TAR23-028_BSAM_LOGO_Siglas_CMYK_Fondo-oscuro.jpg:
--------------------------------------------------------------------------------
1 | version https://git-lfs.github.com/spec/v1
2 | oid sha256:c91a2a96e5e2a79aeeff473a519448784b25772b3a3129e485689de04e06bf94
3 | size 198676
4 |
--------------------------------------------------------------------------------
/BSAM_branding/CMYK/LOGO_BSAM_CMYK_symbol/04_on_image/TAR23-028_BSAM_LOGO_Siglas_CMYK_Sobre imagen.ai:
--------------------------------------------------------------------------------
1 | version https://git-lfs.github.com/spec/v1
2 | oid sha256:f1a50b50f6dc70f018a734c237c78f7b16cb9bd20e03a127ccaa8d10471cfe7e
3 | size 1238416
4 |
--------------------------------------------------------------------------------
/BSAM_branding/CMYK/LOGO_BSAM_CMYK_symbol/04_on_image/TAR23-028_BSAM_LOGO_Siglas_CMYK_Sobre imagen.pdf:
--------------------------------------------------------------------------------
1 | version https://git-lfs.github.com/spec/v1
2 | oid sha256:297fe4eacdaf5cb8d5b765baf9628712e9c4dba9721d143eafa7e035e755a86b
3 | size 176538
4 |
--------------------------------------------------------------------------------
/BSAM_branding/CMYK/LOGO_BSAM_CMYK_symbol/04_on_image/TAR23-028_BSAM_LOGO_Siglas_CMYK_Sobre imagen.png:
--------------------------------------------------------------------------------
1 | version https://git-lfs.github.com/spec/v1
2 | oid sha256:e74bb044007f2dbbb7bef5d68aa97d6d088d7e4804c87b5de1ddcd5a3051c860
3 | size 286988
4 |
--------------------------------------------------------------------------------
/BSAM_branding/CMYK/LOGO_BSAM_CMYK_symbol/05_on_corporate_green/TAR23-028_BSAM_LOGO_Siglas_CMYK_Sobre verde.ai:
--------------------------------------------------------------------------------
1 | version https://git-lfs.github.com/spec/v1
2 | oid sha256:26d0fcc507135cec5647c918be7989e0318ec644196483dce17f4d664018bbbe
3 | size 1250088
4 |
--------------------------------------------------------------------------------
/BSAM_branding/CMYK/LOGO_BSAM_CMYK_symbol/05_on_corporate_green/TAR23-028_BSAM_LOGO_Siglas_CMYK_Sobre verde.pdf:
--------------------------------------------------------------------------------
1 | version https://git-lfs.github.com/spec/v1
2 | oid sha256:4afc7ad4368ccf957c6775e90a3d0656d3f6de38e7fd9ab61418f05baa043c3a
3 | size 189886
4 |
--------------------------------------------------------------------------------
/BSAM_branding/CMYK/LOGO_BSAM_CMYK_symbol/05_on_corporate_green/TAR23-028_BSAM_LOGO_Siglas_CMYK_Sobre verde.png:
--------------------------------------------------------------------------------
1 | version https://git-lfs.github.com/spec/v1
2 | oid sha256:175abc27d967b817c63cfed659848e455b903ca63e2ca15a272fc9834d7d31bf
3 | size 309212
4 |
--------------------------------------------------------------------------------
/BSAM_branding/CMYK/LOGO_BSAM_CMYK_symbol/05_on_corporate_green/TAR23-028_BSAM_LOGO_Siglas_CMYK_Sobre-verde.jpg:
--------------------------------------------------------------------------------
1 | version https://git-lfs.github.com/spec/v1
2 | oid sha256:d6c42d1a73cf238f01ac59b8a901e1bf3d941b2193101d6c62082d231ebdae80
3 | size 180066
4 |
--------------------------------------------------------------------------------
/BSAM_branding/CMYK/LOGO_BSAM_CMYK_symbol/06_greyscale/TAR23-028_BSAM_LOGO_Siglas_CMYK_Escala de grises.ai:
--------------------------------------------------------------------------------
1 | version https://git-lfs.github.com/spec/v1
2 | oid sha256:8e043e20ee7f3490c5a3233640076df9c04a40984c34cca269b03c5ed10675d8
3 | size 1247980
4 |
--------------------------------------------------------------------------------
/BSAM_branding/CMYK/LOGO_BSAM_CMYK_symbol/06_greyscale/TAR23-028_BSAM_LOGO_Siglas_CMYK_Escala de grises.pdf:
--------------------------------------------------------------------------------
1 | version https://git-lfs.github.com/spec/v1
2 | oid sha256:6114eb41290ea89c65c280fdee9863964333ca3aa78c45125fa6c7b0dd2cef08
3 | size 187642
4 |
--------------------------------------------------------------------------------
/BSAM_branding/CMYK/LOGO_BSAM_CMYK_symbol/06_greyscale/TAR23-028_BSAM_LOGO_Siglas_CMYK_Escala de grises.png:
--------------------------------------------------------------------------------
1 | version https://git-lfs.github.com/spec/v1
2 | oid sha256:2dc20ece23dcaaa286dc7d00af87e8538cbac10c7778c344bd9a6da117077359
3 | size 308958
4 |
--------------------------------------------------------------------------------
/BSAM_branding/CMYK/LOGO_BSAM_CMYK_symbol/06_greyscale/TAR23-028_BSAM_LOGO_Siglas_CMYK_Escala-de-grises.jpg:
--------------------------------------------------------------------------------
1 | version https://git-lfs.github.com/spec/v1
2 | oid sha256:9fe3ad54a9c5f8db0bab24b52417b66dd49861dd1de4595154c746ebd3bcbf97
3 | size 123473
4 |
--------------------------------------------------------------------------------
/BSAM_branding/README.md:
--------------------------------------------------------------------------------
1 | # BSAM Graphic Identity
2 |
3 | The following is the graphic identity of BSAM. Starting from the origin of the Bluetooth icon, we researched how the initials would be for BSAM. We interpreted and modified the letters so that they are more readable than in Nordic alphabets.
4 |
5 |
6 |
7 | Inside the folder, you can find:
8 |
9 | RGB LOGO (Full and only initials).
10 | CMYK LOGO (Full and only initials). In versions:
11 | Positive
12 | Negative
13 | On dark background
14 | On light background
15 | On image
16 | On corporate green
17 | Greyscale In formats:
18 | EDITABLE (Illustrator)
19 | PDF
20 | JPEG
21 | PNG
22 |
--------------------------------------------------------------------------------
/BSAM_branding/RGB/LOGO_BSAM_RGB_full/01_Positive_Negative/01_Positive/TAR23-028_BSAM_LOGO_RGB_Positivo.ai:
--------------------------------------------------------------------------------
1 | version https://git-lfs.github.com/spec/v1
2 | oid sha256:d93257cfc9165984710ff392b862adeeef6fbaba64e49ba04d6b6a019f972716
3 | size 222348
4 |
--------------------------------------------------------------------------------
/BSAM_branding/RGB/LOGO_BSAM_RGB_full/01_Positive_Negative/01_Positive/TAR23-028_BSAM_LOGO_RGB_Positivo.jpg:
--------------------------------------------------------------------------------
1 | version https://git-lfs.github.com/spec/v1
2 | oid sha256:624402c6e76e4a38b41c098e8a43d08a91d81c1e38625cfd3489719d15ee3f60
3 | size 177431
4 |
--------------------------------------------------------------------------------
/BSAM_branding/RGB/LOGO_BSAM_RGB_full/01_Positive_Negative/01_Positive/TAR23-028_BSAM_LOGO_RGB_Positivo.pdf:
--------------------------------------------------------------------------------
1 | version https://git-lfs.github.com/spec/v1
2 | oid sha256:73f12f7d6f0769314c29780d90e3bb20be0f56c698e5c0f2b1fb2d0c68b33139
3 | size 216246
4 |
--------------------------------------------------------------------------------
/BSAM_branding/RGB/LOGO_BSAM_RGB_full/01_Positive_Negative/01_Positive/TAR23-028_BSAM_LOGO_RGB_Positivo.png:
--------------------------------------------------------------------------------
1 | version https://git-lfs.github.com/spec/v1
