Results 1 to 4 of 4

Thread: Eavesdrop bluetooth conversations

  1. #1
    Senior Member BigMac's Avatar
    Join Date
    Jan 2008
    Posts
    213

    Default Eavesdrop bluetooth conversations

    http://www.5min.com/Video/How-To-Eav...sations-925061
    http://trifinite.org/trifinite_stuff_carwhisperer.html
    video and download links

    Im on bt3f... Im kinda stumped... he sets his bluetooth dongle to act as a celll phone hciconfig hci0 class 0x50204 then he connects to a bluetooth headset ./carwhisperer hci0 eargasm.raw out.raw 00:11:22:33:44:55 I get that much...

    what is a raw file? is it like wav? how do i edit and listen to a raw file? (Edit I figured out this part)
    how did he get the mac address of the headset?
    has any one played with this?
    i cant get this to work... I have been playing with a few headsets ...
    cw_scanner and i set both headsets to pairing but cw_scanner does not return any results

  2. #2
    Junior Member
    Join Date
    Jun 2006
    Posts
    57

    Default

    Good luck with this, if you get it working I would like some detailed information on steps taken.

    I have spent alot of time messing with this in the lab, on both BT Headsets that are known to be vulnerable, and BT Car Kits, however with no luck.

    This all works in theory, and it looks like its working on screen, but I dont hear anything injected, or recorded.

  3. #3
    Just burned his ISO
    Join Date
    Sep 2008
    Posts
    1

    Default

    Yeah I have been messing around with this and I am not sure if I need to bind the rfcomm ports or what. I just keep getting "can't connect RFCOMM channel!: connection refused"

    The other thing I was wondering about is how he is setting the pin if it's the same location on BT3 or if it needs to be set in the hcid.conf like with bluesnarfer and what not.

  4. #4
    Just burned his ISO
    Join Date
    May 2009
    Posts
    3

    Default Carwhisperer begin how-to?

    Hi guys,

    Right so I have been playing around with carwhisperer for a while now and believe to have a vulnerable headset (M2500 by Plantronics) according to the digitalmunition site, and what I have been looking at is the video from from Joshua Wright (youtube.com/watch?v=1c-jzYAH2gw) which gives a bit of detail of how its done.

    Has anyone actually got this working? if not then I know I could be wasting my time

    In addition to his video does anyone know what else needs to be done? for example create and rfcomm connection to the headset profile of the device?

    Sorry if its a noob question but i really want to get this working,

    Thanks guys

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •