Open pahapoika opened 8 years ago
@pahapoika we may add tools like bluesnarfer or others.
Yeah, i remember some app on SonyEricsson, that was pretty effective, when someone accept your pair invitation, already granted you full access to his telephone. Bluetooth was new type of communication, and everybody was excited to play with. Especially me, everyday in subway, traveling to my work. In 2005-6 i obtain my first Symbian Nokia N70, and quick DSL connection.. that was gamechanger after WinCE and dial-up.. :D That was start of computer's golden era, and beginning of quick evolution. Still in progress, in such astonishing quantity to take breath. From C64 - AMD64, from Dancall - Psion - iPaq to Android, and internet connection everywhere. Kewl!
ok, sorry 4 OT.. Today i spend whole day by reading about Bluetooth vulns, and then practicing examination with bluesnarfer, spooftooph, etc. against my smartphones, tablets, tomtom, laptop, car radio, and neiberhood's tv and some reprostation. No success, but i don't have proper equipment.. :/ http://hakshop.myshopify.com/collections/wireless-gear with regular bt client in mobile devices you can do only regular things. Same in laptop and dongle client in desktop, both Atheros chipset. https://drive.google.com/file/d/0B832qN0OMdvhOXJsVFoyX0htS0E/view?usp=drivesdk
That app was BTinfo but only works on Java mobile .
I think basic enumeration of surrounding bluetooth classic / le devices and services using android api would be a good place to start. I wrote this dodgy test app a while back just to see what device services I could find (yes, I know it's terrible code but you get the basic idea): https://github.com/lionliam96/Bluetooth-Scanner
Also, adding a database of bluetooth macs/service uuids could really help with researching bluetooth vulnerabilities. An implementation of the old obex push trick would be fun as well!
Thanks @lionliam96 :smirk: I am having a look
Hey. So theres security features of Bluetooth. 1.Devices will not communicate unless you have paired the devices. And pairing is possible just if you know the BD_ADDR of other device.
You can brute force the BD_ADDR but that will take some time.
In Linux something like spoofing your victims computer to belive ur bluetooth keyboard are Its keyboards. But thats extremely hard. I remember i had bluetooth hacking software on my Nokia on like year 2004. U were able to see contacts messanges and more. It were possible in bluetooth 1.
But how will bluetooth hacking in cSploit included.
Thanks.
EDIT: Found this>http://tools.kali.org/wireless-attacks/bluesnarfer