I want to figure out the protocol between 2 Bluetooth devices (BT, no BLE). I know they are using SPP as I can use https://github.com/eelcocramer/node-bluetooth-serial-port to connect to the slave.
I was wondering if I could do a MITM attack by emulating the slave so the real master connects to me and to pipe the data through to the real slave?
Does such a tool exist or should I write one myself?
Thanks,
Sam
To answer my own question: YES, it is possible. I successfully did a man-in-the-middle attack using btproxy. I also used bdaddr to spoof the MAC address.
Related
I'm building a commercial esp8266 device. I need it to connect to WiFi to use the device with an app.
I managed to connect it via both WPS and Access Point (getting the SSID and Password from the app by connecting to the Access Point).
I'm trying to understand which of these two would be ideal for commercial use.
WPS compromises network security until a device connects but it is super fast.
AP doesn't compromise security but it is slower + the user loses his WiFi connection until he passes the SSID and Password.
Another problem is that people might not be able to find the WPS button on their router.
Which of these two methods of connecting to WiFi should I use?
So, essentially what should I choose between Speed and Security?
Edit: It's important to note that multiple commercial devices use WPS to connect (printers for example).
In a commercial setting using WPS makes no sense at all, just use the access point information as you do not want to have any chance of security breach.
I know that bluetooth uses hoping, and because of this difficult to intercept traffic.
Сan i put my dong into monitoring mode?
If for example are 30 devices nearby, and i will always listen just one bluetooth channel, and my dongle works in monitor mode, should i get sometimes some data?
Can i use for these purposes Hcidump or tcpdump?
If I understand correctly, if bluetooth device does not have a password, i can directly interact with its services(with hcitool and tmux).?
I read that i can watch the battery level, device name, and other information.
PS: sorry for bad english.
It is possible to monitor traffic between Bluetooth devices but I am quite sure that your default laptop dongle is not capable of doing that.
Before establishing connection between two Bluetooth devices, they send connection request/response packets on primary advertising channels (37th, 38th, 39th channel). You need to capture these packets to learn hopping pattern, connection interval and etc. After receiving packets, you can monitor insecure Bluetooth connections. However it is hard to monitor 30 device simultaneously because you need to make time division between each connection.
Let's answer your questions.
It might be possible but you need to write driver level code.
It might be possible. As I mentioned, it is good approach to capture connection request/response packets before monitoring devices.
I have no idea about these tools.
To manipulate services, you need to know service handle and duplicate GATT client's mac address. I am not sure that, this method will work.
I am not sure if this is correct but I did see an advert in the newspaper about secure remote access using two usb. One USB is plugged into remote PC and the other USB plugged into the machine through which I am connecting from. It creates the secured remote access without any need of third party software like logmein or gotomyPC or any other commercial remote software.
Can anyone suggest if this is possible and if anyone currently doing this ?
There are 3 basic ways:
secure everything on your pc, by encrypting all files on it with USB
dongle, for example GuardKey or any similar. Btw in China this
method is very popular to keep files safe and no files leaking
outside companies as file actions are logged (can't say what exact dongle they use);
make secure connection between computers by using VPN tunnel
(very popular these days for users), no extra hardware needed;
For server is HSM (hardware security module) what can be as a
box and is considered as military grade or cheaper solution USB
dongle and on other end USB dongle or embedded chip capable to
decrypt and crypt all in/out going data stream usually combined with
KMS (key management software) what can be embedded in hardware or
separate install-able.
I have been using bluetooth module BC 417 of company "NOVA".
I have kept all UART setting as suggested by datasheet.
i.e. buad rate=9600, parity=none, stop bit=1
My connection is getting established with nokia 5130 bluetooth, but as soon as m going to send something from UART connection is disabled.
Whenever i go to connect this module to android phone's bluetooth, connection does not take place.
For making connection i am using this command BC:CS=<address of bluetooth>
So i have following question:-
Is there any another setting is required in hyper terminal?
Is there any firmware is available for nova comm control interface module version 1.2?
Sorry, I only have enough reputation to answer and not just comment. You might want to try making sure that hardware flow control is switched on. It's a little difficult to know for sure as details of your set-up are so sketchy. Are you connecting this to an embedded micro and then trying to connect to a phone? What are you connecting hyper terminal to? Another phone or this Nova module?
I have to access at sound record in a digital stethoscope. But I don’t access directly to the record sound. I have to use a propriety application.
Someone knows software to sniff the Bluetooth transmission between the digital stethoscope and my computer. I need that to understand if I can program my application in Java to communicate with the stethoscope.
Thank you.
Best regards.
Daniel
If you are looking for a Bluetooth sniffer , try this http://www.fte.com/products/fts4bt.aspx