Skip to content

Category: Hacking

Hacking

Spoof BTADDR

Wrote a quick & dirty python wrapper for the bluez-utils bccmd command to set a the btaddr
of an bluetooth hci device. The native bccmd syntax is awkward, so that i found it handy to have a script which accepts normal formated btaddr as an argument and does some error checking and status infomation.

Usage:

root@linux:~/devel/tech/bluetooth/# ./setbtaddr hci0 01:0E:07:75:B7:12
Exec './bccmd  -d hci0 psset -r bdaddr 0x75 0x00 0x12 0xB7 0x07 0x00 0x0E 0x01'
hci0:   Type: USB
        BD Address: 01:0E:07:75:B7:12 ACL MTU: 192:8 SCO MTU: 64:8
        UP RUNNING
        RX bytes:86 acl:0 sco:0 events:9 errors:0
        TX bytes:33 acl:0 sco:0 commands:9 errors:0

download

1 Comment

H00lyshit – DIY Bluetooth Sniffer

Since the 23c3 every interested researcher knew that is easy to compromise bluetooth sessions using the BTcrack tool.Thierry Zoller showed how it’s possible to retrieve link keys, The only problem was to get hands on a bluetooth sniffer device to get the raw bluetooth packets. Such devices are not available at consumer prices. But somehow Max Moser found a way to tranform a vanilla usb bt dongle into a bluetooth sniffer device. Don’t believe the hype…Now bluetooth security is dead.

Mini Howto:

#Backup old firmware
dfutool -d hci0 archiv backup.dfu
# Backup config
bccmd -d hci0 pslist -s 0x000F >> backup_cfg
# Check Vendor ID ( has to be 0x0a12)
bccmd -d hci0 psget -s 0x000f 0x02be
# Write new Product ID
bccmd -d hci0 psset -s 0x0002 0x02bf 0x0002 
5 Comments

Undelete with Sleuthkit

Wrote a little Bash script using Sleuthkit tools to recover a deleted file from a partion. Tested the script with ext2 and fat32 filesystems.

Setup a test image:

dd if=/dev/zero of=image bs=1k count=8192
mkfs.ext2 image
mount -o loop image /mnt/image
cp something /mnt/image
rm /mnt/image/something
sync
umount /mnt/image

Now you can start the script to find a token of the deleted file:

./find.sh image “Test”

The Code for find.sh

#!/bin/sh

IMAGE=$1
TOKEN=$2
BSIZE=1024
TYPE="linux-ext2"
TMP="dls_$(date +%Y%d%m_%H%M%S)"

if [ $# -ne 2 ]
then
echo "Usage: $0 image token"
exit -1
fi

if [ ! -f $IMAGE ]
then
echo "Cannot find $IMAGE"
exit -1
fi

if [ -z "$TOKEN" ]
then
echo "Pleae give search token"
exit -1
fi

echo "--------------------------"
echo "Found deleted"
fls -f $TYPE -rd $IMAGE
dls -f $TYPE $IMAGE > $TMP
strings -t d $TMP > $TMP.str
echo "--------------------------"
grep -i "$TOKEN" $TMP.str
echo "--------------------------"
echo -en "Select Offset:"
read n
ADDR=$(grep -i "$TOKEN" $TMP.str | grep "$n" | sed 's/^[ \t]*//' | head -n 1 | cut -d " " -f1)
if [ -z "$ADDR" ]
then
echo "Nothing found for '$TOKEN'"
exit -1
fi
echo "Found $ADDR"
OFFSET=$(echo "$ADDR / $BSIZE" | bc)
echo "Using Offset $OFFSET"
BLOCK=$(dcalc -f $TYPE -u $OFFSET $IMAGE)
echo "Using Block $BLOCK"
echo "----------------------------"
dcat -f $TYPE $IMAGE $BLOCK
echo
echo "----------------------------"
INODE=$(ifind -f $TYPE $IMAGE -d $BLOCK)
echo "Found Inode $INODE"
istat -f $TYPE $IMAGE $INODE
BLOCKS=$(istat -f $TYPE $IMAGE $INODE | tail -n 1)
echo "---------------------------"
echo "Found Blocks $BLOCKS"
echo "---------------------------"
(for BLOCK in $BLOCKS
do
dcat -f $TYPE $IMAGE $BLOCK
done) | tee $TMP.found
echo "---------------------------"
echo "Saved to $TMP.found"
echo "---------------------------"
rm -f $TMP $TMP.str

Comments closed