2 | oid sha256:ba61ae0d76f7f93eea22e6c416815d65e103bd959e328a68cd031c9ca607d640
3 | size 373369
4 |
--------------------------------------------------------------------------------
/BSAM_branding/RGB/LOGO_BSAM_RGB_full/01_Positive_Negative/02_Negative/TAR23-028_BSAM_LOGO_RGB_Negativo.ai:
--------------------------------------------------------------------------------
1 | version https://git-lfs.github.com/spec/v1
2 | oid sha256:4560b31aee65bc8542643779bfb6b872973a75f2c8f474fa49b0de6ce2baa52f
3 | size 206934
4 |
--------------------------------------------------------------------------------
/BSAM_branding/RGB/LOGO_BSAM_RGB_full/01_Positive_Negative/02_Negative/TAR23-028_BSAM_LOGO_RGB_Negativo.jpg:
--------------------------------------------------------------------------------
1 | version https://git-lfs.github.com/spec/v1
2 | oid sha256:1cc24fb2f872578bd5ebeecc7bc46a1bf894c282ac8060bef59eba52ff59f6b3
3 | size 177473
4 |
--------------------------------------------------------------------------------
/BSAM_branding/RGB/LOGO_BSAM_RGB_full/01_Positive_Negative/02_Negative/TAR23-028_BSAM_LOGO_RGB_Negativo.pdf:
--------------------------------------------------------------------------------
1 | version https://git-lfs.github.com/spec/v1
2 | oid sha256:c147b75180e836a11dfbaeea996d9e29853a95887de08ec0b0cb613814f2bfec
3 | size 200889
4 |
--------------------------------------------------------------------------------
/BSAM_branding/RGB/LOGO_BSAM_RGB_full/01_Positive_Negative/02_Negative/TAR23-028_BSAM_LOGO_RGB_Negativo.png:
--------------------------------------------------------------------------------
1 | version https://git-lfs.github.com/spec/v1
2 | oid sha256:b60f6c7f216bccad6860e30ed88283bc97bd194adeb68074ea57637e47427700
3 | size 348790
4 |
--------------------------------------------------------------------------------
/BSAM_branding/RGB/LOGO_BSAM_RGB_full/02_on_light_background/TAR23-028_BSAM_LOGO_RGB_Fondo claro.ai:
--------------------------------------------------------------------------------
1 | version https://git-lfs.github.com/spec/v1
2 | oid sha256:2e02b8d5ff80fd970a264c6479fa17a3d56ed825bf94cf46f168f048e347184e
3 | size 226034
4 |
--------------------------------------------------------------------------------
/BSAM_branding/RGB/LOGO_BSAM_RGB_full/02_on_light_background/TAR23-028_BSAM_LOGO_RGB_Fondo claro.jpg:
--------------------------------------------------------------------------------
1 | version https://git-lfs.github.com/spec/v1
2 | oid sha256:92846f44c4c7bd9e70bbbdc1b4e8a1ad22e07a1632ce5120648173ca06d7c29b
3 | size 309837
4 |
--------------------------------------------------------------------------------
/BSAM_branding/RGB/LOGO_BSAM_RGB_full/02_on_light_background/TAR23-028_BSAM_LOGO_RGB_Fondo claro.pdf:
--------------------------------------------------------------------------------
1 | version https://git-lfs.github.com/spec/v1
2 | oid sha256:a539bf72e8b302703c29ede319e2382f88d593e94782d3c7d777e30274402e84
3 | size 220373
4 |
--------------------------------------------------------------------------------
/BSAM_branding/RGB/LOGO_BSAM_RGB_full/02_on_light_background/TAR23-028_BSAM_LOGO_RGB_Fondo claro.png:
--------------------------------------------------------------------------------
1 | version https://git-lfs.github.com/spec/v1
2 | oid sha256:b84b9579596f6fda53b19a33b232a8a4e029757a4d7b014332717bb5821da952
3 | size 382571
4 |
--------------------------------------------------------------------------------
/BSAM_branding/RGB/LOGO_BSAM_RGB_full/03_on_dark_background/TAR23-028_BSAM_LOGO_RGB_Fondo oscuro.ai:
--------------------------------------------------------------------------------
1 | version https://git-lfs.github.com/spec/v1
2 | oid sha256:49bafce54af83cd8d0640609fb497efd481c29432cb26bb9f69294d8a41c9436
3 | size 209130
4 |
--------------------------------------------------------------------------------
/BSAM_branding/RGB/LOGO_BSAM_RGB_full/03_on_dark_background/TAR23-028_BSAM_LOGO_RGB_Fondo oscuro.jpg:
--------------------------------------------------------------------------------
1 | version https://git-lfs.github.com/spec/v1
2 | oid sha256:c53602012e5e2a1b1966803382e400daa357c43dcc25839d81544199e498fefd
3 | size 308833
4 |
--------------------------------------------------------------------------------
/BSAM_branding/RGB/LOGO_BSAM_RGB_full/03_on_dark_background/TAR23-028_BSAM_LOGO_RGB_Fondo oscuro.pdf:
--------------------------------------------------------------------------------
1 | version https://git-lfs.github.com/spec/v1
2 | oid sha256:fc1dd97ccd3b5281a7621e6e57d482d9b92a88103bddf656266c0f36e912ae86
3 | size 203029
4 |
--------------------------------------------------------------------------------
/BSAM_branding/RGB/LOGO_BSAM_RGB_full/03_on_dark_background/TAR23-028_BSAM_LOGO_RGB_Fondo oscuro.png:
--------------------------------------------------------------------------------
1 | version https://git-lfs.github.com/spec/v1
2 | oid sha256:a33a85d8bdab74b221e40f3aa308a56ca9bb6a2d409b33a2bf09b467e38869b8
3 | size 352812
4 |
--------------------------------------------------------------------------------
/BSAM_branding/RGB/LOGO_BSAM_RGB_full/04_on_image/TAR23-028_BSAM_LOGO_RGB_Sobre imagen.ai:
--------------------------------------------------------------------------------
1 | version https://git-lfs.github.com/spec/v1
2 | oid sha256:49bafce54af83cd8d0640609fb497efd481c29432cb26bb9f69294d8a41c9436
3 | size 209130
4 |
--------------------------------------------------------------------------------
/BSAM_branding/RGB/LOGO_BSAM_RGB_full/04_on_image/TAR23-028_BSAM_LOGO_RGB_Sobre imagen.pdf:
--------------------------------------------------------------------------------
1 | version https://git-lfs.github.com/spec/v1
2 | oid sha256:fc1dd97ccd3b5281a7621e6e57d482d9b92a88103bddf656266c0f36e912ae86
3 | size 203029
4 |
--------------------------------------------------------------------------------
/BSAM_branding/RGB/LOGO_BSAM_RGB_full/04_on_image/TAR23-028_BSAM_LOGO_RGB_Sobre imagen.png:
--------------------------------------------------------------------------------
1 | version https://git-lfs.github.com/spec/v1
2 | oid sha256:a33a85d8bdab74b221e40f3aa308a56ca9bb6a2d409b33a2bf09b467e38869b8
3 | size 352812
4 |
--------------------------------------------------------------------------------
/BSAM_branding/RGB/LOGO_BSAM_RGB_full/05_on_corporate_green/TAR23-028_BSAM_LOGO_RGB_Sobre verde.ai:
--------------------------------------------------------------------------------
1 | version https://git-lfs.github.com/spec/v1
2 | oid sha256:183ca11d4012fa0108db2bbe0285a4e0b22fd67ad0b620513a5b3aef00ad1dab
3 | size 225997
4 |
--------------------------------------------------------------------------------
/BSAM_branding/RGB/LOGO_BSAM_RGB_full/05_on_corporate_green/TAR23-028_BSAM_LOGO_RGB_Sobre verde.jpg:
--------------------------------------------------------------------------------
1 | version https://git-lfs.github.com/spec/v1
2 | oid sha256:da0d671131075e769eceaa74e9ff997c064b6664966e5e4ba0f86b0f147b296d
3 | size 271153
4 |
--------------------------------------------------------------------------------
/BSAM_branding/RGB/LOGO_BSAM_RGB_full/05_on_corporate_green/TAR23-028_BSAM_LOGO_RGB_Sobre verde.pdf:
--------------------------------------------------------------------------------
1 | version https://git-lfs.github.com/spec/v1
2 | oid sha256:bcb70f011dae8e431d4766ccecb3d65d99bc3aad5a14ee52efe3ddc12dad60c3
3 | size 220784
4 |
--------------------------------------------------------------------------------
/BSAM_branding/RGB/LOGO_BSAM_RGB_full/05_on_corporate_green/TAR23-028_BSAM_LOGO_RGB_Sobre verde.png:
--------------------------------------------------------------------------------
1 | version https://git-lfs.github.com/spec/v1
2 | oid sha256:01604fbfc9ee134bab98eb66e674f7105ccbc3d5a54dc2c41445c21b20ea7256
3 | size 380837
4 |
--------------------------------------------------------------------------------
/BSAM_branding/RGB/LOGO_BSAM_RGB_full/06_greyscale/TAR23-028_BSAM_LOGO_RGB_Escala de grises.ai:
--------------------------------------------------------------------------------
1 | version https://git-lfs.github.com/spec/v1
2 | oid sha256:78ab71c953ed732e53881e56ee6dcbc4044288abfe0a2ae217ea01317ef8eabd
3 | size 222976
4 |
--------------------------------------------------------------------------------
/BSAM_branding/RGB/LOGO_BSAM_RGB_full/06_greyscale/TAR23-028_BSAM_LOGO_RGB_Escala de grises.jpg:
--------------------------------------------------------------------------------
1 | version https://git-lfs.github.com/spec/v1
2 | oid sha256:a492f58c22048c96e6ecf97ab356a951c1dc84ea511c37442efb5ac9875aa686
3 | size 177179
4 |
--------------------------------------------------------------------------------
/BSAM_branding/RGB/LOGO_BSAM_RGB_full/06_greyscale/TAR23-028_BSAM_LOGO_RGB_Escala de grises.pdf:
--------------------------------------------------------------------------------
1 | version https://git-lfs.github.com/spec/v1
2 | oid sha256:9ba63a6726897eb1220d4034df0331181cc7707e2027393460536f1c74b2042f
3 | size 217716
4 |
--------------------------------------------------------------------------------
/BSAM_branding/RGB/LOGO_BSAM_RGB_full/06_greyscale/TAR23-028_BSAM_LOGO_RGB_Escala de grises.png:
--------------------------------------------------------------------------------
1 | version https://git-lfs.github.com/spec/v1
2 | oid sha256:89bbb4b7462e4cea81278ff3de27b2b5dd4151e940c04282cc6bba6bf7343c02
3 | size 378210
4 |
--------------------------------------------------------------------------------
/BSAM_branding/RGB/LOGO_BSAM_RGB_symbol/01_Positive_Negative/01_Positivo/TAR23-028_BSAM_LOGO_SIGLAS_Positivo.ai:
--------------------------------------------------------------------------------
1 | version https://git-lfs.github.com/spec/v1
2 | oid sha256:ea5670c61987dd5e9ec37c5de7bf914fd760dad08594218a0cbadcc12f2c6409
3 | size 193369
4 |
--------------------------------------------------------------------------------
/BSAM_branding/RGB/LOGO_BSAM_RGB_symbol/01_Positive_Negative/01_Positivo/TAR23-028_BSAM_LOGO_SIGLAS_Positivo.jpg:
--------------------------------------------------------------------------------
1 | version https://git-lfs.github.com/spec/v1
2 | oid sha256:774a20cd152361ee92552ff9f5281231e832f56d399437cd06e78784884443af
3 | size 119758
4 |
--------------------------------------------------------------------------------
/BSAM_branding/RGB/LOGO_BSAM_RGB_symbol/01_Positive_Negative/01_Positivo/TAR23-028_BSAM_LOGO_SIGLAS_Positivo.pdf:
--------------------------------------------------------------------------------
1 | version https://git-lfs.github.com/spec/v1
2 | oid sha256:7bcd0c851f4ad5ea271dade12f6d6a9f2f6d26e8833a271a8bcc2414a87e68cc
3 | size 187292
4 |
--------------------------------------------------------------------------------
/BSAM_branding/RGB/LOGO_BSAM_RGB_symbol/01_Positive_Negative/01_Positivo/TAR23-028_BSAM_LOGO_SIGLAS_Positivo.png:
--------------------------------------------------------------------------------
1 | version https://git-lfs.github.com/spec/v1
2 | oid sha256:cc53f0cebff67a89058337d4bb012b1ec5672e388716ae5e355d5a438641160c
3 | size 302958
4 |
--------------------------------------------------------------------------------
/BSAM_branding/RGB/LOGO_BSAM_RGB_symbol/01_Positive_Negative/02_Negativo/TAR23-028_BSAM_LOGO_SIGLAS_Negativo.ai:
--------------------------------------------------------------------------------
1 | version https://git-lfs.github.com/spec/v1
2 | oid sha256:697f21669ffe1ca0b27b475b1604d1d02e8a8d6114366e7a88c9bf3db377b556
3 | size 181513
4 |
--------------------------------------------------------------------------------
/BSAM_branding/RGB/LOGO_BSAM_RGB_symbol/01_Positive_Negative/02_Negativo/TAR23-028_BSAM_LOGO_SIGLAS_Negativo.jpg:
--------------------------------------------------------------------------------
1 | version https://git-lfs.github.com/spec/v1
2 | oid sha256:d3b320cd04a0c2b4e1d3a44c72e4f16325376d44846e868377e60226279d2674
3 | size 119817
4 |
--------------------------------------------------------------------------------
/BSAM_branding/RGB/LOGO_BSAM_RGB_symbol/01_Positive_Negative/02_Negativo/TAR23-028_BSAM_LOGO_SIGLAS_Negativo.pdf:
--------------------------------------------------------------------------------
1 | version https://git-lfs.github.com/spec/v1
2 | oid sha256:62ac464d36a595267d1bcbe659381b56d36e8a3f5f6920660dc5aa26d2d7d8c3
3 | size 175438
4 |
--------------------------------------------------------------------------------
/BSAM_branding/RGB/LOGO_BSAM_RGB_symbol/01_Positive_Negative/02_Negativo/TAR23-028_BSAM_LOGO_SIGLAS_Negativo.png:
--------------------------------------------------------------------------------
1 | version https://git-lfs.github.com/spec/v1
2 | oid sha256:a83f8a6996cf298260a901ec19e02e00cccc13dd6eabbdc4a2bcd4d93a68d3dd
3 | size 283738
4 |
--------------------------------------------------------------------------------
/BSAM_branding/RGB/LOGO_BSAM_RGB_symbol/02_on_light_background/TAR23-028_BSAM_LOGO_SIGLAS_Fondo claro.ai:
--------------------------------------------------------------------------------
1 | version https://git-lfs.github.com/spec/v1
2 | oid sha256:38ffde68207c2dfbf38b16a96d294c6296fedb8ddc529ccd98f0c9a3fcf55630
3 | size 196936
4 |
--------------------------------------------------------------------------------
/BSAM_branding/RGB/LOGO_BSAM_RGB_symbol/02_on_light_background/TAR23-028_BSAM_LOGO_SIGLAS_Fondo claro.jpg:
--------------------------------------------------------------------------------
1 | version https://git-lfs.github.com/spec/v1
2 | oid sha256:0771e97489ab3039f83929752421c3bb29fb61e5546c595ac7cdba3d04c2edc9
3 | size 204391
4 |
--------------------------------------------------------------------------------
/BSAM_branding/RGB/LOGO_BSAM_RGB_symbol/02_on_light_background/TAR23-028_BSAM_LOGO_SIGLAS_Fondo claro.pdf:
--------------------------------------------------------------------------------
1 | version https://git-lfs.github.com/spec/v1
2 | oid sha256:0e76787230f9e6872d36cd13bf92b70062d6760ed5031fb1dfeeef19ffe0a9ae
3 | size 190862
4 |
--------------------------------------------------------------------------------
/BSAM_branding/RGB/LOGO_BSAM_RGB_symbol/02_on_light_background/TAR23-028_BSAM_LOGO_SIGLAS_Fondo claro.png:
--------------------------------------------------------------------------------
1 | version https://git-lfs.github.com/spec/v1
2 | oid sha256:043b9d2d34240a994ace267dd07d1bffc2e5a9cd67c955a106f413f170f6046c
3 | size 309709
4 |
--------------------------------------------------------------------------------
