How will Bluetooth hacking work?

[pahapoika]

Hey. So theres security features of Bluetooth. 1.Devices will not communicate unless you have paired the devices. And pairing is possible just if you know the BD_ADDR of other device.

2. It does hop the frequence like ehh rabbit? Bluetooth uses AFH (Adaptive Frequence Hopping) And it uses 79-channels in 2.4Ghz. And it hops between them in rate of 1600 per second.
3. It does encrypt the file that you are transfrening using your MAC adress 2-keys and random authenicating key. It does it using stream cipher called E0. Its 128-bit.

You can brute force the BD_ADDR but that will take some time.

In Linux something like spoofing your victims computer to belive ur bluetooth keyboard are Its keyboards. But thats extremely hard. I remember i had bluetooth hacking software on my Nokia on like year 2004. U were able to see contacts messanges and more. It were possible in bluetooth 1.

But how will bluetooth hacking in cSploit included.

Thanks.

EDIT: Found this>http://tools.kali.org/wireless-attacks/bluesnarfer

[ETeissonniere]

@pahapoika we may add tools like bluesnarfer or others.

[AlA777]

Yeah, i remember some app on SonyEricsson, that was pretty effective, when someone accept your pair invitation, already granted you full access to his telephone. Bluetooth was new type of communication, and everybody was excited to play with. Especially me, everyday in subway, traveling to my work. In 2005-6 i obtain my first Symbian Nokia N70, and quick DSL connection.. that was gamechanger after WinCE and dial-up.. :D That was start of computer's golden era, and beginning of quick evolution. Still in progress, in such astonishing quantity to take breath. From C64 - AMD64, from Dancall - Psion - iPaq to Android, and internet connection everywhere. Kewl!

ok, sorry 4 OT.. Today i spend whole day by reading about Bluetooth vulns, and then practicing examination with bluesnarfer, spooftooph, etc. against my smartphones, tablets, tomtom, laptop, car radio, and neiberhood's tv and some reprostation. No success, but i don't have proper equipment.. :/ http://hakshop.myshopify.com/collections/wireless-gear with regular bt client in mobile devices you can do only regular things. Same in laptop and dongle client in desktop, both Atheros chipset. https://drive.google.com/file/d/0B832qN0OMdvhOXJsVFoyX0htS0E/view?usp=drivesdk

[Megaeloelo]

That app was BTinfo but only works on Java mobile .

[lionliam96]

I think basic enumeration of surrounding bluetooth classic / le devices and services using android api would be a good place to start. I wrote this dodgy test app a while back just to see what device services I could find (yes, I know it's terrible code but you get the basic idea): https://github.com/lionliam96/Bluetooth-Scanner

Also, adding a database of bluetooth macs/service uuids could really help with researching bluetooth vulnerabilities. An implementation of the old obex push trick would be fun as well!

[ETeissonniere]

Thanks @lionliam96 :smirk: I am having a look