Skip to content
Apple Continuity Protocol Reverse Engineering and Dissector
Branch: master
Clone or download

Latest commit

Fetching latest commit…
Cannot retrieve the latest commit at this time.


Type Name Latest commit message Commit time
Failed to load latest commit information.
dissector fix install instructions Feb 1, 2020
figs initial commit Jan 30, 2020
messages fixed airdrop bit description Feb 3, 2020
shmoocon2020 added windows installer, preso Feb 1, 2020 Create Jan 31, 2020 Update Jan 31, 2020 Rename LICENSE to Jan 31, 2020 added hardware info and ubertooth scirpt Jan 31, 2020

An Apple Continuity Protocol Reverse Engineering Project

A dolphin shooting WiFi from an Uzi

This is a project that seeks to understand the format and structure of Apple's proprietary "Continuity" BLE protocol. It is a continuation of work conducted at the US Naval Academy during the fall of 2018 and spring of 2019, culminating in a paper, Handoff All Your Privacy – A Review of Apple’s Bluetooth Low Energy Continuity Protocol, at the 2019 Privacy Enhancing Technologies Symposium (PETS 2019) July 16–20, 2019 in Stockholm, Sweden and most recently in a talk at ShmooCon 2020 (check out our website's presentations section for the slides). While our paper investigates myriad privacy concerns arising from Apple's use of the Continuity protocol across its ecosystem, including the ability to track devices despite the use of randomized BD_ADDRs, this project is focused on the reverse engineering of the Continuity protocol we began in "Handoff All Your Privacy".

In particular, we were the first to describe the wire-format for many of the following Continuity message types, and continue to update known field values as new versions of iOS/macOS emerge. All of the other message types, and many of the field meanings, were discovered by Guillaume Celosia and Mathieu Cunche in Discontinued Privacy: Personal Data Leaks in Apple Bluetooth-Low-Energy Continuity Protocols.

Wireshark Dissector

The latest Wireshark dissectors can be found here, as well as installation instructions here.

Contributing Dissector Updates

Apple updates Continuity frequently, adding new messages and field values. Help keep up to date by dropping us a line at

ShmooCon 2020

The Continuity reverse engineering effort and Wireshark dissector were presented at ShmooCon 2020 on January 31, 2020. The slides from the presentation are here.


You can’t perform that action at this time.