During a red-team assessment you passively capture Bluetooth Low Energy (BLE) traffic with an Ubertooth One while a wireless keyboard pairs with its USB dongle. Packet analysis shows that the devices used Legacy "Just Works" pairing with no passkey or OOB data. What is the most effective next step to recover the encryption material so you can decrypt the keystrokes contained in the capture?
Run sdptool browse against the keyboard to list its Service Discovery Protocol records and locate a PIN code
Perform a BlueBugging attack with bluebugger to request the device's link key over an RFCOMM channel
Use hciconfig hci0 inq to force a new pairing and capture a numeric-comparison code on the screen
Process the packet capture with crackle to compute the STK and extract the Long-Term Key used by the keyboard
In Legacy "Just Works" pairing the Temporary Key (TK) is a 128-bit value that is hard-coded to all zeros, giving it no entropy. Because the TK is already known, an attacker who passively records the pairing exchange can compute the Short-Term Key (STK), decrypt the link-key distribution, and obtain the Long-Term Key (LTK). The open-source utility crackle automates this entire process: point it at the captured pcap, and it derives the STK and LTK, enabling decryption of all subsequent encrypted BLE packets such as keyboard reports. The other options either enumerate services (sdptool), target Bluetooth Classic (BlueBugging), or require an active re-pairing attack (hciconfig), none of which yields the existing LTK from the passive capture.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Can you explain what Legacy 'Just Works' pairing is?
Open an interactive chat with Bash
What is crackle, and how does it help in decrypting BLE traffic?
Open an interactive chat with Bash
What is the difference between the Short-Term Key (STK) and the Long-Term Key (LTK)?
Open an interactive chat with Bash
Certified Ethical Hacker (CEH)
Wireless Network Hacking
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .