Skip to content

shayp/BlackTooth

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

23 Commits
CGI
CGI
 
 
HTML
HTML
 
 
dual_pair
dual_pair
 
 
README.md
README.md
 
 

Repository files navigation

BlackTooth

BlackTooth is a set of tools to scan and attack Bluetooth devices. It is comprised of probing tools and a CGI based website that allows the monitoring of nearby Bluetooth devices. The tools are based on the Linux Bluetooth stack BlueZ v4. BlueZ v5 is not supported!

Scanner

Scripts for scanning and detecting nearby devices in real time

  • CGI/

    • cgi-devscan.cpp - CGI device scan and probe source code
    • refresh_apache.sh - Run this in order to refresh the server with the most up to date binaries

HTML

Includes all the HTML & JavaScript code for the scanner website UI

  • HTML/

    • index.html - the HTML source for the website UI
    • scripts/ - all the JavaScript scripts: Maps, images, mac resolve etc

Dual pair MITM

Includes the code that performs the MITM attack, used for sniffing and attacking audio & telephony Bluetooth traffic & protocols. The attack works for both audio & telephony.

  • dual_pair/

    • restart.sh - recompiles the source and runs the MITM sniffer & attacker
    • dual_pair.c - The source code for the MITM attack

Setup

  • scanning devices
    • Follow the instructions in ./CGI/setting_up_apache.txt to configure your apache web server
    • run ./CGI/refresh_apache.sh to refresh the CGI binaries and HTML page with the latest ones
    • open your browser at 127.0.0.1 :)
  • Dual pair MITM
    • Update dual_pair/dual_pair.c to target your wanted devices and configure local controller
      • dest1_mac - the headset/speaker (audio sink) mac
      • dest2_mac - the mobile phone (audio gateway) mac
      • local_mac - the MITM attacker mac (our local controller's mac)
      • rfcomm_channel1, rfcomm_channel2 - Update to the device const value
        • You can discover these by uncommenting the two sdp_lookup_uuid_rfcomm_channel() function calls and supplying the wanted service UUID
        • This will query the target MACs for the RFCOMM channel of the specified UUID service via SDP
        • The relevant ones are defined in the code already, replace as necessary
        • Do not run the MITM attack straight after an SDP query! Do so in two different executions of the dual_pair binary
    • Disable the bluetooth service to allow service traffic to reach dual_pair: sudo service bluetooth stop
    • Run restart.sh :)

Authors

  • Amir Barak
  • Shay Perchik

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

2 stars

Watchers

3 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages