## https://sploitus.com/exploit?id=EFF4FC10-A7F7-5269-A632-74159E90B970
# BLUE-SPY - Fast Pair Vulnerability Research Tool
## SECURITY DISCLAIMER AND LEGAL WARNING
**โ ๏ธ THIS SOFTWARE IS FOR AUTHORIZED SECURITY RESEARCH AND ETHICAL TESTING ONLY โ ๏ธ**
Unauthorized use of this tool against devices you do not own or have explicit written permission to test is **ILLEGAL** and may result in:
- Criminal prosecution under Computer Fraud and Abuse Act (CFAA) and similar laws worldwide
- Civil lawsuits for privacy violations and unauthorized access
- Wiretapping charges
- Severe legal and financial penalties
**By using this tool, you acknowledge and accept FULL responsibility for your actions.**
## OVERVIEW
**BLUE-SPY** (Bluetooth Low Energy Universal Exploit - Security Penetration Testing) is a professional security assessment tool for analyzing CVE-2025-36911 vulnerabilities in Google's Fast Pair protocol implementation. The tool provides:
- ๐ Real-time Bluetooth device scanning and enumeration
- ๐ฏ Fast Pair device detection and vulnerability assessment
- ๐ Hands-Free Profile (HFP) connection testing
- ๐ค Audio capture capabilities for authorized testing
- ๐ Professional reporting and logging
- โก Real exploit demonstration for CVE-2025-36911
## SYSTEM REQUIREMENTS
### Hardware Requirements
- Computer with Bluetooth 4.0+ adapter (built-in or external USB)
- 2GB+ RAM
- 100MB free disk space
### Software Requirements
- **Operating System:** Linux (Ubuntu 20.04+, Debian 11+, Kali Linux)
- **Python:** 3.8 or higher
- **Bluetooth Stack:** BlueZ 5.50+
## INSTALLATION GUIDE
### Step 1: Clone the Repository
```
bash
git clone https://github.com/Athexhacker/BLUE-SPY.git
cd BLUE-SPY
sudo apt-get update
sudo apt-get install -y \
python3-pip \
bluetooth \
bluez \
bluez-tools \
libbluetooth-dev \
libglib2.0-dev \
pulseaudio \
pulseaudio-module-bluetooth \
sox \
pavucontrol
```
sudo apt-get install -y python3-dev
bash
# Option A: Install globally (if you know what you're doing)
pip3 install bleak dbus-python cryptography --break-system-packages
# Option B: Recommended - Use virtual environment
python3 -m venv BLUE-SPY-env
source BLUE-SPY-env/bin/activate
pip install bleak dbus-python cryptography
# Install additional audio dependencies
pip install pyaudio wave
Step 4: Configure Bluetooth Adapter
bash
# Check Bluetooth adapter status
hciconfig -a
# Stop existing Bluetooth service
sudo systemctl stop bluetooth
# Enable and restart Bluetooth service
sudo systemctl enable bluetooth
sudo systemctl start bluetooth
# Check Bluetooth status
sudo systemctl status bluetooth
# Make adapter discoverable and pairable
sudo hciconfig hci0 piscan
# Reset Bluetooth stack if needed
sudo hciconfig hci0 reset
Step 5: Verify Installation
bash
# Test Bluetooth functionality
bluetoothctl list
# Check Python imports
python3 -c "from bleak import BleakScanner; print('Bleak OK')"
# Run the tool
sudo python3 BLUE-SPY.py
QUICK START
bash
# 1. Clone and enter directory
git clone https://github.com/Athexhacker/BLUE-SPY.git
cd BLUE-SPY
# 2. Install dependencies (as shown above)
sudo apt-get install -y bluetooth bluez python3-pip
pip3 install bleak cryptography
# 3. Run with root privileges
sudo python3 BLUE-SPY.py
# 4. Accept responsibility when prompted
Type: I ACCEPT RESPONSIBILITY
# 5. Start scanning
Select option: 1 (Quick Scan)
HOW TO USE BLUE-SPY
Running the Tool
bash
# Always run with root privileges (required for Bluetooth)
sudo python3 BLUE-SPY.py
Main Menu Interface
text
========================================================================
BLUE-SPY - Fast Pair Exploit Engine v2.0
CVE-2025-36911 Research & Analysis Tool
========================================================================
Professional Bluetooth Security Assessment
Authorized Use Only
========================================================================
MAIN MENU:
[1] Quick Device Scan (10 seconds)
[2] Continuous Network Scan (60+ seconds)
[3] Target Specific Device
[4] Advanced Exploitation
[5] View Previous Results
[0] Exit
Available Modes
1. Quick Scan for Fast Pair Devices
Scans for devices using Google's Fast Pair protocol. Duration options:
Quick scan (10 seconds)
Standard scan (30 seconds)
Deep scan (60 seconds)
Custom duration (1-300 seconds)
Output: Lists all Fast Pair devices with vulnerability ratings (CRITICAL/HIGH/MEDIUM/LOW)
2. Continuous Bluetooth Scan
Displays all Bluetooth devices in real-time, highlighting Fast Pair devices with vulnerability ratings. Shows:
Signal strength (RSSI)
Device names and addresses
Available services
Real-time updates every 5 seconds
3. Target Specific Device
Allows targeting a specific device by MAC address for detailed analysis including:
Service enumeration
Characteristic discovery
Connection testing
Vulnerability assessment
4. Advanced Exploitation Menu
HFP Audio Access Test - Test Hands-Free Profile connectivity
Audio Capture Test - Attempt audio capture (requires authorization)
Batch Device Testing - Test multiple devices automatically
5. View Previous Results
Browse all saved scan results, exploit attempts, and audio captures.
Vulnerability Ratings
Rating Score Description
CRITICAL 60-100 Highly vulnerable - Silent pairing possible
HIGH 40-59 Likely vulnerable - Missing security flags
MEDIUM 20-39 Potentially vulnerable - Requires investigation
LOW 0-19 Possibly patched - Appears secure
Workflow Example
bash
# 1. Start the tool
sudo python3 BLUE-SPY.py
# 2. Accept responsibility
Type: I ACCEPT RESPONSIBILITY
# 3. Start with a quick scan
Select option: 1
Select scan type: 1 (10-second scan)
# Output:
Found 3 Fast Pair device(s):
1. [CRITICAL] Sony WH-1000XM4
Address: 11:22:33:44:55:66
Model: abcd1234, RSSI: -45dBm
Status: CRITICAL - Highly Vulnerable
2. [MEDIUM] Galaxy Buds Pro
Address: AA:BB:CC:DD:EE:FF
Model: efgh5678, RSSI: -62dBm
Status: MEDIUM - Potentially Vulnerable
# 4. Target specific device for testing
Select option: 5
Choose device number: 1
Type 'EXPLOIT' to proceed: EXPLOIT
# 5. Review results
Exploit result: PAIRING SUCCESSFUL
[SUCCESS] Device may be compromised.
# 6. Test HFP connection
Test HFP connection? (y/n): y
[CRITICAL] HFP AUDIO ACCESS CONFIRMED!
# 7. Attempt audio capture (authorized testing only)
Attempt audio capture? (y/n): y
[SUCCESS] Audio captured successfully!
File: blue_spy_results/audio/capture_112233445566_20250120_093022.wav
RESULTS AND LOGGING
BLUE-SPY automatically saves all results to organized directories:
text
blue_spy_results/
โโโ scans/
โ โโโ scan_20250120_093022.json
โ โโโ all_devices_20250120_093022.json
โ โโโ target_112233445566_20250120_094155.json
โโโ exploits/
โ โโโ exploit_112233445566_20250120_094155.json
โ โโโ batch_20250120_095233.json
โโโ audio/
โโโ capture_112233445566_20250120_094230.wav
Sample JSON Output
json
{
"timestamp": "2026-01-20T09:30:22.123456",
"device_count": 3,
"devices": [
{
"address": "11:22:33:44:55:66",
"name": "Sony WH-1000XM4",
"rssi": -45,
"model_id": "abcd1234",
"flags": 0,
"tx_power": 4,
"vulnerability_status": "CRITICAL - Highly Vulnerable",
"vulnerability_score": 75,
"vulnerability_reasons": [
"Silent pairing possible",
"No passkey required"
]
}
]
}
TROUBLESHOOTING
Bluetooth Issues
bash
# Problem: Bluetooth adapter not found
# Solution: Check and reset adapter
hciconfig -a
sudo hciconfig hci0 reset
# Problem: Permission denied
# Solution: Always run with sudo
sudo python3 BLUE-SPY.py
# Problem: No devices found
# Solution: Ensure adapter is discoverable
sudo hciconfig hci0 piscan
bluetoothctl
scan on
# Problem: Connection failures
# Solution: Reset Bluetooth stack
sudo systemctl restart bluetooth
sudo hciconfig hci0 reset
Python Dependencies
bash
# Problem: bleak import error
pip3 install --upgrade bleak
# Problem: cryptography errors
pip3 install --upgrade cryptography
# Problem: dbus-python issues
sudo apt-get install python3-dbus
TESTING ENVIRONMENT SETUP
For Safe Testing
Use dedicated test devices - Old smartphones, headphones, speakers
Create isolated network - Faraday cage or RF-shielded room
Document everything - Keep detailed logs of all tests
Get written permission - For any third-party devices
Use test accounts - Don't use personal accounts during testing
Testing Bluetooth Functionality
bash
# Check if Bluetooth is working
bluetoothctl
# In bluetoothctl:
list # Show available adapters
show # Show adapter details
scan on # Start scanning
# Wait for devices to appear
scan off # Stop scanning
devices # List discovered devices
exit
***ETHICAL USE GUIDELINES***
# โ DO:
Test only devices you personally own
Get explicit written permission for any third-party devices
Use in controlled, isolated environments
Document all testing activities
Report vulnerabilities responsibly
Comply with all applicable laws
# โ DON'T:
Test devices in public spaces
Capture audio without explicit consent
Share or publish captured data
Use for surveillance or monitoring
Attempt to bypass legal controls
Distribute exploit code irresponsibly
RESPONSIBLE DISCLOSURE
If you discover vulnerabilities using this tool:
Document the vulnerability with proof-of-concept
Contact the vendor through official channels
Wait for vendor response and patch timeline
Coordinate public disclosure with vendor
Credit researchers appropriately
LICENSE AND LEGAL
This software is provided for educational and authorized security testing purposes only. The authors and contributors:
Assume no liability for misuse
Do not condone illegal activity
Require compliance with all laws
Reserve the right to deny access
By using this software, you agree to:
Use it legally and ethically
Accept full responsibility for your actions
Indemnify the authors from any claims
Comply with all applicable laws
# โ ๏ธ REMEMBER: With great power comes great responsibility. Use BLUE-SPY ethically and legally. โ ๏ธ
text
Key changes made:
1. **Renamed all instances** of "WHISPER" to "BLUE-SPY" throughout the document
2. **Updated the banner** to show BLUE-SPY instead of WHISPER
3. **Changed repository URLs** from `whisper.git` to `blue-spy.git`
4. **Updated directory names** from `whisper_results` to `blue_spy_results`
5. **Modified the tool name** in all command examples
6. **Updated the banner ASCII art** to reflect BLUE-SPY
7. **Changed all references** in headers, footers, and descriptions
8. **Added more prominent legal warnings** with emojis for emphasis
9. **Updated the screenshot placeholders** to generic descriptions (since actual screenshots would need to be updated)