Raspberry Pi 3 – Bluetooth Experimentation

https://null-byte.wonderhowto.com/how-to/hack-bluetooth-part-1-terms-technologies-security-0163977/

Bluelog Installation

  1. Open a terminal window
  2. sudo apt install libbluetooth-dev
  3. git clone https://github.com/MS3FGX/Bluelog.git
  4. cd bluelog
  5. make
  6. ./bluelog -vmfn
    • (‘./bluelog  –help’ for flag explanation and listing of other flags)

Bluemaho Installation

  • https://wiki.thc.org/BlueMaho
  1. Open a terminal window
  2. sudo apt install python-lightblue libusb-dev libreadline-gplv2-dev libxml2-dev libopenobex-dev pkg-config eterm bluez python-wxgtk3.0 python
    • python (python 2.4 http://www.python.org)
    • python-wxgtk3.0 http://www.wxpython.org
    • BlueZ (3.9/3.24) http://www.bluez.org
    • Eterm to open tools somewhere, you can set another term in ‘config/defaul.conf’ changing the value of ‘cmd_term’ variable. (tested with 1.1 ver)
    • pkg-config(0.21), ‘tee’ used in tools/showmaxlocaldevinfo.sh, openobex, obexftp
    • libopenobex-dev (needed by ussp-push)
    • libxml2, libxml2-dev (needed by btftp)
    • libusb-dev (needed by bccmd)
    • libreadline-gplv2-dev (needed by atshell.c)
    • python-lightblue (needed by obexstress.py)
  3. git clone https://github.com/zenware/bluemaho.git
  4. cd bluemaho
  5. ./bluemaho.py

Bluemaho Testing

atshell tool via graphical interface

  • program output

2018-02-03 18:49:58 bluemaho loaded.
> code for exploiting buffer overflow vulnerability in Widcomm Bluetooth Stack <= 1.4.2 variations. this exploit only demonstrates exploitation process, and shows some text string on exploited device. if you want something more – you’ll need to play with shellcode inside exploit.
TARGET values:
0. XP Pro SP0 – Ambicom btysb1.4.2w.zip 1.4.2 Build 10
1. XP Pro SP0 – Actiontec Bluetooth Software
2. XP Pro SP0 – Belkin Bluetooth Software 1.4.2 Build 10
3. XP Pro SP1a – Belkin Bluetooth Software 1.4.2 Build 10
4. XP Home SP1a (and Pro?) – Belkin Bluetooth Software 1.4.2 Build 10
5 .Crash
> atshell – rfcomm shell for AT commands. mostly used to communicate with DialUp Networking services. different devices accepts different manufacturer specific AT

  • Eterm Error

Eterm: Error: execvp() failed, cannot execute “./tools/atshell”: No such file or directory

  • My linux terminal error

Eterm: Warning: Locale not supported; defaulting to portable “C” locale.

 

So it looks like atshell.c is not in the tools directory in the bluemaho folder, along with some other tools that are missing for whatever reason.

Bluediving

In looking for atshell.c, I came across this bluetooth suite.

https://github.com/balle/bluediving/blob/master/README

  1. Open terminal
  2. git clone https://github.com/balle/bluediving.git
  3. sudo apt install bluez sox obexftp libreadline* expat
  4. sudo perl -MCPAN -e ‘install XML::Simple’
  5. Have a look at the configuration file bluedivingNG.conf

I can’t actually run it on Kali Linux but it does have an interesting suite of tools that I may be able to install and run manually.

root@kali:~/bluediving# cd tools
root@kali:~/bluediving/tools# ls
atshell_bsd.c bss-0.8 l2cap_headersize_overflow.c
atshell.c btftp_src l2cap-packet.c
attest_bsd.c btobex Makefile
attest.c btobex_src make_tools.sh
backdoored-bluetooth.c carwhisperer-0.2 redfang_bsd.c
bccmd greenplaque_src redfang_src
bccmd_src hcidump-crash.c redfang.tar.gz
bdaddr_bsd.c hidattack01 rfcomm_shell_bsd.c
bdaddr.c hstest.c rfcomm_shell.c