PaulDotCom mailing list archives
Re: Question about simple BlueTooth hack
From: craig bowser <reswob10 () gmail com>
Date: Mon, 14 Mar 2011 14:15:45 -0400
The plan all along was to use one of my own phones. Those are the four I listed (OK, two belong to my kids, but same difference). I had the same fears using driftnet (hello, Connecticut substitute teacher situation?). Sounds neat, but I have no desire to spend the next 3-4 years fighting that sort of charge. I also thought about demonstrating the dangers of FB, but a quick search on openbook.org shows that the either my kid's school is boring, not on FB, or the online safety classes are working. I seriously doubt many of them are tweeting, so twitpic or similar may not impact them either (and those open up driftnet problems as well). Well, I'll look around for some old phones.... maybe I'll find an older model that the hack works on. Craig L Bowser ____________________________ This email is measured by size. Bits and bytes may have settled during transport. On Mon, Mar 14, 2011 at 1:17 PM, Josh More <jmore () starmind org> wrote:
I think that you should seriously consider the possibility of finding things that you do not wish to find. As you are dealing with minors the penalties that we all face when doing something "cool" are going to be higher. Driftnet could result in displaying certain images to a group of kids that, if it occurred, could be rather unfortunate for you personally. If your bluetooth attack finds stuff you are in a tricky reporting scenario. I think that the game idea is the best one, but don't run it on some random kid's phone. Instead, do it on your own kid's phone (or get a parent or teacher to volunteer their own kid). -Josh More On Mon, Mar 14, 2011 at 10:18 AM, Bill Swearingen <hevnsnt () i-hacked com>wrote:dude.. Dont do the bluetooth stuff, go with Driftnet. Always a winner with crowds, and shows why free wifi is scrrrrrzy! On Mon, Mar 14, 2011 at 9:08 AM, Robin Wood <robin () digininja org> wrote:On 14 March 2011 11:44, craig bowser <reswob10 () gmail com> wrote:So, I'm giving a talk at my son's school for career day. My talk ismostlyon the IA/Infosec career, but I thought I would do a quick simplebluetoothhack to cut into the drone of person after person yapping up front.Theseare 6-8th graders... attention span is limited. I know, I have two. Anyway, I've been trying to get bluenarfer and bluebugger to work toeitherpull out an address book or dial a phone number. However, I can't seemtoget it working. When any connection is made, the phone asks for a pinorasks if I want to allow a connection. I would like the hack to workwithoutinteraction from the user of the phone. With bluesnarfer I get: root@Joshua:/media/disk/files/ bluesnarfer# ./bluesnarfer -r 1-100 -C 1 -b 00:11:22:33:44:55 device name: Craig ^Cbluesnarfer: release rfcomm ok I control-C out after a while because bluesnarfer waits and waits, I'm guessing waiting for the phone to accept the connection. With bluebugger I get: root@Joshua:/media/disk/files/bluebugger/bluebugger-0.1# ./bluebugger-mCraig -c 1 -a 00:11:22:33:44:55 info bluebugger 0.1 ( MaJoMu | www.codito.de ) ----------------------------------------- Target Device: '00:11:22:33:44:55' Target Name: 'Craig' Mobile Identification --------------------- ...done but no data. I tried: root@Joshua:/media/disk/files/bluebugger/bluebugger-0.1# ./bluebugger-mCraigc 1 -a 00:11:22:33:44:55 dial 7xxxxxxxxx bluebugger 0.1 ( MaJoMu | www.codito.de ) ----------------------------------------- Target Device: '00:11:22:33:44:55' Target Name: 'Craig' Dialing '7xxxxxxxx' ....call to '7xxxxxxxx' should be active now Press <enter> to abort bluetooth connection * shows 'cancel call too?'-popup on Nokia 6310i) but nothing actually dialed. The phones I've been trying are: HTC Droid Incredible LG Cosmos Samsung Intensity Palm Centro I've been doing this on my Ubuntu 10.04 box, but I am definitely opento abootable backtrack CD or other bootable iso. Any suggestions? Can I somehow pass it the pin or several pins? Thanks Craig L BowserThere is no way I'd try this without permission, you could get yourself into all sorts of trouble. Probably best get a dummy phone, ask someone to put a contact in it then show them how you can get that. Robin _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- Question about simple BlueTooth hack craig bowser (Mar 14)
- Re: Question about simple BlueTooth hack Professor Thread (Mar 14)
- Re: Question about simple BlueTooth hack Jim Halfpenny (Mar 14)
- Re: Question about simple BlueTooth hack Robin Wood (Mar 14)
- Re: Question about simple BlueTooth hack Bill Swearingen (Mar 14)
- Re: Question about simple BlueTooth hack Josh More (Mar 14)
- Re: Question about simple BlueTooth hack craig bowser (Mar 14)
- Re: Question about simple BlueTooth hack Bill Swearingen (Mar 14)
- Re: Question about simple BlueTooth hack craig bowser (Mar 15)
- Re: Question about simple BlueTooth hack Bill Swearingen (Mar 14)
- Re: Question about simple BlueTooth hack Professor Thread (Mar 14)