Skip to main content

Bluetooth Sniffing

The last weeks there where some rumors about “Bluetooth Sniffing for everyone”. Max Moser released a paper in which he is describes how to modify a regular Bluetooth dongle into a full featured Bluetooth Sniffer using Frontline’s FTS4BT software.The Software is available for free, the firmware you need to convert a Bluetooth dongle into a sniffer comes with the Software. All you need is a serial number to run the Software. The media give the impression that now everybody can easily sniff Bluetooth.
But in fact, Bluetooth Sniffing is not that easy. To successfully sniff Bluetooth connection you always have to know at least one of the Bluetooth addresses used in a piconet. And not only that, you also have to know whether the device is master or slave of the piconet and if it’s inquiry or page scanning.If the connection is encrypted you even need more information. You need to know the other devices Bluetooth address, too and you have to know the Link Key the two devices are using for their connection. You could obtain the Link Key by sniffing the Pairing Process and then use btcrack to brute force the Link Key. When the two devices are already have been paired you first have to deauthenticate them.
Of course all the information you need would be possible to get, but in fact sniffing Bluetooth is not that easy as sniffing Wi-Fi.Another point is, that the sniffers used right know don’t seem to work pretty good at distances, therefore you have to be very close to your devices. All in all, even I am not sure if it would help using antennas or not. In my opinion, with state-of-the-art hard- and software it is nearly impossible to successfully implement an eavesdropping attack in field on an encrypted connection.
But let’s see what the future brings. If somebody finds out how the RAW-Packets of the Frontline firmware are passed through HCI it would be possible to use the sniffer hardware with custom software which features scripting making everything easier. Another possible scenario, described earlier in another post might become possible: build a device which can sniff all 79 channels simultaneously. Just take 79 dongles - one dongle for one channel. This way you wouldn’t have to manually synchronize one dongle to the piconet’s hopping sequence.
Source www.evilgenius.de

Popular posts from this blog

Test New ALFA-AWUS036H v.2 (1.000mW) VS ALFA-AWUS036H v.1 (500mW)

- Recently emerged the New ALFA-AWUS036H v.2 (1.000mW), and these are the tests. TEST WITH NETSTUMBLER 1) usb da 100mW chipset railink 2) usb da 200mW chipset railink rt73 3) intel 2200 b/g con connettore esterno rp-sma 4) Alfa-AWUS036H 500mW 5) New Alfa-AWUS036H V2 da 1.000mW

Creating A Cheap Bluetooth Sniffer

Many papers and posts on internet forums have commented on the success of turning normal everyday bluetooth USB dongles ($10), into their more powerful counterparts that allow the capturing of packets from the airwaves. These more powerful USB dongles are usually sold at a much higher price ($10,000) together with the software to drive and control these devices. The problems associated with BlueTooth sniffing You cant simply just purchase the dongle with the alternate firmware. There is next to no real opensource packet capture program for the bluetooth protocol. Hardware & Limitations Chipsets: Whats the difference? The chipset of the Bluetooth USB Dongles are very important. Broadcom chipsets are cheap hardware and are deemed unsuitable devices for this paper. But unfortunalty nowadays, every manufacturer seems to prefer putting these chips in their products compared to the more reliable Cambridge Silicon Radio (CSR) chipset. If your lucky enough to find a dongle with a CSR chips...

ALFA-­AWUS036H & ALFA-­AWUS050NH INSTALLING/UPDATING DRIVERS RTL8187, r8187, RT2800usb on UBUNTU

NOTE: For surfing Internet with ALFA-AWUS050NH on Ubuntu Jaunty with rt2870sta driver, you must use the Kernel "2.6.28-11-generic #42-Ubuntu", without change or updates the drivers modules. NOTE: The tutorial is not related to Ubuntu karmic. Driver RTL8187/Stacks-­mac80211 (ref. ALFA-­AWUS036h) ­- These drivers, for surfing Internet, are more stable than r8187, and fully compatible with Network-Manager 0.7 installed by default on Ubuntu 9.04. Network-Manager 0.7 installed by default on Ubuntu 9.04. ­- Supports all encryption without problems. (OPEN, WEP and WPA/WPA2) ­- With Compat-Wireless, the "injection" working, but for support “Fragmentation attack” (opt. -5) you need to install one patch. - The RX sensitivity and packets injection is less, related to drivers r8187. Driver r8187/Stacks-ieee80211 (ref. ALFA-AWUS036h) - This driver is recommended for use with the Suite of Aircrack-ng, but not particularly suitable for Internet connections, as less stable and disc...