/BSAM_branding/RGB/LOGO_BSAM_RGB_symbol/03_on_dark_background/TAR23-028_BSAM_LOGO_SIGLAS_Fondo oscuro.ai:
--------------------------------------------------------------------------------
1 | version https://git-lfs.github.com/spec/v1
2 | oid sha256:a656da4d37e0a844ab66a762fe657f2a45bfea956a5d43ec57028fffb21c73fa
3 | size 183578
4 |
--------------------------------------------------------------------------------
/BSAM_branding/RGB/LOGO_BSAM_RGB_symbol/03_on_dark_background/TAR23-028_BSAM_LOGO_SIGLAS_Fondo oscuro.jpg:
--------------------------------------------------------------------------------
1 | version https://git-lfs.github.com/spec/v1
2 | oid sha256:12b06267738bd75e2493bb647754added13957e12691e3721abaf4ef5b925902
3 | size 202901
4 |
--------------------------------------------------------------------------------
/BSAM_branding/RGB/LOGO_BSAM_RGB_symbol/03_on_dark_background/TAR23-028_BSAM_LOGO_SIGLAS_Fondo oscuro.pdf:
--------------------------------------------------------------------------------
1 | version https://git-lfs.github.com/spec/v1
2 | oid sha256:49fa5a9d531d0fc7380f1fe67584e1f70bd8987cd432870728500798ca7f403a
3 | size 177518
4 |
--------------------------------------------------------------------------------
/BSAM_branding/RGB/LOGO_BSAM_RGB_symbol/03_on_dark_background/TAR23-028_BSAM_LOGO_SIGLAS_Fondo oscuro.png:
--------------------------------------------------------------------------------
1 | version https://git-lfs.github.com/spec/v1
2 | oid sha256:963b7c3c4e27ac05bb5038340e111b7374a6a7baf914efb2648865f30df66fe5
3 | size 286867
4 |
--------------------------------------------------------------------------------
/BSAM_branding/RGB/LOGO_BSAM_RGB_symbol/04_on_image/TAR23-028_BSAM_LOGO_SIGLAS_Sobre imagen.ai:
--------------------------------------------------------------------------------
1 | version https://git-lfs.github.com/spec/v1
2 | oid sha256:b394f8659cebb7452ab80b1abe2a7eadf7f040e0c91d068e7fba8b567dece11d
3 | size 183571
4 |
--------------------------------------------------------------------------------
/BSAM_branding/RGB/LOGO_BSAM_RGB_symbol/04_on_image/TAR23-028_BSAM_LOGO_SIGLAS_Sobre imagen.pdf:
--------------------------------------------------------------------------------
1 | version https://git-lfs.github.com/spec/v1
2 | oid sha256:15722d7cb2e2ec2b84664c51c5ca7b987e27357244540e5c497aabaa67f95e4f
3 | size 177499
4 |
--------------------------------------------------------------------------------
/BSAM_branding/RGB/LOGO_BSAM_RGB_symbol/04_on_image/TAR23-028_BSAM_LOGO_SIGLAS_Sobre imagen.png:
--------------------------------------------------------------------------------
1 | version https://git-lfs.github.com/spec/v1
2 | oid sha256:963b7c3c4e27ac05bb5038340e111b7374a6a7baf914efb2648865f30df66fe5
3 | size 286867
4 |
--------------------------------------------------------------------------------
/BSAM_branding/RGB/LOGO_BSAM_RGB_symbol/05_on_corporate_green/TAR23-028_BSAM_LOGO_SIGLAS_Sobre verde.ai:
--------------------------------------------------------------------------------
1 | version https://git-lfs.github.com/spec/v1
2 | oid sha256:3a27f00ebacb9e30d8e073b56d0678f6390edea4c48125b631228873ad06a25c
3 | size 196493
4 |
--------------------------------------------------------------------------------
/BSAM_branding/RGB/LOGO_BSAM_RGB_symbol/05_on_corporate_green/TAR23-028_BSAM_LOGO_SIGLAS_Sobre verde.jpg:
--------------------------------------------------------------------------------
1 | version https://git-lfs.github.com/spec/v1
2 | oid sha256:2e3212aa3fd65a5165a0fa37879da2c179fce72b5c6dc775639f551d5d85be89
3 | size 180537
4 |
