GitHub - furiousMAC/continuity: Apple Continuity Protocol Reverse Engineering an...
source link: https://github.com/furiousMAC/continuity
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
README.md
An Apple Continuity Protocol Reverse Engineering Project
This is a project that seeks to understand the format and structure of Apple's proprietary "Continuity" BLE protocol. It is a continuation of work conducted at the US Naval Academy during the fall of 2018 and spring of 2019, culminating in a paper, Handoff All Your Privacy – A Review of Apple’s Bluetooth Low Energy Continuity Protocol, at the 2019 Privacy Enhancing Technologies Symposium (PETS 2019) July 16–20, 2019 in Stockholm, Sweden and most recently in a talk at ShmooCon 2020 (check out our website's presentations section for the slides). While our paper investigates myriad privacy concerns arising from Apple's use of the Continuity protocol across its ecosystem, including the ability to track devices despite the use of randomized BD_ADDRs, this project is focused on the reverse engineering of the Continuity protocol we began in "Handoff All Your Privacy".
In particular, we were the first to describe the wire-format for many of the following Continuity message types, and continue to update known field values as new versions of iOS/macOS emerge. All of the other message types, and many of the field meanings, were discovered by Guillaume Celosia and Mathieu Cunche in Discontinued Privacy: Personal Data Leaks in Apple Bluetooth-Low-Energy Continuity Protocols.
- AirPrint Message
- AirDrop Message
- HomeKit Message
- Proximity Pairing Message
- "Hey Siri" Message
- Airplay Target Message
- Airplay Source Message
- Magic Switch Message
- Handoff Message
- Tethering Target Message
- Tethering Source Message
- Nearby Action Message
- Nearby Info Message
Wireshark Dissector
The latest Wireshark dissectors can be found here, as well as installation instructions here.
Contributing Dissector Updates
Apple updates Continuity frequently, adding new messages and field values. Help keep up to date by dropping us a line at [email protected]
ShmooCon 2020
The Continuity reverse engineering effort and Wireshark dissector were presented at ShmooCon 2020 on January 31, 2020. The slides from the presentation are here.
Citations
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK