[New Tutorial For BT3 ONLY]One bluetooth post to rule them all!

[DARTIS]

@akamagic:

Yes ..I am a bit harsh. I did not want to sound unthankful but I managed to do so...

Indeed, he has contributed a lot as I can trace.
But still I believe that at the time he wrote these lines he was more enthusiastic than in knowledge.

Bluetooth hacking cannot be done in Bluetooth 2.0 without sniffer...forget about it.

Sniffer creation tutorial...

A lot better is one here:
nfodb.com/view_231041_Frontline-Bluetooth-Sniffer-v5.6.9.0-Cracked-.html[/url]

-EDIT-

Add h t t p : / / to the above link... I am new poster and do not let me to post links yet... so I torrented them

[akamagic]

@ DARTIS

Lol yeah thats the guide i was talking about that comes with the frontline comprobe pack but even with that tut it is easy to run into problems, and even if we finally have a sniffer than what (ie. where do we get started into actually hacking)...which is what i meant by a complete bluetooth hacking tutorial with F.A.Q's which would solve alot of problems/confusion and lead to more success but yeah thanx for the link even though everyone still needs the .dfu firmware unless they have it already which would mean they have that tut already.

[DARTIS]

@akamagic

I have seen also a lot people having problem to issue a simple handshaking between their laptop and cellphones.

I will write a few comments to help before a total Tutorial

1st Step

Go to
/etc/Bluetooth/passkeys/default
Issue there 0000 or 1234 as the PIN of your laptop

Make it executable

2nd Step

Go to
/etc/Bluetooth/hci.conf

Change the following:

Code:

#
# HCI daemon configuration file.
#
 
# HCId options
options {
    # Automatically initialize new devices
    autoinit yes;
 
    # Security Manager mode
    #   none - Security manager disabled
    #   auto - Use local PIN for incoming connections
    #   user - Always ask user for a PIN
    #
    security auto; #or else the authentication will not work
 
# Pairing mode
    #   none  - Pairing disabled
    #   multi - Allow pairing with already paired devices
    #   once  - Pair once and deny successive attempts
 pairing multi; #or else the authentication will not work
 
 # Default PIN code for incoming connections
    passkey "0000"; #or 1234, ...=The PIN which gives to the cellphone ...if we are lucky!
 
# Default settings for HCI devices
device {
    # Local device name
    #   %d - device id
    #   %h - host name
    name "DARTIS or YOUR name :)"; 
    # Local device class
    class 0x000240;#Disguise your laptop as a simple cellphone. Put the exact class of the cellphone you want to connect for maybe better results...learn it by hcitool inq
 
    # Default packet type
    #pkt_type DH1,DM1,HV1;
    pkt_type DH1,DM1,HV1; #Optional
 
    # Inquiry and Page scan
    #iscan enable; 
    pscan enable;
 iscan enable; #(Important for better communication between BTs)
 
# Default link mode
    #   none   - no specific policy 
    #   accept - always accept incoming connections
    #   master - become master on incoming connections,
    #            deny role switch on outgoing connections
    lm accept,master; #Very important for the sniffer business.. 
 
    # Default link policy
    #   none    - no specific policy
    #   rswitch - allow role switch
    #   hold    - allow hold mode
    #   sniff   - allow sniff mode
    #   park    - allow park mode
    lp rswitch,hold,sniff,park; #rswitch can be disabled if you use master mode 
 
auth enable; #Very important for the pairing process 
encrypt enable; #Very important for the sniffing process 
}

Make it executable

3rd Step

Fire up your hci's seperately

hciconfig hci0 up
hciconfig hci1 up
etc...

4th Step

Put in your console the command

bash /etc/rc.d/rc.bluetooth restart

Check = OK with hciconfig -a
You should be able to proceed ...

Will revert with more

@those who had problems pairing
I would appreciate the feedback for anymore of your problems in that matter.

[akamagic]

Thats basically my procedure to get them paired but nice start although i don't understand whats the purpose to make the passkey or .conf file to be executable?

[imported_ASTRAPI]

Hi

I start with the first post and the most are working great untill the phone asks for a key to pair and never pair so i can't get any info from the phone.

So i follow the steps to add raw mode in my Fujitsu Siemens V2.0 Bluetooth and it was all ok according to post #2 and i verify all codes.

Then i use:
hciconfig hci0 up (all ok)
hciconfig -a (i get this info)

BD address: bla bla
up running RAW
rx bla bla
tx bla bla

And nothing else (before i was have more info there.

then i use :
hcitool scan hci0

i get this:

device is not avaliable: No such device

also my blue info:
hciconfig hci* revision

Bd address bla bla
hci 19.2
chip version: bluecore4 External
max key size: 56bit
sco mapping HCI

Any help please?

Thanks

[akamagic]

Hi

I start with the first post and the most are working great untill the phone asks for a key to pair and never pair so i can't get any info from the phone.

So i follow the steps to add raw mode in my Fujitsu Siemens V2.0 Bluetooth and it was all ok according to post #2 and i verify all codes.

Then i use:
hciconfig hci0 up (all ok)
hciconfig -a (i get this info)

BD address: bla bla
up running RAW
rx bla bla
tx bla bla

And nothing else (before i was have more info there.

then i use :
hcitool scan hci0

i get this:

device is not avaliable: No such device

also my blue info:
hciconfig hci* revision

Bd address bla bla
hci 19.2
chip version: bluecore4 External
max key size: 56bit
sco mapping HCI

Any help please?

Thanks

I'm assuming you didn't upgrade using the *.dfu file which is contained in the frontline comprobe pack. (look at drgreen's vid.)

[imported_ASTRAPI]

I did it but i have the same result

As you can see in the video Raw mode is good and is what we want but afer that i can't scan using:

hcitool scan hci0

So i can found any devices to try all the rest commands.

[ColForbin]

"what he has managed is to disorient every reader of this forum."

Apologies DARTIS, but I beg to differ sir. I believe that if anyone has been disoriented, it would be the non-readers. Non-readers, being those who want the quick and the easy.

Dr_GrEeN has been nothing but helpful in my experience. If one were to read his posts and follow them explicitly, one would find success.

I followed Dr_GrEen's tutorial on how to modify a USB bluetooth adapter into a sniffing tool, and succeeded on the first try.

The key to success? Reading. I first wanted to know what adapter would work. After searching through the forums, I found that the adapter I wanted to try was a D-Link DBT-120 rev. C.

I bought two and modified one. This is not a rip on DARTIS. This is simply a call to all, to read. Read the entire forum. If you can't find the answer to a question, register and ask.

Furthermore, this a shout out to Dr_GrEeN. The man codes blue-smash, creates detailed tutorials and videos, and is getting it all straight as he goes. Give the man some credit, why don'tcha.

[akamagic]

I did it but i have the same result

As you can see in the video Raw mode is good and is what we want but afer that i can't scan using:



So i can found any devices to try all the rest commands.

well that is because now you have a working sniffer and in the video of cracking the pin number for a bluetooth compatible phone drgreen uses two bluetooth dongles (one sniffer, and one unmodified one for scanning) but i could be wrong as i have much more to learn but most likely you basically need another dongle for scanning.

[jrm7262]

Have read all the posts, great information, thank you all.

Just wanted to subscribe to the thread.

One question, to actually implement any of the exploits are two
dongles needed?

Also looking at all the links the one dongle that seems the most probable is the D-Link DBT-120 Rev C1 (Now when I find a supply, do I buy 1 or 2, lol)

Kindest regards

James