Results 1 to 4 of 4

Thread: Frontline

  1. #1
    Junior Member JF1976's Avatar
    Join Date
    Jan 2010
    Location
    Kings Lynn, Norfolk UK
    Posts
    31

    Default Frontline

    Hi all i've been trying to get my bluetooth dongle to sniff but am unable to complete it fully ? here is what i have done and found out so far, my question is

    Q) can the calibration process be done from within Back|Track3 or can someone explain what the process does..

    i manage to get my TDK bluecore 2 ext 99.9% there but am unable to use it from there on in ? i also found an extra DFU product id that i needed to change before i could get windows to detect it as described?


    [-- Getting your device info

    1). Bring your device up.
    # hciconfig -a hci0 up

    2). Get the revision information.
    # hciconfig -a hci0 revision

    hci0: Type: USB
    BD Address: 00:16:B8:XX:XX:XX ACL MTU: 192:8 SCO MTU: 64:8
    HCI 16.14
    Chip version: BlueCore02-External
    Max key size: 128 bit
    SCO mapping: HCI

    3). Backup your dongles firmware.
    # dfutool -d hci0 archive mydongle.dfu

    Available devices with DFU support:

    1) Bus 4 Device 2: ID 0a12:0001 Interface 2
    Select device (abort with 0):

    4). Get the USB product ID.
    # bccmd psget -s 0x0000 0x02bf
    USB product identifier: 0x0001 (1)

    5). Get the USB vendor ID.
    # bccmd psget -s 0x0000 0x02be
    USB vendor identifier: 0x0a12 (2578)

  2. #2
    Junior Member JF1976's Avatar
    Join Date
    Jan 2010
    Location
    Kings Lynn, Norfolk UK
    Posts
    31

    Default What your device needs

    1). Set the USB product ID to 0x0002.
    # bccmd psset -s 0x0000 0x02bf 0x0002

    2). Set the USB vendor ID to 0xa12.
    # bccmd psset -s 0x0000 0x02be 0x0a12

    3). Upload the new DFU firmware.
    # dfutool -d hci0 upgrade /pentest/bluetooth/firmwares/airsnifferdev46bc2.dfu
    --]


    NOTE2SELF -:- Find USB & VENDOR ID's PID & VID in the comprobe ini file WINXP!


    # lsusb
    Bus 2 Device 1: ID 0000:0000
    Bus 4 Device 2: ID 0a12:0001 Cambridge Silicon Radio, Ltd Bluetooth Dongle (HCI mode)

    PSF store data must be 0xa12:0x0002

    # bccmd pslist -s 0x000f | grep USB
    0x02bc - USB specification version number (2 bytes) ?
    0x02bd - USB device class codes (6 bytes)
    0x02be - USB vendor identifier (2 bytes) *
    0x02bf - USB product identifier (2 bytes) *
    0x02c1 - USB manufacturer string (6 bytes)
    0x02c2 - USB product string (56 bytes)
    0x02c5 - USB attributes bitmap (2 bytes)
    0x02c6 - USB device maximum power consumption (2 bytes)
    0x02c7 - USB Bluetooth interface class codes (6 bytes)
    0x02c9 - USB language strings supported (2 bytes)
    0x02ca - USB DFU class codes block (6 bytes)
    0x02cb - USB DFU product ID (2 bytes) ?
    0x02d0 - USB D+ pullup PIO line (2 bytes)
    0x02d2 - Timeout for assertion of USB PIO wake signal (2 bytes)
    0x02d4 - USB Bluetooth SCO interface class codes (6 bytes)
    0x02d5 - USB PIO levels to set when suspended (2 bytes)
    0x02d6 - USB PIO I/O directions to set when suspended (2 bytes)
    0x02d7 - USB PIO lines to be set forcibly in suspend (2 bytes)


    0x02be - USB vendor identifier (2 bytes)
    0x02bf - USB product identifier (2 bytes)


    # bccmd psget -s 0x000f 0x02bf
    USB product identifier: 0x0002 (2)
    # bccmd psget -s 0x0000 0x02bf
    USB product identifier: 0x0002 (2)
    # bccmd psget -s 0x0000 0x02be
    USB vendor identifier: 0x0a12 (2578)
    # bccmd psget -s 0x000f 0x02be
    USB vendor identifier: 0x0a12 (2578)

    # lsusb
    Bus 4 Device 2: ID 0a12:0001 Cambridge Silicon Radio, Ltd Bluetooth Dongle (HCI mode)

    Unplug the device!

