You know that "friend" that just won't stop talking!? That's true for a lot of our devices as well. This repo provides a PoC python tool in response to the 2023 DEFCON "Setup this TV" madness.
UPDATE: We are no longer developing additional features for Blabber. After our initial PoCs, we found that the AppleJuice project was diving deep into this so we decided to shift our focus! We highly recommend you checking out their project for Bluetooth Continuity spoofing if you have not done so already.
@ DEFCON 2023, event goers were intrigued by the constant request being broadcasted to setup a nearby AppleTV. We were no exception to this and knew we had to figure out how it was being accomplished ASAP. After much research, we found a few PoCs that were similar in nature, but none actually displayed the AppleTV setup functionality displayed at DEFCON. We wanted to fix that and we did! We plan to create other tools surrounding wireless sniffing, impersonation, and tracking.
Here for the AppleTV Setup PoC? Head over to the "impersonate" folder to get started!
https://www.youtube.com/@marketstreetcyber
Jae Bochs "It was me" tweet - DEFCON 2023 AppleTV Advertisement
https://infosec.exchange/@jb0x168/110879394826675242
Article Discussing the DEFCON 2023 AppleTV Advertisement
Discontinued Privacy: Personal Data Leaks in Apple Bluetooth-Low-Energy Continuity Protocols
https://inria.hal.science/hal-02394619/
Handoff All Your Privacy: A Review of Apple's Bluetooth Low Energy Continuity Protocol
https://arxiv.org/abs/1904.10600
Measuring Distance of Bluetooth Devices
https://www.bleuio.com/blog/measuring-distance-with-bluetooth-in-indoor-environment-using-python/
Original repo of many bluetooth advertisement impersonations and other scripts
https://github.com/hexway/apple_bleee
Wireshark Dissectors for Apple Continuity Protocol
https://github.com/netspooky/dissectors/blob/main/bgblink.lua
Apple Continuity Protocol Research
https://github.com/furiousMAC/continuity
Don't be a bad guy. Use this tool responsibly and for educational purposes only. We are not liable for any harm caused by the use of these tools.