Dentist
An open source kernel extension providing user level access to IOBluetoothFamily functions.
It's called Dentist, because it pokes around in Bluetooth, just like a dentist does.
Features
-
Planned to attach to Frankenstein for Bluetooth firmware fuzzing.
-
It is also possible to fuzz IOBluetoothFamily drivers of course.
-
Use
example_clientscript to see how to transmit data from userspace toDentist. -
Use
loggerscript to save data sent between chip and driver to a file or output it like hexdumps. -
Use this command to see debug output from
Dentist:log stream --info --debug --predicate 'senderImagePath contains "Dentist"'
Boot-args
-dentistoffdisables kext loading-dentistdbgturns on debugging output-dentistbetaenables loading on unsupported osx