--------------------------------------------------------------------------------
/BSAM_branding/RGB/LOGO_BSAM_RGB_symbol/05_on_corporate_green/TAR23-028_BSAM_LOGO_SIGLAS_Sobre verde.pdf:
--------------------------------------------------------------------------------
1 | version https://git-lfs.github.com/spec/v1
2 | oid sha256:df3da3b7352f2c4f54a6c5f5c3f6992fc2ba4d84b9f6fd7a33a6c3501f52f2ab
3 | size 190429
4 |
--------------------------------------------------------------------------------
/BSAM_branding/RGB/LOGO_BSAM_RGB_symbol/05_on_corporate_green/TAR23-028_BSAM_LOGO_SIGLAS_Sobre verde.png:
--------------------------------------------------------------------------------
1 | version https://git-lfs.github.com/spec/v1
2 | oid sha256:885394cfb5bb3e0ef61dca5d5c4872dc49a553d508067ea205973f9a01caef7c
3 | size 307901
4 |
--------------------------------------------------------------------------------
/BSAM_branding/RGB/LOGO_BSAM_RGB_symbol/06_greyscale/TAR23-028_BSAM_LOGO_SIGLAS_Escala de grises.ai:
--------------------------------------------------------------------------------
1 | version https://git-lfs.github.com/spec/v1
2 | oid sha256:78ab71c953ed732e53881e56ee6dcbc4044288abfe0a2ae217ea01317ef8eabd
3 | size 222976
4 |
--------------------------------------------------------------------------------
/BSAM_branding/RGB/LOGO_BSAM_RGB_symbol/06_greyscale/TAR23-028_BSAM_LOGO_SIGLAS_Escala de grises.jpg:
--------------------------------------------------------------------------------
1 | version https://git-lfs.github.com/spec/v1
2 | oid sha256:25e6b62512f81bd215ba2226a5fd4112ebae2866c791b6b511be08d4ef48db23
3 | size 119396
4 |
--------------------------------------------------------------------------------
/BSAM_branding/RGB/LOGO_BSAM_RGB_symbol/06_greyscale/TAR23-028_BSAM_LOGO_SIGLAS_Escala de grises.pdf:
--------------------------------------------------------------------------------
1 | version https://git-lfs.github.com/spec/v1
2 | oid sha256:8f1b85faa577943fb9397cf3e7a721e4ed824ca16c3756a815fa805630cb52d9
3 | size 188661
4 |
--------------------------------------------------------------------------------
/BSAM_branding/RGB/LOGO_BSAM_RGB_symbol/06_greyscale/TAR23-028_BSAM_LOGO_SIGLAS_Escala de grises.png:
--------------------------------------------------------------------------------
1 | version https://git-lfs.github.com/spec/v1
2 | oid sha256:402f1f3cfc87d13b87fbc5ed166ecd9579d32624f332d3a563d67cce566aa1ff
3 | size 305642
4 |
--------------------------------------------------------------------------------
/Gemfile:
--------------------------------------------------------------------------------
1 | source 'https://rubygems.org'
2 |
3 | gem 'jekyll'
4 | gem 'jekyll-polyglot', '>= 1.8.0'
5 | gem 'just-the-docs'
6 | gem 'wdm', '>= 0.1.0' if Gem.win_platform?
7 |
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # BSAM - Bluetooth Security Assessment Methodology
2 |
3 | [](https://creativecommons.org/licenses/by/4.0/)
4 | [](https://www.tarlogic.com/bsam/)
5 |
6 | 
7 |
8 | Welcome to BSAM. BSAM is a **Bluetooth security** methodology that is open and collaborative, and it was developed by [Tarlogic](https://www.tarlogic.com/). It helps to standardize the security assessment of devices that use Bluetooth and Bluetooth LE technology through 36 security controls.
9 |
10 | The BSAM methodology complements the security controls with documentation and resources that provide techniques to help assess the security of the controls. Feel free to propose improvements to the methodology.
11 |
12 | Periodical jekyll builds are generated at [BSAM website](https://www.tarlogic.com/bsam/).
13 |
14 |
