• Stars
    star
    208
  • Rank 189,015 (Top 4 %)
  • Language
    C
  • Created over 4 years ago
  • Updated 11 months ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Bluetooth hack, forked from https://gitlab.com/kalilinux/packages/bluesnarfer/

Bluesnarfer

Bluesnarfing is the unauthorized access of information from a wireless device through a Bluetooth connection, often between phones, desktops, laptops, and PDAs (personal digital assistant). - https://en.wikipedia.org/wiki/Bluesnarfing

Bluesnarfing is a fairly old attack. (First license in debian/copyright says 2007, so that gives you an idea). To my knowledge, all modern devices have at least some kind of protection against bluesnarfing. For example, I tested this with a Samsung Galaxy s7, and it prompted be to give permission to bluesnarfer to read my contacts, make calls, etc. So at least it asked me for permission!

Installation

To install bluesnarfer:

git clone https://github.com/kimbo/bluesnarfer.git
cd bluesnarfer
make

If everything worked, you should be able to run ./bluesnarfer.

Running bluesnarfer

The fun part of this is actually doing some bluesnarfing (or just saying "bluesnarfing", it's definitely in my top 10 favorite words to say).

I ran this on Ubuntu 18.04 and targetted my Samsung Galaxy s7, which worked well.

First, you need to make sure you can reach the device from your computer. Connect your computer to your phone with Bluetooth, then verify you can reach it using something like l2ping:

l2ping <MAC_ADDRESS>

If you're having trouble finding the MAC_ADDRESS, usually you'll be able to see it in your bluetooth settings. I also like to use bluetoothctl and then devices list and it'll show you what devices have been picked up by the scanner or paired previously and what their MAC addresses are.

Next, you run the bluesnarfer program. The general usage is

./bluesnarfer -b <MAC_ADDR> [options]

For example, to list device info, run

./bluesnarfer -b <MAC_ADDR> -i

Once you get that working, you can test a bunch of AT commands (read contacts, read recent calls, make calls, send text messages, etc). Here's a good reference I found for AT commands: https://www.sparkfun.com/datasheets/Cellular%20Modules/AT_Commands_Reference_Guide_r0.pdf (Note that your phone may not support all of the AT commands listed in the reference guide.)

If running the above command doesn't work, you probably need to figure out the right channel to use. The default channel used is 17 (see src/bluesnarfer.c#L59).

To see what channels are available, I used the sdptool:

sdptool browse --tree --l2cap <MAC_ADDRESS>

Then I looked through the output for something that looks like it might let you read information or make calls, send messages, etc. When in doubt, just check all of the channels listed. (Channel 2 worked on my Samsung Galaxy s7, see demo below).

Demo

Here's a short demo of bluesnarfer I did as part of a school project - https://asciinema.org/a/6e1rjk7V3eJL1qoA3kJRUKfh1.

License

License is GPL-2+.

License and copyright info can be found in debian/copyright.

Original README

- HOW TO USE

bluesnarfer, version 0.1 -
usage: ./bluesnarfer [options] [ATCMD] -b bt_addr

ATCMD     : valid AT+CMD (GSM EXTENSION)

TYPE      : valid phonebook type ..
example   : "DC" (dialed call list)
            "SM" (SIM phonebook)
            "RC" (recevied call list)
            "XX" much more

-b bdaddr : bluetooth device address
-C chan   : bluetooth rfcomm channel

-c ATCMD  : custom action
-r N-M    : read phonebook entry N to M 
-w N-M    : delete phonebook entry N to M
-f name   : search "name" in phonebook address
-s TYPE   : select phonebook memory storage
-l        : list aviable phonebook memory storage
-i        : device info

it's simple :P

- what it's do ? rfcomm connection to bdaddr and send/recv AT command from gsm extension ..

- thanks to: mainman, sgrakkyu