[New Tutorial For BT3 ONLY]One bluetooth post to rule them all!

[imported_sardinemaster]

Google is the way forward, you're right, I just would have expected you to have made it clear on the first post... but there you go, you migth want to add it to your first post to avoid newbie questions like mine.

h**p://en.wikipedia.org/wiki/Bluebugging

Cheers!

[ju1ce]

green.. so I have 2 dongles that I can flash with the new firmware.. including the one i posted above.. any issues with using it as a regular bluetooth module for scanning/probing with the new firmware? or is it one or the other.. just wanted to confirm before I flashed it..

also.. the frontline app only seems to be supporting xp.. though bt3 seems to have a slimmed down version already built in..

have you played with an antenna at all with the bt devices? in practice I find that it's not as easy to get long range readings as the articles say.. the noise is so high that it needs to be fairly close up to actually see anything..

hooked it up to a 14dbi yagi and not a whole lot was noticed.

[drgr33n]

Juststormy Have you tried 0x0000 ????

@ ju1ce I haven't even got my dongle yet !!! Although it was CSR it had the bluecore-4 ROM chipset so I couldn't get the new firmware on I'm waiting for my new dongle to arrive

To use as a normal dongle again I'm not 100 % sure but I don't think this will be possible until you reflash with your old firmware and change the product ID back??? But you know more than me at this point

[juststormy]

Juststormy Have you tried 0x0000 ????

No i didn't but i'll try as far as i am on my BT machine - let you know if this brings success.

Thank's

@Dr Green - can you post a example of your /etc/bluetooth.conf - this would be nice

[imported_spudgunman]

@ spudgunman It looks like you may have some problems. Can you post the output of

Code:

bccmd psget -s 0x0001 0x02bf

Code:

bt ~ # bccmd psget -s 0x0001 0x02bf
Can't execute command: No such device or address (6)
bt ~ # bccmd pslist
0x0001 - Bluetooth address (8 bytes)
0x001e - Radio power table (36 bytes)
0x0021 - Default transmit power (2 bytes)
0x00dc - Unknown (28 bytes)
....
0x00ee - Unknown (2 bytes)
0x0191 - Unknown (20 bytes)
0x01f6 - Crystal frequency trim (2 bytes)
0x01f9 - Host interface (2 bytes)
0x0217 - Transmit offset (2 bytes)
0x0240 - TX pre-amplifier level (2 bytes)
0x0242 - RX single ended (2 bytes)
0x025c - Module security code (16 bytes)
0x02bf - USB product identifier (2 bytes)
bt ~ # bccmd psget -s 0x0000 0x0001
Bluetooth address: 0xe100 0x81ff 0x4100 0x0c00
bt ~ # bccmd psget -s 0x0000 0x0002
Country code: 0x0000 (0)
bt ~ # bccmd psget -s 0x0000 0x0003
Class of device: 0x00000000 (0)
bt ~ # bccmd psget -s 0x0000 0x0004
Device drift: 0x00fa (250)

[imported_spudgunman]

will try that, is that in the same lines of this part of your guide?

This may not make sense now but it will very soon so pay attention lol. There are multiple places to read bytes on the stick. Depending on what card you are using these can be different. In general these are “Default” (0×0000), “param” (0×0008), “psi” (0×0001), “psf” (0×0002) and “psrom” (0×0004). If yours is different you cankeeptrying until you run out of numbers and then take the dongle back

I got lost in the def and the memory space and that paragraph got me confused.


EDIT- some how I posted this before your answer, there seems to be a time issue on the server?

[juststormy]

Code:

bt ~ # bccmd -d hci0  psset -s 0x0000 0x02bf 0x0002
Can't execute command: No such device or address (6)

Mh did not work @ Dr_Green.

Any other ideas to get into the sniff mode?
Thanks!

[drgr33n]

try

Code:

bccmd psset -s 0x0000 0x02bf 0x0002

[imported_spudgunman]

bt ~ # bccmd -d hci0 psset -s 0x0000 0x02bf 0x0002
Can't execute command: No such device or address (6)
Mh did not work @ Dr_Green.

Any other ideas to get into the sniff mode?
Thanks!

yea same here I tried 2,4,8 all with same results.

[The_Denv]

Hello Dr_GrEen,

I followed your guide and only got to the DFU section lol.

Here are my results:

Code:

 bt ~ # hciconfig -a revision
hci0:   Type: USB
        BD Address: 00:0E:E7:50:02:6F ACL MTU: 384:8 SCO MTU: 64:8
        UP RUNNING
        RX bytes:925 acl:0 sco:0 events:20 errors:0
        TX bytes:65 acl:0 sco:0 commands:18 errors:0
        Features: 0xff 0xff 0x8f 0xfe 0x9b 0xf9 0x00 0x80
        Packet type: DM1 DM3 DM5 DH1 DH3 DH5 HV1 HV2 HV3
        Link policy:
        Link mode: SLAVE ACCEPT
        Name: 'CSR - bc4'
        Class: 0x000000
        Service Classes: Unspecified
        Device Class: Miscellaneous,
        HCI Ver: 2.0 (0x3) HCI Rev: 0x7a6 LMP Ver: 2.0 (0x3) LMP Subver: 0x7a6
        Manufacturer: Cambridge Silicon Radio (10)

bt ~ # dfutool -d hci0 archive backold.dfu
Can't find any DFU devices

I tried exploring with the DFU comands, but no joy.

Code:

dfutool - Device Firmware Upgrade utility ver 3.12

Usage:
        dfutool [options] <command>

Options:
        -d, --device <device>   USB device
        -h, --help              Display help

Commands:
        verify   <dfu-file>     Check firmware file
        modify   <dfu-file>     Change firmware attributes
        upgrade  <dfu-file>     Download a new firmware
        archive  <dfu-file>     Upload the current firmware

I don't understand why it states there are no DFU devices as I have a 4GB datastick in one slot and a bluetooth device in the other USB slot. I can use hcitool and hciconfig well, I wonder what it could be? Any advice? Maybe it could be that it states CSR-bc4 [bluechip4]. I dont want to spend 100$ on a bt100 dongle lol.

Cheers