This page has been robot translated, sorry for typos if any. Original content here.

Bluetooth (FAQ and hack)


* What is bluetooth?
* How does bluetooth work?
* Is there a frequency conflict between Bluetooth devices and others using wireless radio?
* Is Bluetooth technology certified in Russia?
* Why do many call bluetooth "blue tooth"?
* What are Bluetooth devices?
* How can I use bluetooth?
* At what distance can a Bluetooth connection be made?
* What is the power consumption and data transfer speed through a Blutooth connection?
* Is it possible to protect data transmitted via Bluetooth, and how does it work?
* Who can access my Bluetooth device while the wireless function is active?
* How to configure a Bluetooth device to communicate? * What is pairing of Bluetooth devices?
* When connecting two Bluetooth-enabled devices, I constantly get a password. Is it possible to automate the process of their identification?
* I have completed all the settings for Bluetooth, but the devices cannot communicate. How can this problem be solved?
* Who makes Bluetooth chips?
* Should we expect the integration of Bluetooth technology with personal computers?
* Does Bluetooth have competitors?
* How much does Bluetooth production cost and when will the technology be available to the average user?
* What are the prospects for the development of technology?

Technical part:

What is bluetooth?
In a global sense, Bluetooth is a technology for wireless data transfer for any device with its support: mobile phones, PDAs, laptops, desktop computers, printers, digital devices, and even household appliances. The material embodiment of Bluetooth is a small chip, which is a high-frequency short-range transceiver operating in the frequency range of ISM (Industrial, Scientific and Medical) 2.4465-2.4835 GHz. The range is designed for the operation of medical devices, household appliances, cordless phones, wireless LAN standard IEEE. No license is required to use it.

How does bluetooth work?
Bluetooth acts as a multipoint radio channel controlled by a multilevel protocol, similar to GSM cellular communication. Bluetooth is able to "circumvent" obstacles (including walls), so the connected devices may be out of line of sight. A connection can take place not only on a point-to-point basis (two devices), but also on a point-to-point basis - several points (one device works with several others). In addition to the presence of a Bluetooth chip in various devices, certain software is required for the system to work. The technology uses small short-range transceivers, either directly integrated into the device or connected via a free port or expansion slot (USB, CF, SD / MMC, MS, PCMCIA). The technology uses FHSS - frequency hopping (1600 hops per second) with spread spectrum. During operation, the transmitter switches from one operating frequency to another using a pseudo-random algorithm to avoid conflicts with other devices. For full-duplex transmission, time division duplex (TDD) is used. Isochronous and asynchronous data transfer is supported, and easy integration with TCP / IP is provided. Time slots are deployed for synchronous packets, each of which is transmitted on its own radio frequency. Each device has a unique 48-bit network address that is compatible with the IEEE 802.11x LAN standard format.

Is there a frequency conflict between Bluetooth devices and others using wireless radio?
The frequency range of Bluetooth matches the operating range of most modern wireless systems in industry, scientific and medical institutions, and everyday life. In the event of a so-called “frequency conflict”, serious interference may occur between Bluetooth and other wireless systems in this range. To solve this problem, an abrupt principle of Bluetooth operation was implemented. That is, during its operation, the frequency of the radio transmitter constantly changes from one to another (1600 hops per second). This allows you to free the frequencies needed by other devices and avoid conflicts.

Is Bluetooth certified in Russia?
At the time of this writing, Bluetooth in Russia has not yet been officially certified. Many countries of the world have already been convinced of its safety and usefulness, but in Russia, traditionally, they treat everything new with caution. How long the process of licensing the technology will drag on is not yet known. It is quite obvious that until this happens, large companies producing Bluetooth equipment will not deliver it to the country, which, of course, slows down the spread and cheapening of technology in Russia. At the moment, only those devices that have Bluetooth support as a secondary function (cell phones, printers, etc.) are officially delivered. Devices that are primarily designed to provide Bluetooth connectivity (Bluetooth adapters, etc.) are still on the market illegally.

But if in our country this issue can be resolved positively in the near future, then, for example, in France this will not happen soon. The fact is that there the 2.4 GHz band used by Bluetooth is occupied by the military, who, as usually happens, do not make concessions. True, a small part of the ISM-band (2.4465-2.4835 GHz) still remains free. For France, it is likely that special Bluetooth devices will be developed that are incompatible with devices manufactured for the rest of the world.

Why do many call bluetooth "blue tooth"?
The fact is that the literal translation of Bluetooth from English is a blue tooth. However, the name of the technology did not arise by chance, and it was not the dentist who came up with it at all. In fact, it is inextricably linked with history. A long time ago, the Danish Christian king, who lived in the 900s and ruled during the Viking raids on Western Europe, was called Bluetooth. King Harald Blue Tooth (Harald Bluetooth) went down in history as a collector of Scandinavian lands. In particular, the union of Denmark and Norway is attributed to him. Apparently, the inventors of Bluetooth technology, knowledgeable in historical matters, decided that, by analogy with the history of the king-unifier of the lands, it was called to unite the world of mobile electronics.

What are bluetooth devices?
Today, Bluetooth devices are as follows: wireless headsets (wireless handsfree or headset), cell phones, PDAs, Bluetooth adapters and modules, printers, car control systems, handwriting recognition pens, household appliances. In the future, their number and varieties will grow rapidly.

How can i use bluetooth?
Already today, you can give a lot of examples of successful use of Bluetooth. Today, the most common example is the transfer of various kinds of data between devices over a short distance. For example, all the same telephone conversation through a wireless earphone or Internet access from a mobile computer without using any cable connections. In this case, the phone acts as a remote telephone or modem, which may lie, say, in a jacket pocket or suitcase without occupying the user's hands. Or the access point to the corporate network in the office may be out of range in another room, but the equipment is able to provide work with remote data in the same way if its user computer was connected to the local network via a cable.

How far can a Bluetooth connection be made?
Initially, the technology was conceived for a rather narrow application in communication equipment and assumed the possibility of communication at a distance of up to 10 meters. Today, some companies already offer Bluetooth chips that can communicate at a distance of up to 100 meters. Since Bluetooth radio technology is not "afraid" of obstacles, therefore, connected devices may be out of line of sight. The connection takes place automatically as soon as the Bluetooth devices are within reach, not only with one device, but also with several at once (if they are within reach).

What is the power consumption and data transfer rate through a Blutooth connection?
According to the established standard, the power consumption of Bluetooth devices should not exceed 10 mW (0.1 W). The data transfer speed stipulated by the standard is about 720 Kbit / s in asymmetric mode and 420 Kbit / s in full duplex mode. Three voice channels are transmitted, but not a video signal.
Is it possible to protect data transmitted by

Bluetooth, and how does it work?
Yes. First, a standard authentication procedure is required to communicate with any Bluetooth enabled device. Each device has a unique 48-bit network address that is compatible with the IEEE 802.11x LAN standard format. At these addresses, the devices identify each other. For access from any Bluetooth device to another, active and in range, a two-way password check is required. Only then can interaction be realized. Secondly, thanks to the software, encryption of data transmitted between any devices supporting a compatible algorithm can be implemented.

Who can access my Bluetooth device while the wireless function is active?
It all depends on the operating mode of your device. As a rule, the software of Bluetooth devices has a wide range of settings, which allows you to easily change its behavior in relation to communication partners. You can enable / disable the visibility of your device for other users. For example, by creating a list of devices you periodically use, you can make your device inaccessible to any others. In this case, all attempts by “outsiders” to access your device will be blocked, because they are not in the pre-formed list of communication partners. Configuring the interaction of Bluetooth devices requires some experience and understanding of their interaction scheme. In order to avoid unauthorized access to the data of your device, you must perform all the necessary settings according to the conditions of interaction with the network environment.

How to configure a Bluetooth device to communicate? What is pairing of Bluetooth devices?
First, Bluetooth is activated on at least two devices that need to be made to work together. They should be located within reach of each other (for mobile devices 8-10 m).
Then, on one of them, a search for available devices is performed, and an environment list is formed. Each Bluetooth device has its own unique 48-bit network address, similar to the MAC address of the network adapter in a regular PC, which identifies devices.
Further, the identification process itself is carried out. Suppose that when searching in a network environment, the network address of some mobile phone is found. It is recorded in the memory of the device searched. Then you decide to “pair” both devices for interaction and activate the corresponding cell phone record on the device you are looking for. As a result of this, your device tries to access a mobile phone and sends it its unique network address. He, in turn, enters this address into his list of network environments, but before access to its resources is open, the phone will ask for a digital password. After entering it on the phone, a similar request will appear on the device that requested the communication session. If the passwords match on both devices, the interaction will be established. The second and third stages are called the process of “pairing” Bluetooth devices.

General issues:
"Click to show the spoiler - click again to hide ..."
Q: What is BlueChalking / BlueJacking?

A: BlueChalking is a way to get to know and communicate with people, use network services (playing on a network, accessing file servers, the Internet) using devices equipped with a wireless Bluetooth interface. It is equipped with many modern mobile phones, PDAs, laptops.
Also - the symbolism used by the blucker.
BlueJacking is almost the same as BlueChalking, only bluejackers usually send anonymous messages in order to have fun. Their interest is to observe the reaction of the people who received their messages.

Q: I want to start right now, what should I do?

A: First, turn on Bluetooth in your device (see the instructions and the technical section of the FAQ), set it to “visible to others”, and give your device a meaningful name (many use their network nicknames). Now you have become a full member of the community. You can use the search to identify devices that are nearby or wait until they find you.

Q: Where can I get software for BlueChalking (Jacking)?

A: In the simplest case, software is not needed. Create a new contact in the address book, write a message in the name field (or any other) and send via Bluetooth (for how to do this, see the instructions for your device).
If you want additional features, then there are special programs. For example, BuZZone (http://www.buzzone.net/) for Pocket PC, Mobiluck (http://www.mobiluck.com/) for Symbian Series 60 smartphones (Nokia 3650, 3660, 6600, 7650, etc. .)

Q: I managed to find some device, what should I do next?

A: See the question Where can I get software for BlueChalking (Jacking)? You can also try to send a picture.

Q: I found “Neighbors”, but only they have some strange numbers instead of names or a phone model, why?

A: This situation usually occurs if the owner of the device does not know about those amazing opportunities that are available to him. These people need to be treated with special attention, because they are potential members of the few ranks of BlueChalkers. Incomprehensible numbers is the unique address of the Bluetooth module. According to him, if you wish, you can determine the manufacturer of the module (here - http://standards.ieee.org/regauth/oui/index.shtml) .

* When connecting two Bluetooth-enabled devices, I constantly get a password. Is it possible to automate the process of their identification?

Can. The software for Bluetooth devices has a wide range of settings that regulates their interaction with communication partners. There are a lot of settings, and they can differ from device to device. Among the common functions, there is usually the possibility of automatically identifying devices after they have been “paired”. In this case, no passwords will be re-requested, because the necessary information for authentication is stored in the device memory after initial identification.

* I have completed all the settings for Bluetooth, but the devices cannot communicate. How can this problem be solved?

Check if the Bluetooth function is activated on the second device you are connecting to.
Make sure that the devices are within reach of each other (for mobile devices, this is a distance of 8-10 meters, which may slightly decrease when the batteries are depleted).
Check all settings again carefully. If a data encryption function is installed on one of the devices, the second should also support it.
If the automatic password saving function is enabled, disable it on both devices, perform the authentication process again.
Delete the old information from the list of partners for communication, re-search the active equipment and again “pair” the necessary devices.
Check the availability of software updates on the websites of the developers of the devices used. While the software often causes incompatibility problems for some functions on devices from different manufacturers.

* Who makes Bluetooth chips?

Bluetooth can be developed by any company. Bluetooth stuffing is developed directly by the equipment manufacturer or purchased from other companies. Ericsson was the first to create a device that really works with Bluetooth technology. In early 1998, several giants of the computer and telecommunications market, such as Ericsson, 3COM, Nokia, Intel, IBM, Toshiba, teamed up to create wireless technology between mobile devices and peripherals. Shortly thereafter, the Special Interest Group (SIG) was introduced. Very quickly, companies such as Motorola, Dell, Compaq, Xircom and many others joined it. The Bluetooth forum was created, which includes about two thousand companies (http://www.bluetooth.com/). The mass exit of technology to the open market has already begun, and we can see for ourselves about it ourselves. Bluetooth technology is not in vain called one of the most promising and rapidly developing, because it is convenient, easy to use and relatively cheap.

* Should we expect the integration of Bluetooth technology with personal computers?

Yes, of course. Recently, more and more attention has been paid to Bluetooth technology, and this should contribute to its implementation in a wide variety of devices. While the price of Bluetooth devices is quite high, and many developers are in no hurry with its implementation, which slows down the massive spread of technology. To date, even Microsoft Corporation has announced support for Bluetooth, which promises to soon release the necessary software updates for the operation of such devices under Windows XP. Some companies already provide for the possibility of installing internal Bluetooth modules when purchasing, for example, laptops.

* Does Bluetooth have competitors?

At the initial development stage, the “blue tooth” was not considered a competitor for technologies such as IEEE 802.11a, IEEE 802.11b, and HomeRF. It works in the 2.44 GHz band just like them, however this project was focused on more formal specifications, less global and narrower in its purpose. Rather, the main competitor to Bluetooth at the first stage of development was IrDA, which is by far the most widely used technology for wirelessly connecting computers and external devices. It converts information into infrared radiation and transfers from one device to another. However, along with the advantages, infrared communication has significant disadvantages: work on the point-to-point principle (only two devices at a time), the equipment should be in the line of sight, the range of infrared transceivers is usually not more than a few meters. And Bluetooth acts as a multipoint radio channel (several devices at the same time), for the full communication of all components it does not need to be very close (up to 8-10 m or more), there can be physical barriers between them.

New, especially "long-range" Bluetooth equipment is now also considered as a competitor to IEEE 802.11x, HomeRF, that is, as a technology for building local networks. Due to the fact that one of the most important parameters of the “blue tooth” was to be the low cost of communication devices, as well as the miniature size of the chips, the technology is becoming increasingly attractive for a wide variety of applications. In the near future, Bluetooth could become the de facto standard for wireless communications, replacing other, more expensive and less mobile standards. The most significant competition for Bluetooth will be the specifications of wireless LANs IEEE 802.11x.

* How much does Bluetooth production cost and when will the technology be available to the average user?

Analysts believe that the optimal price for a set of components for supporting Bluetooth: processor, radio transmitter, antenna and flash memory is $ 5. Now manufacturers of various equipment embedding these elements costs $ 10-15, and this is a significant difference. For comparison, an infrared port costs companies only $ 1 per set. It turns out that as soon as the production volumes of Bluetooth components increase and their prices fall, the technology will become super popular. The solution to the problem may be a comprehensive version of a Bluetooth device on a single chip, which will significantly reduce its cost, which some manufacturers are already implementing
Bluetooth components.

* What are the prospects for the development of technology?

Bluetooth is huge. This technology is expected to be compatible with so many protocols and systems. Low cost, high degree of protection, usability are very significant advantages of the standard. The use of the 2.4 GHz frequency does not require licensing, and the distribution of other licenses for working with Bluetooth is made for a nominal fee. In addition to general availability, this technology promises to become generally accepted, as in the near future the world industrial community will accept the technology as a global standard. This unity is due to the fact that it is much simpler and cheaper to supply all devices with standard chips than to develop computers for different interface cards. The low cost of network adapters will allow them to be embedded literally in all communications, household appliances, computers and other office equipment.

The convenience for users who are promoted by the introduction of technology is extremely tempting and will certainly be very popular. Say, when you come to the office, your handheld computer immediately automatically synchronizes with the desktop PC, new contacts are transferred to your mobile phone. The technology will allow combining any electronic devices, including refrigerators, washing machines, microwave ovens and door locks. Just imagine how your refrigerator transfers information to your mobile phone that certain types of products have run out in it, and that, in turn, replenishes the list of necessary purchases on your PDA.



Hacking software:
"Click to show the spoiler - click again to hide ..."
To begin with, who cares, a small list of AT commands for mobiles can be found here: http://gatling.ikk.sztaki.hu/~kissg/gsm/at+c.html

Super Bluetooth Hack (* .jar)
When your smartphone is connected to another telephone via bluetooth, you can:
- read his posts
- read his contacts
- change profile
- listen to his rington
- listen to his songs (on his phone)
- turn off his phone, etc.
http://forum.0day.kiev.ua/index.php?showto...mp;hl=bluetooth

Bluesweep
Bluetooth scanner to identify nearby wireless devices, connections between them, working services and identify potential vulnerabilities. It works on XP with a mandatory second service pack. Details (in particular, a list of supported Bluetooth adapters) and download links can be found on the manufacturer’s website .

Bluediving
Utilities for pen test wireless networks. A software package that allows you to test bluetooth devices for Bluebug, BlueSnarf, BlueSnarf ++, BlueSmack and conduct penetration tests. Works with the BlueZ stack. Download / watch here

Blooover
The most famous cell hacking utility, Blooover. In addition to the attack, BlueBug includes an implementation of the HeloMoto, BlueSnarf attack and the ability to send malformed objects via OBEX.
Used on phones with J2ME support (with support for MIDP 2.0 and JSR-82 (Bluetooth API)). Developer page with download links ( jar & sis )
Russified versions of bloovers:
Blooover1 (* .jar)
Blooover2 (* .jar)

BSS (Bluetooth Stack Smasher)
Fuzzer frames for Denial of Service attacks in a wireless environment. Download, see example usage here .

Btscanner
A utility for obtaining detailed information from a bluetooth device (blueprinting). Uses bluecove library. The program page is here . Download the version for XP here , for the Niks here .

GreenPlaque
Multi-dongle Bluetooth Discovery Scanner download on this site .

Bluetooth phone book dumping tool
Backs up phone books via bluetooth. Tested on Nokia 6310i, Ericsson T610 and T68i .. Sources can be found here .

Bluesniff
Proof of concept code for a bluetooth wardriving utility. Download / watch .

Bluescanner
Amusing tool for PC. Simply put, a toothy device scanner for a PC. Download .

BlueSpam (* .prc for PALM)
BlueSpam is an application for Palm OS that allows you to send files to all found bluetooth devices, if they support OBEX. This happiness can be downloaded here .

CIHwBT
CIHwBT is a Bluetooth Security Framework for Windows Mobile 2005. Currently it only support some bluetooth exploits and tools like BlueSnarf, BlueJack, and some DoS attacks. It is intended to work with any pocketpc with Microsoft Bluetooth Stack. In theory, an interesting program. Watch .

Here are the sources for a quick enough scanner.

Bluez
The Bluetooth protocol stack for Linux was developed by Qualcomm and has been included in the Linux kernel since version 2.4.18, but this package of libraries and utilities needs to be installed. By bluetooth hack, it refers to the fact that the main attacks are implemented by standard means.
This package includes the following utilities:
hcitool - Bluetooth scanner (with command line interface), allows you to detect all devices that are in open mode. Help (man) for hcitool can be found here.
l2ping - Bluetooth version of the ping command
l2test - utility for testing devices
hcidump - packet sniffer, bluetooth version of tcpdump utility
also contains daemons - hcid, hciemud and the configuration utility hciconfig. Download .

Bluejacker
The program is used on Palm OS . Sends text messages via Bluetooth to specified devices. Vobschem something reminiscent of BlueSpam.
Sway

btCrawler is a simple bluetooth scanner for Windows Mobile devices . It searches for bluetooth devices in range and can perform service requests. The user can also make service requests for his device for self-diagnosis of equipment.
There is support for bluejacking and bluesnarfing.
Requirements:
- MS Bluetooth Stack (WIDCOMM / Broadcom not supported).
- Windows Mobile 5, PPC2003, PPC2003SE, Smartphone 2003, Smartphone 2003SE and Smartphone with WM5.
Download: http://elvis000.ifolder.ru/4411968
Offsite: http://www.silentservices.de/btCrawler.html

Super Bluetooth Hack New 2008
This is the new version of Super Bluetooth Hack for regular mobile phones and based on symbian .
If you do not know what Super Bluetooth Hack is, then this is a program with which you can control someone else’s mobile phone at a distance (10-15 meters)
"Click to show the spoiler - click again to hide ..."
What is possible?

1) Read SMS
2) Turn off the phone
3) Turn on the music
4) Select modes (normal, no sound ...)
5) Lock the phone

Installation:

1) Download to comp.
2) upload to mobile
3) Run the installer (what you downloaded, you need JAVA by the way)
4) He will install it and you can run the program
5) Choose languages ​​and climb in settings
6) Click connect
7) Click device search
8) Choose a "victim"
9) AND MANAGE !!!

FAQ - Frequently Asked Questions

1) Why does a white screen appear when I click connect?
Answer: So this is the anamalous zone, in short, the bluetooth there does not work well or you have problems with JAVA (unlikely), just reboot and everything should go through.

2) Why when I connect to the “victim” does it receive messages like “User * your name * wants to access this phone, allow it?”
Answer: this means the victim’s phone has some kind of protection, to avoid this, try to make the victim add you to the bluetooth contact list, this should bypass the protection. By the way, on some phones there is no such protection and you get access right away. The archive contains two programs for ordinary phones and for phones based on Symbian.

the archive also BTInfo
| DeposiFiles |
| RapidShare |


BT INFO v1.08 ( * .jar )
The program connects via bluetooth. You must give permission from another phone.
"Click to show the spoiler - click again to hide ..."
Allows:
read sms
note book
-call from his phone
-control buttons
-on on / off player
-see Java applications
-and much more

Sharpened under Sony Erickson, so Sony Erickson is the best admin. On other phones, half of the functions do not work.

download from site site

Bluetooth hack made from this program


BT File Manager ( * .jar )
A program that allows you to view and modify the file system via Bluetooth, as well as copy files to your phone. The interface in Russian is quite simple and convenient. It requires confirmation but at the connection asks for data exchange ..
"there is no pale as the picture is transmitted butoh."
http://tracers.ru/upload/656975

A set of some programs from the Hacker magazine
"Click to show the spoiler - click again to hide ..."
Bluedos
A roomman demonstrating a connection attack. When compiling, you must specify
-l bluetooth since the corresponding socket family is used.
Carwhisperer.
The utility of the famous Joshua Wright. You can create everything described in the article
it is with her help of her.
also in the archive:
BlueProximity 1.2.4
Bluetooth Remote Control 3.0
Connect btdos
LockItNow! 1.2
Redfang 2.5
Protocol Vulnerability Description (in English)
http://slil.ru/25717392


TERMINAL, access to mobile resources via BT (Windows Mobile)
"Click to show the spoiler - click again to hide ..."

At the moment, the program has 6 possible operating modes: OBEX FTP, AT, IrMC, sending files, sending messages, receiving files.

OBEX FTP mode allows you to access the file system of the target phone. You can download, send, delete files, create files. It is important to note that the implementation of OBEX is different in each phone, so not all declared features will work.

AT mode allows you to send commands to the target phone. This mode provides almost unlimited possibilities for controlling the target phone.
You can easily find information on AT commands that interests you on the Internet.
Also in AT mode, you can get the phone book and SMS of the target phone. Because All phones respond differently to a phone book / SMS request, I can not give you any guarantee that this will work.

IrMC mode allows you to access the phone book and the calendar of the target phone through the synchronization service. All received data is saved in the VCARD format (.vcf).
Unfortunately, I do not have enough information about this format, so its conversion to html is only partial. Encodings supported: UTF7, UTF8 and the Quoted-Printable encoding method.
At the moment, the fields should be normally defined: name, phone number, type of phone number, e-mail, group membership.
Since version 0.9.7, the BlueBug attack has appeared in IrMC mode. It applies only to phones from the time of Sony-Ericsson T610!

File sending mode allows you to send multiple files to the target phone at once. Sending occurs in the same way as if you sent through the file manager.
But there is one nice point: sending files is pretty fast. For example, sending a file to the Nokia N80 is twice as fast as sending via Smart Explorer (measured with a stopwatch).

Message sending mode allows you to send a text message to the selected phone.

The file receiving mode is an Obex Object Push server. Now you can receive files via BT directly to a USB flash drive! Files are saved in the folder selected in the settings (either \ My Documents \ Terminal, or \ Storage Card \ My Documents \ Terminal).
The method used differs from the method used in moBlue and Sniper. In them, files were first taken into RAM memory, from where they were copied to the destination. In the Terminal, the file is immediately addressed to the final location.

The program is free for all Russian-speaking users and distributed on the principle of DonateWare, i.e. You can thank the author for his work.

The program requires a Bluetooth stack from Microsoft and the .NET Compact Framework 2.0

off website
(do not be alarmed by price messages, immediately switch to the Russian version, everything is free there)

download:
http://www.wm-soft.com/rus_products/terminal


.NET Compact Framework 2.0 CAB for 2003. (5.4 Mb)

some AT commands (rename to .txt)