    # dfutool -d hci0 archive TDk-Firmware.dfu
    Available devices with DFU support:

    1) Bus 3 Device 2: ID 0a12:0002 Interface 2

    Select device (abort with 0): 1

    Firmware upload ... 359344 bytes


    #dfutool -d hci0 upgrade /pentest/bluetooth/firmwares/airsnifferdev46bc4.dfu
    Filename airsnifferdev46bc4.dfu
    Filesize 325936
    Checksum d1bc6fd8 (valid)

    Available devices with DFU support:

    1) Bus 3 Device 4: ID 0a12:0002 Interface 2

    Select device (abort with 0): 1

    Firmware download ... aborting (status 1 state 10)

    # dfutool -d hci0 upgrade /pentest/bluetooth/firmwares/airsnifferdev47bc2.dfu
    Filename airsnifferdev47bc2.dfu
    Filesize 317542
    Checksum 2bb93c19 (valid)

    Available devices with DFU support:

    1) Bus 3 Device 9: ID 0a12:0002 Interface 2

    Select device (abort with 0): 1

    Waiting for device ...
    bt tmp #

    # hciconfig -a hci0 up
    Can't get device info: No such device
    bt tmp # hciconfig -a hci0 reset
    Can't get device info: No such device
    bt tmp #

  3. #3
    Junior Member JF1976's Avatar
    Join Date
    Jan 2010
    Location
    Kings Lynn, Norfolk UK
    Posts
    31

    Default last try

    # lsusb
    Bus 3 Device 11: ID 0a12:0321 Cambridge Silicon Radio, Ltd

    in windows the device displays the same TDK discription but will not install?
    the device manager reports the "Device Instance id" as
    "USB\VID_0A12&PID_0321\5&ED1C729&0&2", this is the same as lsusb under BT3

    # dfutool -d hci0 upgrade /mnt/sdb1/tmp/TDk-Firmware.dfu
    Filename TDk-Firmware.dfu
    Filesize 359360
    Checksum 9d46043e (valid)

    Available devices with DFU support:

    1) Bus 4 Device 2: ID 0a12:0321 Interface 0 (DFU mode)

    Select device (abort with 0): 1

    Waiting for device ...
    sh-3.1#

    1# lsusb
    Bus 4 Device 3: ID 0a12:0002 Cambridge Silicon Radio, Ltd

    # hciconfig -a hci0
    hci0: Type: USB
    BD Address: 00:16:B8:XX:XX:XX ACL MTU: 192:8 SCO MTU: 64:8
    UP RUNNING
    RX bytes:79 acl:0 sco:0 events:8 errors:0
    TX bytes:30 acl:0 sco:0 commands:8 errors:0
    Features: 0xff 0xff 0x0f 0x00 0x00 0x00 0x00 0x00
    Packet type: DM1 DM3 DM5 DH1 DH3 DH5 HV1 HV2 HV3
    Link policy:
    Link mode: SLAVE ACCEPT
    Name: 'BT'
    Class: 0x000000
    Service Classes: Unspecified
    Device Class: Miscellaneous,
    HCI Ver: 1.1 (0x1) HCI Rev: 0x33d LMP Ver: 1.1 (0x1) LMP Subver: 0x33d
    Manufacturer: Cambridge Silicon Radio (10)

    # bccmd psget -s 0x0000 0x02cb
    USB DFU product ID: 0x0321 (801)

    # bccmd psset -s 0x0000 0x02cb 0x0002

    in windows the device displays the same TDK discription but will not install?
    the device manager reports the "Device Instance id" as
    "USB\VID_0A12&PID_0002\5&ED1C729&0&1", this is the same as lsusb under BT3

    ok so i had a look inside the following files :
    csrbluecoreusb.inf,bluetoothcomprobe.inf,usbcompro be.inf
    and i found a number of device id's but which one our we supose to be using ?

    remember the first set of values (0a12:0002) this is what all the reading i've
    done says you need but this still looks like its not working even after i change
    the missing field "USB DFU product ID: 0x0321 (801)", maybe i should
    upload the firmware again..

    let have a poke about with bccmd..

    # hciconfig -a hci0 up
    bt ~ # bccmd psget -s 0x0000 0x02cb
    USB DFU product ID: 0x0002 (2)

    what about putting the firmware back on now i've found the missing value ?

    dfutool -d hci0 upgrade /pentest/bluetooth/firmwares/airsnifferdev47bc2.dfu
    Filename airsnifferdev47bc2.dfu
    Filesize 317542
    Checksum 2bb93c19 (valid)

    Available devices with DFU support:

    1) Bus 4 Device 2: ID 0a12:0002 Interface 2

    Select device (abort with 0): 1

    Waiting for device ...
    bt ~ # lsusb
    Bus 4 Device 3: ID 0a12:0002 Cambridge Silicon Radio, Ltd

    # hciconfig -a hci0 up
    Can't get device info: No such device

    ok so i booted into windows and waited a while for device detection etc to
    finish, removed my old device from device manager and run a scan for new
    hardware and before i new it i was being asked the usual, again i selected the
    bluetoothcomprobe.inf file but this time it all started working for me and i
    now have a device listed in device manager as,

    "Frontline Test Equipment Bluetooth ComProbe",

    i guess its time to go back into BT3 to see what we can see....
    well again i am unable to get the device, but at least i guess i now have a working
    comprobe for windows , lets have a poke about...

    # lsusb
    Bus 3 Device 3: ID 0a12:0002 Cambridge Silicon Radio, Ltd

    # udevmonitor
    udevmonitor will print the received events for:
    UDEV the event which udev sends out after rule processing
    UEVENT the kernel uevent

    UDEV [1220992899.127597] remove /devices/pci0000:00/0000:00:1d.1/usb3/3-2/3-2:1.0 (usb)
    UDEV [1220992899.127645] remove /devices/pci0000:00/0000:00:1d.1/usb3/3-2/usbdev3.2 (usb_device)
    UDEV [1220992899.127658] remove /devices/pci0000:00/0000:00:1d.1/usb3/3-2/usbdev3.2_ep00 (usb_endpoint)
    UEVENT[1220992899.127670] remove /devices/pci0000:00/0000:00:1d.1/usb3/3-2 (usb)
    UDEV [1220992899.128331] remove /devices/pci0000:00/0000:00:1d.1/usb3/3-2 (usb)
    UDEV [1220992903.624367] add /devices/pci0000:00/0000:00:1d.1/usb3/3-2 (usb)
    UEVENT[1220992903.624392] add /devices/pci0000:00/0000:00:1d.1/usb3/3-2/usbdev3.3_ep00 (usb_endpoint)
    UDEV [1220992903.625197] add /devices/pci0000:00/0000:00:1d.1/usb3/3-2/usbdev3.3_ep00 (usb_endpoint)
    UEVENT[1220992903.626768] add /devices/pci0000:00/0000:00:1d.1/usb3/3-2/3-2:1.0 (usb)
    UEVENT[1220992903.626784] add /devices/pci0000:00/0000:00:1d.1/usb3/3-2/usbdev3.3 (usb_device)
    UDEV [1220992903.634954] add /devices/pci0000:00/0000:00:1d.1/usb3/3-2/usbdev3.3 (usb_device)
    UDEV [1220992903.654110] add /devices/pci0000:00/0000:00:1d.1/usb3/3-2/3-2:1.0 (usb)

    ok so it looks like the device did'nt load correctly?

    # modprobe -l | grep blue
    /lib/modules/2.6.21.5/kernel/net/bluetooth/sco.ko
    /lib/modules/2.6.21.5/kernel/net/bluetooth/rfcomm/rfcomm.ko
    /lib/modules/2.6.21.5/kernel/net/bluetooth/l2cap.ko
    /lib/modules/2.6.21.5/kernel/net/bluetooth/hidp/hidp.ko
    /lib/modules/2.6.21.5/kernel/net/bluetooth/cmtp/cmtp.ko
    /lib/modules/2.6.21.5/kernel/net/bluetooth/bnep/bnep.ko
    /lib/modules/2.6.21.5/kernel/net/bluetooth/bluetooth.ko
    /lib/modules/2.6.21.5/kernel/drivers/bluetooth/hci_vhci.ko
    /lib/modules/2.6.21.5/kernel/drivers/bluetooth/hci_usb.ko
    /lib/modules/2.6.21.5/kernel/drivers/bluetooth/hci_uart.ko
    /lib/modules/2.6.21.5/kernel/drivers/bluetooth/dtl1_cs.ko
    /lib/modules/2.6.21.5/kernel/drivers/bluetooth/btuart_cs.ko
    /lib/modules/2.6.21.5/kernel/drivers/bluetooth/bt3c_cs.ko
    /lib/modules/2.6.21.5/kernel/drivers/bluetooth/bpa10x.ko
    /lib/modules/2.6.21.5/kernel/drivers/bluetooth/bluecard_cs.ko
    /lib/modules/2.6.21.5/kernel/drivers/bluetooth/bfusb.ko
    /lib/modules/2.6.21.5/kernel/drivers/bluetooth/bcm203x.ko
    # lsmod | grep usb
    # lsmod | grep hci
    # lsmod | grep blue
    bluetooth 52964 0

    # lsmod | grep blue
    bluetooth 52964 1 bfusb

    well i've had a play about in windows, but i am still unable to get a firmware
    that confirms as working ????

  4. #4
    Junior Member JF1976's Avatar
    Join Date
    Jan 2010
    Location
    Kings Lynn, Norfolk UK
    Posts
    31

    Default no matter what i do

    no matter what i do i just cant get frontline.c to find the device ?

    # frontline -d hci0 -t
    frontline: hci_devid(): no such device

    i have seen that bluecore 2 ext can be flashed as the device listed on http://bluetoothsecurity.wordpress.c...king-purposes/

    D-link DBT-120 Rev. B4 is a bluecore 2

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •