Results 1 to 7 of 7

Thread: Bluebugger - /dev/rfcomm0 error

  1. #1
    Just burned his ISO
    Join Date
    Dec 2006
    Posts
    7

    Default Bluebugger - /dev/rfcomm0 error

    Hi all,
    I have a problem with Bluebugger.
    I can't get it to connect with /dev/rfcomm0

    When i try
    # bluebugger -a xx:xx:xx:xx:xx:xx info
    i get the error
    Cannot open '/dev/rfcomm0': Connection refused

    When i try
    # bluebugger -d /dev/rfcomm0 -a xx:xx:xx:xx:xx:xx info
    I get the error
    Cannot open '/dev/rfcomm00': No such file or directory (it put the extra 0 in)
    # bluebugger -d /dev/rfcomm -a xx:xx:xx:xx:xx:xx info
    Cannot open '/dev/rfcomm0': Connection refused

    When i try
    # bluebugger -d hci0 -a xx:xx:xx:xx:xx:xx info
    Cannot open 'hci00': No such file or directory (it puts the extra 0)


    I have tried mknod /dev/rfcomm0 c 216 0
    and also rfcomm bind 0 11:11:11:11:11:11 1 (11:11:11:11:11:11 is the mac for my bt usb dongle)

    There is an entry for rfcomm0 in my device list.
    Can anyone pls point me in the right direction.
    Thanx in advance.


    Code:
    #
    # RFCOMM configuration file.
    #
    
    rfcomm0 {
    	# Automatically bind the device at startup
    	bind yes;
    
    	# Bluetooth address of the device
    	device 11:11:11:11:11:11;
    
    	# RFCOMM channel for the connection
    	channel 3;
    
    	# Description of the connection
    	comment "Nokia 7210i";
    }

  2. #2
    Junior Member
    Join Date
    Apr 2007
    Posts
    25

    Default rfcomm fix

    hope this helps, it's of a web site by pauldotcom.com

    Scanning for bluetooth and total pwnage with Bluesnarfer
    first off, you are going to want to install the bluez libraries, and bluez utilities for your Linux distro of choice. Or use Backtrack...
    Most installations will automatically start up the bluetooth adaptor as the hci0 interface. We can verify this with one of the bluez tools hciconfig. hciconfig without any other command line options will show us info on all of our bluetooth adaptors. If hci0 isn't up, we can set it up, with hciconfig hci0 up.
    Verify bluetoothe devices exist in your environment with hcitool, another bluez utility. Use hcitool scan, and it will return all of the available BT devices with the btaddr (Mac address). Success? Sweet.
    Btscanner can be used to scan as well, and obtain info in a format that is a little easier to use. You'll need to download and compile btscanner - we found that with the Linksys USBT100 btscanner works best when started with the --no-reset option. This will prevent btscanner from resetting hte device before starting. btscanner will scan for discoverable devices once started with the i comand - b will perform a bruteforce scan, scanning for all possible BT btaddrs!
    Bluescanner for win32! Won't work with the default widcomm drivers though.
    hcitool can also be used to obatin much of the same info as btscanner :-)
    Got a vulnerable phone? Btscanner will compare the btaddr to a database, and list the attacks possible - mostly snarf attacks. The database is limited, so test what you discover in your environment.
    record the btaddr of the device vulnerable to the snarf attack so we can use it with bluesnarfer. One problem with the default install of bluesnarfer is that bluesnarfer.h expects the bluetooth device to be connected to /dev/bluetooth/rfcomm/<device ID> (likely 0). I've tried modifying the source to point to the default install without much success and chasing my tail. Modding the source also isn't possible on Backtrack, where bluesnarfer doesn't work either! Yes, I tried 2.0.
    The solution with the default sourcecode is real easy, this works for Backtack too. The problem is that the device nodes are missing for bluesnarfer to function, so let' create them. As root, do:
    mkdir -p /dev/bluetooth/rfcomm then mknod -m 666 /dev/bluetooth/rfcomm/0 c 216 0
    These will not survive a reboot, so you may want to add them to startup, or create a script :-)
    Once the nodes have been created, bluesnarfer will be happy. Let's use it.
    In order to grab phonebook entries, we'll give bluesnarfer the -r switch folloewd by the phone book entries we want and the -b switch with the :
    bluesnarfer -r 1-100 -b <btaddr>
    Delete the phonebook? Sure!:
    bluesnarfer -w 1-100 -b <btaddr>
    Now the fun part. Custom AT commands. How about making the phone dial a number of our choice? We can issue AT commands to the vulnerable phones with the -c switch:
    bluesnarfer -c 'ATDT5551212;' -b <baddr>
    Note that we have to properly quote the AT command (with single quotes), and include a semicolon as the trailing command character.

  3. #3
    Just burned his ISO
    Join Date
    Dec 2006
    Posts
    7

    Default

    Thanx for the reply. Was interesting.

    I think my problem is in the channel number i.e. '-c 1'
    # bluebugger -c 1 -a xx:xx:xx:xx:xx:xx info

    Can any1 confirm what all the channels are.
    Thanx.

  4. #4
    Just burned his ISO
    Join Date
    Aug 2008
    Posts
    1

    Default

    im also a bit stumped on channel and port numbers also specific counrty codes for mobiles. ie does usa have a specific band for mobiles and does uk also or is the codes individualy set per company

    thnxs

  5. #5
    Just burned his ISO
    Join Date
    Sep 2008
    Posts
    10

    Question

    Quote Originally Posted by NjoyAP View Post
    Hi all,
    I have a problem with Bluebugger.
    I can't get it to connect with /dev/rfcomm0

    When i try
    # bluebugger -a xx:xx:xx:xx:xx:xx info
    i get the error
    Cannot open '/dev/rfcomm0': Connection refused

    When i try
    # bluebugger -d /dev/rfcomm0 -a xx:xx:xx:xx:xx:xx info
    I get the error
    Cannot open '/dev/rfcomm00': No such file or directory (it put the extra 0 in)
    # bluebugger -d /dev/rfcomm -a xx:xx:xx:xx:xx:xx info
    Cannot open '/dev/rfcomm0': Connection refused

    When i try
    # bluebugger -d hci0 -a xx:xx:xx:xx:xx:xx info
    Cannot open 'hci00': No such file or directory (it puts the extra 0)


    I have tried mknod /dev/rfcomm0 c 216 0
    and also rfcomm bind 0 11:11:11:11:11:11 1 (11:11:11:11:11:11 is the mac for my bt usb dongle)

    There is an entry for rfcomm0 in my device list.
    Can anyone pls point me in the right direction.
    Thanx in advance.


    Code:
    #
    # RFCOMM configuration file.
    #
    
    rfcomm0 {
    	# Automatically bind the device at startup
    	bind yes;
    
    	# Bluetooth address of the device
    	device 11:11:11:11:11:11;
    
    	# RFCOMM channel for the connection
    	channel 3;
    
    	# Description of the connection
    	comment "Nokia 7210i";
    }
    yes i have that exact same problem i have a LENOVO 3000 N100 with internal bluetooth. i can scan my sidekick 2008 and other phones but when i use almost any bluetooth tool we have in backtrack i get this error

    Cannot open '/dev/rfcomm0'; Connection refused

    things ive also tryed:

    Code:
    hciconfig hci0 class 0x50204
    (sets class to
    Class: 0x50204
    Service Classes: Positioning, Rendering
    Device Class: Phone, Cellular
    )

    Code:
    hciconfig hci0 lm MASTER
    sets hci0's link mode to MASTER

    i have edited the rfcomm.config file. and nothings worked.
    ive been riping my hair out for 2 weeks now and still no luck

    any and all help is greatly appreciated thanks
    Code:
    .:pcap:.

  6. #6
    viljokid
    Guest

    Exclamation

    I think I have made a little progress with rfcomm, let me know what you guys think.

    I'll start from the start
    hciconfig hci0 up
    hciconfig -a
    hcitool scan hcio
    sdptool browse mac address
    Now I noticed that with my phone it doesn't show DUN and sdptool won't enable it so I write down each channel it gives me. Which are 3,4,16,17

    Now mr greens tutorial says to use
    mknod -m 666 /dev/rfcomm0 c 216 x (replace x with a channel try them all)
    I only enable rfcomm0 not rfcomm1 and rfcomm2
    since bluebugger only allows you to connect to one channel at a time.

    so after mknod -m 666 /dev/rfcomm0 c 216 x
    I don't even bother with sdptool --add channel = x DUN
    since I don't have it anyway , but I don't enable ftp or opush either.

    What I do is go stright to bluebugger , I use bluebugger cause bluesnarfer won't respond at all for me so type.

    bluebugger -m (choose a name to connect with) -d /dev/rfcomm -c (type in a channel try them all) -a (your mac address) info

    Bluebugger seems to connect because it says MOBILE IDENTIFICATION ...................done.

    However it doesn't list any infomation, Maby it's just this particular phone, maby this was no help at all , maby you can work out why.

  7. #7
    Just burned his ISO
    Join Date
    Jan 2009
    Posts
    11

    Default

    Quote Originally Posted by viljokid View Post
    I think I have made a little progress with rfcomm, let me know what you guys think.


    bluebugger -m (choose a name to connect with) -d /dev/rfcomm -c (type in a channel try them all) -a (your mac address) info

    .
    .....with -d option you should use single digit like 0 for rfcomm0, 1 for rfcomm1, etc...
    in bluebugger and bluesnarfer i use DUN channel with success.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •