Wireless Communications

Notice: This tutorial is not only intended for AWUS036H or rtl8187 users, as the mac80211 stack in 2.6.28 is very nice, this tutorial should be helpful/useful for anyone with a wireless card supported by the mac80211 stack. Updates: 09/01/09 17:24CET: fixed a bug in "mac80211_2.6.28-rc8-wl_frag+ack_radiotap_2.6.28_mod.patch" please redownload (h t t p : / / astray.fragstore.net/apps/mac80211_2.6.28-rc8-wl_frag+ack_radiotap_2.6.28_mod.patch) Hey, it seems like the documentation about the Realtek 8187 chipset and aircrack-ng, as well as some of the forum posts are a bit outdated - they usually cover the r8187 driver, old mac80211 and ndiswrapper things for WPA authentication. I've been searching for a complete solution, which allows me to use the ALFA AWUS036H in monitor mode, packet injection, fragmentation attacks, aswell as authenticating with my AP using WPA or WPA2 without driver switching and other hassles, without much success. (e.g. h t t p : / / forums.remote-explo

Bluetooth Security seems to be very good compared to 802.11 problems. But most of the Bluetooth Security is based the PIN you have to enter during pairing two devices or on the link key, which is a result of it. In addition Bluetooth uses much more channels and hops frequently within the spectrum, which makes Analyzing a real pain. Sniffing raw communication without being paired is until now only available to rich companies or individuals which could buy one of the over-priced Bluetooth Sniffers. Frontline is one of the few Bluetooth Sniffer manufacturers and they sell their application together with a "special" Bluetooth sniffer ComProbe / dongle. Here are some marketing highlights from their FTS4BT product website: - Supports EDR (Enhanced Data Rate): FTS4BT is the only analyzer currently on the market to support Bluetooth v2.0 + EDR. - Finger-sized Bluetooth ComProbe: Air sniffing hardware is incredibly portable and requires no power. - Synchronized air and HCI sniffing: F

If you are planning to gain a deeper understanding of Bluetooth security, you will need a good set of tools with which to work. By familiarizing yourself with the following tools, you will not only gain a knowledge of the vulnerabilities inherent in Bluetooth-enabled devices, but you will also get a glimpse at how an attacker might exploit them. This hack highlights the essential tools, mostly for the Linux platform, that can be used to search out and hack Bluetooth-enabled devices. Discovering Bluetooth Devices BlueScanner - BlueScanner searches out for Bluetooth-enabled devices. It will try to extract as much information as possible for each newly discovered device. Download BlueScan. BlueSniff - BlueSniff is a GUI-based utility for finding discoverable and hidden Bluetooth-enabled devices. Download BlueSniff. BTBrowser - Bluetooth Browser is a J2ME application that can browse and explore the technical specification of surrounding Bluetooth-enabled devices. You can browse device info

All is explained here in the description- This is a tuturial how to hack the most mobile phones with Bluetooth with your Sony Ericsson or Nokia phone. You need a program called "Super Bluetooth Hack" (it's also called "BT Info"). You can download it on many places, such as: http://www.hack.pt.tp/ or http://rapidshare.com/files/63828767/... (there are the newest versions! It's version 1.08) or try Google (search for "BT Info" or "Super Bluetooth Hack". With the program you can do things on the other phone such as: - read SMS messages - read contacts - change profile - play ringtone (even if phone is on silent) - play songs - restart the phone - turn off the phone - restore factory settings - change ringing volume - call from the other phone (it includes all call functions like hold etc.) Notes: 1.) When connecting devices use the code 0000 2.) At start of programm on smartphones do not forget to turn on bluetooth before start of the applic

Bluetooth hacks are categorised broadly among: Bluejacking Bluesnarfing Bluebugging Bluetoothing Bluejacking is the simplest of the four. The hacker uses it by making an attempt to send a phone contact or business card to another nearby phone. The ‘name' field of the contact can be misused by replacing it with a suggestive text so that the target device reads it as a part of intimation query displayed on its screen. This may be thought of as equivalent to spam e-mail since both are unsolicited messages displayed on recipients' end without consent, and by exploiting the inherent nature of communication. Bluesnarfing goes a step further and actually accesses or steals data like messages, calendar, phone book etc., from the target device in an unauthorised manner which includes bypassing the usual paring requirement. Here, the problem is bigger since there have been reports of the tools that use methods such as device address guessing and brute force in order to break-in, even whe

OS: kernel 2.6.27.10 (Ubuntu Intrepid) Card: Intel 5100AGN files: http://tinyshell.be/aircrackng/forum/index.php?action=dlattach;topic=4217.0;id=415 http://tinyshell.be/aircrackng/forum/index.php?action=dlattach;topic=4217.0;id=416 http://tinyshell.be/aircrackng/forum/index.php?action=dlattach;topic=4217.0;id=417 Get the tools and kernel source so you can recompile. "sudo apt-get install kernel-package libncurses5-dev fakeroot wget bzip2 linux-source" Go to your source directory and unpack the kernel source, and go into the source directory. "cd /usr/src" "sudo tar jxvf linux-source-2.6.27.tar.bz2" "cd linux-source-2.6.27" Copy your existing kernel configuration into the linux source folder. This allows you to keep your existing settings, but add in support for injection. "sudo cp /boot/config-`uname -r` ./.config" Take the 3 patched source files posted at the top and replace the ones in your linux source folder. "sudo mv iwl-sta.c

Magic Blue Hack is a Bluetooth Hacking software for any J2ME Bluetooth hand set. By using this Software on your mobile you can hack another open bluetooth device. It may ask for permission to start Bluetooth service with another for first time. But no need to setup this software in another mobile which you want to hack. MagicBlueHack Documentation How To Setup This software only for Java MIDP-2 Bluetooth supported handsets. For some mobile no need to setup this software you can run it directly from its source where the file MagicBlueHack.jar situated & for some mobile it need to setup the file named MagicBlueHack.jar. After setup you can find it in your menu folder or where other software will found after setup. But no need to setup this software in the mobile which mobile you want to hack. How To Run First turn on Bluetooth of your handset -> then run MagicBlueHack from your handset. Then select Connect from Option menu. Wait till the massage appear “Device Search Completed”. T

Field Test Phone ( FTD ) is a portable tool for verification, maintenance and troubleshooting of mobile networks as well as for basic cell planning tasks. Its small size and powerful testing feature make it a convenient tool for day to day monitoring of all M&VUo9_Wb GSM - GPRS / EDGE and future UMTS - WCDMA networks. what you can check with FTD phone: ? Full GSM signaling which can be visible to network operator: Information on the serving cell: - Hoping, Channel carrier number, RX level, TX power levels, Rx quality, Time Slot, Timing advance, Radio Link Timeout, C1, C2, Currently used band, Type of current channel... Information on the 1st, 2nd, 3rd, 4th, 5th, 6th, 7th, 8th neighbours. Network selection display. System information bits for the service cell. Paging repeat period, TMSI, periodic location update. Network parameters. Ciphering, hoping DTX status and IMSI. Uplink DTX switching display. BTS-TEST carrier: lock / unlock on one BTS frequency. Toggle cell barred status. Se