This is a project that seeks to understand the format and structure of Apple's proprietary "Continuity" BLE protocol. It is a continuation of work conducted at the US Naval Academy during the fall of 2018 and spring of 2019, culminating in a paper, Handoff All Your Privacy – A Review of Apple’s Bluetooth Low Energy Continuity Protocol, at the 2019 Privacy Enhancing Technologies Symposium (PETS 2019) July 16–20, 2019 in Stockholm, Sweden and most recently in a talk at ShmooCon 2020 (check out our website's presentations section for the slides). While our paper investigates myriad privacy concerns arising from Apple's use of the Continuity protocol across its ecosystem, including the ability to track devices despite the use of randomized BD_ADDRs, this project is focused on the reverse engineering of the Continuity protocol we began in "Handoff All Your Privacy".
In particular, we were the first to describe the wire-format for many of the following Continuity message types, and continue to update known field values as new versions of iOS/macOS emerge. All of the other message types, and many of the field meanings, were discovered by Guillaume Celosia and Mathieu Cunche in Discontinued Privacy: Personal Data Leaks in Apple Bluetooth-Low-Energy Continuity Protocols.
Apple updates Continuity frequently, adding new messages and field values. Help keep up to date by dropping us a line via our protonmail.com email address, mailbox FuriousMAC.
The Continuity reverse engineering effort and Wireshark dissector were presented at ShmooCon 2020 on January 31, 2020. The slides from the presentation are here. The full talk is also posted on YouTube.