search

conorpp / btproxy

Man in the Middle analysis tool for Bluetooth.
GNU General Public License v3.0
509 stars 76 forks source link

Error when starting service #3

Open wishbone1138 opened 7 years ago

wishbone1138 commented 7 years ago

I'm getting stuck on a attribute error when it tries "starting service". It pairs with my slave fine and looks up all the info it seems to need. I get a pairing successful message on my slave. It looks like it's having an issue polling the services?

I'd love to get this working as it's the only MITM BDR/EDR tool that I know of! Running proxy on master BC:EE:7B:A4:2A:50 and slave E4:22:A5:0B:DF:8B running ['replace_bluetoothd'] running ['hciconfig', '-a'] Using shared adapter running ['hciconfig', 'hci0', 'up'] Slave adapter: hci0 Master adapter: hci0 Looking up info on slave (E4:22:A5:0B:DF:8B) running ['hcitool', 'inq'] Looking up info on master (BC:EE:7B:A4:2A:50) running ['hcitool', 'inq'] Spoofing master name as PLT_Legend_btproxy running ['hciconfig', 'hci0', 'name', 'PLT_Legend_btproxy'] running ['hciconfig', 'hci0', 'sspmode', '1'] running ['hciconfig', 'hci0', 'class', '0x240404'] running ['hciconfig', 'hci0', 'piscan'] running ['which', 'bluez_simple_agent_nouser'] running ['python', '/usr/local/bin/bluez_simple_agent_nouser', 'hci0', 'E4:22:A5:0B:DF:8B'] paired running ['replace_bluetoothd', '/usr/local/lib/python2.7/dist-packages/btproxy-0.1-py2.7-linux-x86_64.egg/blocksdp.so'] Spoofing master name as PLT_Legend_btproxy running ['hciconfig', 'hci0', 'name', 'PLT_Legend_btproxy'] running ['hciconfig', 'hci0', 'sspmode', '1'] running ['hciconfig', 'hci0', 'class', '0x240404'] running ['hciconfig', 'hci0', 'piscan'] {'protocol': None, 'name': None, 'service-id': None, 'profiles': [], 'service-classes': ['1200'], 'host': 'E4:22:A5:0B:DF:8B', 'provider': None, 'port': None, 'description': None} SDP interceptor started Starting service {'protocol': None, 'name': None, 'service-id': None, 'profiles': [], 'service-classes': ['1200'], 'host': 'E4:22:A5:0B:DF:8B', 'provider': None, 'port': None, 'description': None} Traceback (most recent call last): [Errno 2] No such file or directory File "/usr/local/bin/btproxy", line 4, in import('pkg_resources').run_script('btproxy==0.1', 'btproxy') File "/usr/lib/python2.7/dist-packages/pkg_resources/init.py", line 719, in run_script self.require(requires)[0].run_script(script_name, ns) File "/usr/lib/python2.7/dist-packages/pkg_resources/init.py", line 1504, in run_script exec(code, namespace, namespace) File "/usr/local/lib/python2.7/dist-packages/btproxy-0.1-py2.7-linux-x86_64.egg/EGG-INFO/scripts/btproxy", line 39, in btproxy.mitm() File "/usr/local/lib/python2.7/dist-packages/btproxy-0.1-py2.7-linux-x86_64.egg/libbtproxy/mitm.py", line 535, in mitm server_sock = self.start_service(service) File "/usr/local/lib/python2.7/dist-packages/btproxy-0.1-py2.7-linux-x86_64.egg/libbtproxy/mitm.py", line 260, in start_service if service['protocol'].lower() == 'l2cap': AttributeError: 'NoneType' object has no attribute 'lower'

conorpp commented 7 years ago

So "running ['hciconfig', 'hci0', 'piscan']" returned this object:

{'protocol': None, 'name': None, 'service-id': None, 'profiles': [], 'service-classes': ['1200'], 'host': 'E4:22:A5:0B:DF:8B', 'provider': None, 'port': None, 'description': None}

And the protocol is None and the script expects it to be a string, hence failing at if service['protocol'].lower() == 'l2cap. I suggest running hciconfig hci0 piscan to see if that is the correct results the parser is getting. If not, patch the parsing of the commands output. If already correct, figure out if RFCOMM or L2CAP is the protocol to be used. Then patch the script at mitm.py:260 to use the right protocol.

Pull request is welcome.