BlueTooth Filter driver.........

OSR_Community_User · July 31, 2009, 5:44am

Hi All,

I am new in developing device drivers…but i have experience
in working with file system mini filters …

I have to track and block the files that are sent to a
bluetooth device which is attached to a computer system…

I guess this is possible by developing a device filter driver
…

can anyone …help me in this … providing some ideas…

–

With Love
Lin N

Maxim_S_Shatskih · July 31, 2009, 8:24am

> I have to track and block the files that are sent to a bluetooth device which is attached to a

computer system…

Impossible.

The BT stack is not connected to the FSD stack at all, so, the BT stack just does not know from where its data originated - from the FSD or generated by some app or such.

The best you can do:

block some popular BT-enabled apps. The adversary will trivially bypass it by using some other BT enabled app.
monitor the data sent to BT to scan it for some patterns, and reject the transfer if such patterns are observed (like the firewalls do). The adversary will ZIP the data with the password and bypass this.

–
Maxim S. Shatskih
Windows DDK MVP
xxxxx@storagecraft.com
http://www.storagecraft.com

Ilya_Faenson · July 31, 2009, 8:40am

The mainstream approach of managing [dis]allowed Windows Bluetooth functionality is the USB filter driver.

Regards,

Ilya Faenson
Rockville MD USA

OSR_Community_User · July 31, 2009, 11:33am

Thank you so much Shatskih and Faenson…

Faenson can you direct me with some examples…

is there any examples for developing USB filter driver in WDDK

i have the latest version 7 .

If not could you just guide me with some links…

Ilya_Faenson · August 1, 2009, 12:08pm

Lin N.,

Generic KMDF filter sample is in the \src\kmdf\toaster\filter folder. One the USB functional driver samples is in the src\kmdf\osrusbfx2 folder. You would have to merge the two intelligently. You would also need to understand BT HCI command/event, ACL/L2CAP data formats & logic.

Good luck,

Ilya Faenson
Rockville, MD USA

Doron_Holan · August 1, 2009, 2:08pm

And not only l2cap but also sdp (for the rfcomm channel number) as well as rfcomm as well as obex. You should seriously reconsider the requirement here. How about just disabling the bth radio?

d

Sent from my phone with no t9, all spilling mistakes are not intentional.

-----Original Message-----
From: xxxxx@hotmail.com
Sent: Saturday, August 01, 2009 9:19 AM
To: Windows System Software Devs Interest List
Subject: RE:[ntdev] BlueTooth Filter driver…

Lin N.,

Generic KMDF filter sample is in the \src\kmdf\toaster\filter folder. One the USB functional driver samples is in the src\kmdf\osrusbfx2 folder. You would have to merge the two intelligently. You would also need to understand BT HCI command/event, ACL/L2CAP data formats & logic.

Good luck,

Ilya Faenson
Rockville, MD USA

—
NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer

OSR_Community_User · August 2, 2009, 11:18pm

Just disabling any bluetooth device attached to a system is fine…

Any idea how to disable only blueetooth device that’s attached during the run time… or system bootup…

Will if have any consequences over the other system devices…