I'm Dump
I followed some command's without know what they are
and I got a problem in windows
it's tell me turn on you're bluetooth device but it already ON
in linux it's have no problems
I've searched the forums and found the following that have a CSR chipset and allow firmware modifying:
Linksys USBBT100 Rev 1
D-Link DBT-120 Rev C1
DELOCK 61478
A7 eb502-HCI
Fujitsu Siemens BLUETOOTH V2.0
Toshiba PA3455U-1BTM
Aircable Host XR
Cellink BTA-6030 Bluetooth Adapter
The adapter must allow flashing of the external memory, so finding the correct adapter is painstaking. There are numerous revisions and chipset changes. Also changes from BlueCore4-external to BlueCore-ROM will prevent flashing. If anyone knows of any others, please add them to the list. If you know where to buy any of the mentioned adapters (with correct revision #), post as well, as many are discontinued or not sold in the states. Thanks.
William
I'm Dump
I followed some command's without know what they are
and I got a problem in windows
it's tell me turn on you're bluetooth device but it already ON
in linux it's have no problems
If you need an adapter:
You can buy the DLink DBT-120 RevC1 at Fry's and Newegg.com.
I noticed a typo in alot of posts refering to psget as psset.
Finally, for those with the old Nokia phone, you can check out my old tutorial showing some exploits:
http://www.irongeek.com/i.php?page=videos/bluesnarf1
Looking foward to some more updates on this thread. Thanks Dr_Green!
William
Linux Bluetooth Sniffing
Hey Guys
Have you got your bluetooth dongles ready because here it is the software for backtrack to enable sniffing.
I've added it to Blue-Smash, just download and install and sniff away
Blue-Smash v1.0c
Bluetooth Sniffing with Blue-Smash Video Tutorial / Demo
Online Demo Vid (No Sound)
Enjoy
Any info on the limitations of these vulnerabilities on newer devices. Will these apps only exploit older devices as others have mentioned?
Hey guys
Sorry to drag a old post up but I've been playing with the bluetooth dongles for a while now and I thought it would be nice to post the cheapest dongle I found with the BC04 EXT chipset.
EDIT
Sorry received dongles and they were broadcomGoing back to my original Fujitsu-Siemens BLUETOOTH v2.0 dongle.
The only info I have is that bluetooth is in its honeymoon stages so you may find some devices are exploitable and some are not. I cant remember weather its the bluesnarfer or the bluebugger exploit was sucsessful on the nokia phones because of a undisclosed secret channel (17) that allowed unauthorised access to the phone.Originally Posted by skindeep
These exploits will still be valid because if you can get the link key, you could connect to a piconet and spoof the mac addy of the slave device, then you would be able to attack the master.
With sorbo's tools its only a matter of time before we should get "opencsr" the open source firmware for the CSR chipsets. This should allow injection amongst other things
great thread, thanks for the help
I'm getting some errors with Bluesmash 1.0e
However hci0 is up:Code:Checking to see if HCI device exists.... No Local Device Detected! Please check your hardware. Maybe Try 'hciconfig hci*' up and restart Blue|Smash. Blue|Smash will now exit!
Code:bt ~ # hciconfig -a hci0: Type: USB BD Address: 00:17:9A:2B:86:11 ACL MTU: 0:0 SCO MTU: 0:0 UP RUNNING RAW RX bytes:102 acl:0 sco:0 events:0 errors:0 TX bytes:24 acl:0 sco:0 commands:8 errors:0
Hey Williamc
Its because your modded bt dongle is no longer recognized as a bluetooth adapter. You will need to use a normal bt dongle to run bluesmash or comment out the following around line 50 in the main program
Code:##### Hardware Check ##### print "Checking to see if HCI device exists...." try: sock = bt.hci_open_dev() results = bt.hci_inquiry(sock, duration=1, flush_cache=True) print "Sucsess :D!" except bt.error: print """No Local Device Detected! Please check your hardware. Maybe Try 'hciconfig hci*' up and restart Blue|Smash. Blue|Smash will now exit! """ sys.exit(1) ##### End Hardware Check #####
Hi guys
I have just started looking and playing with bluetooth hacks, and I have come across a few problems which I hope someone can help with.
My Bluetooth adapter of choice is the built in one in my Sony Vaio TR2MP.
hciconfig -a looks like this:
I have followed the guide up until the firmware flashing part, where I kinda get lost.Code:bt ~ # hciconfig -a hci0: Type: USB BD Address: 08:00:46:CC:9C:A1 ACL MTU: 192:8 SCO MTU: 64:8ss RX bytes:673 acl:0 sco:0 events:19 errors:0 TX bytes:322 acl:0 sco:0 commands:19 errors:0 Features: 0xff 0xff 0x0f 0x00 0x00 0x00 0x00 0x00 Packet type: DM1 DM3 DM5 DH1 DH3 DH5 HV1 HV2 HV3 Link policy: RSWITCH HOLD SNIFF PARK Link mode: ACCEPT MASTER Name: 'device1' Class: 0x000000 Service Classes: Unspecified Device Class: Miscellaneous, HCI Ver: 1.1 (0x1) HCI Rev: 0x30d LMP Ver: 1.1 (0x1) LMP Subver: 0x30d Manufacturer: Cambridge Silicon Radio (10)
I can use hcitool scan hci0
When I use bluebugger withI can get the info, anything else and it prompts the phone with an authentication challenge. if I enter the passkey 1234 (set in my config) it says connection refused.Code:bluebugger -c 3 -a MAC info
Soooo...in all the demos I see, it doesnt challenge for auth. Is this right?
Also noticed that although my device name is "device1" in the config, its using the computer name. Something isnt quite right.
I saw somewhere I have a BlueCore2-External chip if that helps. Please let me know if you need any further outputs, and/or what could be wrong.
Thanks
EDIT: Ok, let me update.
Using SDPTOOL I found out my Nokia uses DUN on 2, OPUSH on 9 and FTP on 11. If I use bluebugger on channel 2 and 11, I get prompted for a passkey (even if I put int the right one it doesnt work). If I use 9, the phone asks me if I want to receive a message. Clicking Yes results in nothing happening, no error or anything.
If I use Bluesnarfer, I get the same result as others here:
Bluesnarfer: open /dev/rfcomm0, Connection Refused
Bluesnarfer: bt_rfcomm_config failed
Bluesnarfer: unable to create rfcomm connection
Bluesnarfer: release rfcomm ok
Did anyine find out the fix for this?
Posting Permissions