Page 9 of 20 FirstFirst ... 789101119 ... LastLast
Results 81 to 90 of 197

Thread: [New Tutorial For BT3 ONLY]One bluetooth post to rule them all!

  1. #81
    Good friend of the forums williamc's Avatar
    Join Date
    Feb 2010
    Location
    Chico CA
    Posts
    285

    Default

    I've searched the forums and found the following that have a CSR chipset and allow firmware modifying:

    Linksys USBBT100 Rev 1
    D-Link DBT-120 Rev C1
    DELOCK 61478
    A7 eb502-HCI
    Fujitsu Siemens BLUETOOTH V2.0
    Toshiba PA3455U-1BTM
    Aircable Host XR
    Cellink BTA-6030 Bluetooth Adapter

    The adapter must allow flashing of the external memory, so finding the correct adapter is painstaking. There are numerous revisions and chipset changes. Also changes from BlueCore4-external to BlueCore-ROM will prevent flashing. If anyone knows of any others, please add them to the list. If you know where to buy any of the mentioned adapters (with correct revision #), post as well, as many are discontinued or not sold in the states. Thanks.

    William

  2. #82
    Junior Member
    Join Date
    Jan 2010
    Posts
    84

    Default

    I'm Dump

    I followed some command's without know what they are

    and I got a problem in windows

    it's tell me turn on you're bluetooth device but it already ON

    in linux it's have no problems

  3. #83
    Good friend of the forums williamc's Avatar
    Join Date
    Feb 2010
    Location
    Chico CA
    Posts
    285

    Default

    If you need an adapter:
    You can buy the DLink DBT-120 RevC1 at Fry's and Newegg.com.

    I noticed a typo in alot of posts refering to psget as psset.

    Finally, for those with the old Nokia phone, you can check out my old tutorial showing some exploits:
    http://www.irongeek.com/i.php?page=videos/bluesnarf1

    Looking foward to some more updates on this thread. Thanks Dr_Green!

    William

  4. #84
    Very good friend of the forum drgr33n's Avatar
    Join Date
    Jan 2010
    Location
    Dark side of the moon ...
    Posts
    699

    Default Linux Bluetooth Sniffing

    Hey Guys

    Have you got your bluetooth dongles ready because here it is the software for backtrack to enable sniffing.

    I've added it to Blue-Smash, just download and install and sniff away

    Blue-Smash v1.0c

    Bluetooth Sniffing with Blue-Smash Video Tutorial / Demo

    Online Demo Vid (No Sound)


    Enjoy

  5. #85
    Just burned his ISO
    Join Date
    Dec 2007
    Posts
    8

    Default

    Any info on the limitations of these vulnerabilities on newer devices. Will these apps only exploit older devices as others have mentioned?

  6. #86
    Very good friend of the forum drgr33n's Avatar
    Join Date
    Jan 2010
    Location
    Dark side of the moon ...
    Posts
    699

    Default

    Hey guys

    Sorry to drag a old post up but I've been playing with the bluetooth dongles for a while now and I thought it would be nice to post the cheapest dongle I found with the BC04 EXT chipset.

    EDIT

    Sorry received dongles and they were broadcom Going back to my original Fujitsu-Siemens BLUETOOTH v2.0 dongle.

    Quote Originally Posted by skindeep
    Any info on the limitations of these vulnerabilities on newer devices. Will these apps only exploit older devices as others have mentioned?
    The only info I have is that bluetooth is in its honeymoon stages so you may find some devices are exploitable and some are not. I cant remember weather its the bluesnarfer or the bluebugger exploit was sucsessful on the nokia phones because of a undisclosed secret channel (17) that allowed unauthorised access to the phone.

    These exploits will still be valid because if you can get the link key, you could connect to a piconet and spoof the mac addy of the slave device, then you would be able to attack the master.

    With sorbo's tools its only a matter of time before we should get "opencsr" the open source firmware for the CSR chipsets. This should allow injection amongst other things

  7. #87
    Junior Member unix_r00ter's Avatar
    Join Date
    Feb 2007
    Posts
    64

    Default

    great thread, thanks for the help 10/10

  8. #88
    Good friend of the forums williamc's Avatar
    Join Date
    Feb 2010
    Location
    Chico CA
    Posts
    285

    Default

    I'm getting some errors with Bluesmash 1.0e
    Code:
     Checking to see if HCI device exists....
    No Local Device Detected! Please check your hardware.
    Maybe Try 'hciconfig hci*' up and restart Blue|Smash.
    
    Blue|Smash will now exit!
    However hci0 is up:
    Code:
    bt ~ # hciconfig -a
    hci0:   Type: USB
            BD Address: 00:17:9A:2B:86:11 ACL MTU: 0:0 SCO MTU: 0:0
            UP RUNNING RAW
            RX bytes:102 acl:0 sco:0 events:0 errors:0
            TX bytes:24 acl:0 sco:0 commands:8 errors:0

  9. #89
    Very good friend of the forum drgr33n's Avatar
    Join Date
    Jan 2010
    Location
    Dark side of the moon ...
    Posts
    699

    Default

    Hey Williamc

    Its because your modded bt dongle is no longer recognized as a bluetooth adapter. You will need to use a normal bt dongle to run bluesmash or comment out the following around line 50 in the main program

    Code:
    ##### Hardware Check #####
    
    print "Checking to see if HCI device exists...."
    try:
      sock = bt.hci_open_dev()
      results = bt.hci_inquiry(sock, duration=1, flush_cache=True)
      print "Sucsess :D!"
    except bt.error:
      print """No Local Device Detected! Please check your hardware.
    Maybe Try 'hciconfig hci*' up and restart Blue|Smash.
    
    Blue|Smash will now exit!
    	   """
      sys.exit(1)
    
    ##### End Hardware Check #####

  10. #90
    Member
    Join Date
    Jan 2006
    Posts
    90

    Default

    Hi guys

    I have just started looking and playing with bluetooth hacks, and I have come across a few problems which I hope someone can help with.

    My Bluetooth adapter of choice is the built in one in my Sony Vaio TR2MP.

    hciconfig -a looks like this:

    Code:
    bt ~ # hciconfig -a
    hci0:   Type: USB
            BD Address: 08:00:46:CC:9C:A1 ACL MTU: 192:8 SCO MTU: 64:8ss
            RX bytes:673 acl:0 sco:0 events:19 errors:0
            TX bytes:322 acl:0 sco:0 commands:19 errors:0
            Features: 0xff 0xff 0x0f 0x00 0x00 0x00 0x00 0x00
            Packet type: DM1 DM3 DM5 DH1 DH3 DH5 HV1 HV2 HV3
            Link policy: RSWITCH HOLD SNIFF PARK
            Link mode: ACCEPT MASTER
            Name: 'device1'
            Class: 0x000000
            Service Classes: Unspecified
            Device Class: Miscellaneous,
            HCI Ver: 1.1 (0x1) HCI Rev: 0x30d LMP Ver: 1.1 (0x1) LMP Subver: 0x30d
            Manufacturer: Cambridge Silicon Radio (10)
    I have followed the guide up until the firmware flashing part, where I kinda get lost.

    I can use hcitool scan hci0

    When I use bluebugger with
    Code:
     bluebugger -c 3 -a MAC info
    I can get the info, anything else and it prompts the phone with an authentication challenge. if I enter the passkey 1234 (set in my config) it says connection refused.

    Soooo...in all the demos I see, it doesnt challenge for auth. Is this right?

    Also noticed that although my device name is "device1" in the config, its using the computer name. Something isnt quite right.

    I saw somewhere I have a BlueCore2-External chip if that helps. Please let me know if you need any further outputs, and/or what could be wrong.

    Thanks

    EDIT: Ok, let me update.

    Using SDPTOOL I found out my Nokia uses DUN on 2, OPUSH on 9 and FTP on 11. If I use bluebugger on channel 2 and 11, I get prompted for a passkey (even if I put int the right one it doesnt work). If I use 9, the phone asks me if I want to receive a message. Clicking Yes results in nothing happening, no error or anything.

    If I use Bluesnarfer, I get the same result as others here:

    Bluesnarfer: open /dev/rfcomm0, Connection Refused
    Bluesnarfer: bt_rfcomm_config failed
    Bluesnarfer: unable to create rfcomm connection
    Bluesnarfer: release rfcomm ok

    Did anyine find out the fix for this?

Page 9 of 20 FirstFirst ... 789101119 ... LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •