more to come…
[flash]http://vimeo.com/2399376[/flash]
1 CommentCategory: Hacking
Hacking
Wrote a quick & dirty python wrapper for the bluez-utils bccmd command to set a the btaddr
of an bluetooth hci device. The native bccmd syntax is awkward, so that i found it handy to have a script which accepts normal formated btaddr as an argument and does some error checking and status infomation.
Usage:
root@linux:~/devel/tech/bluetooth/# ./setbtaddr hci0 01:0E:07:75:B7:12
Exec './bccmd -d hci0 psset -r bdaddr 0x75 0x00 0x12 0xB7 0x07 0x00 0x0E 0x01'
hci0: Type: USB
BD Address: 01:0E:07:75:B7:12 ACL MTU: 192:8 SCO MTU: 64:8
UP RUNNING
RX bytes:86 acl:0 sco:0 events:9 errors:0
TX bytes:33 acl:0 sco:0 commands:9 errors:0
[download](http://optixx.org/download/setbtaddr)
1 CommentSince the [23c3]( http://events.ccc.de/congress/2006/Home) every interested researcher knew that is easy to compromise bluetooth sessions using the BTcrack tool.Thierry Zoller showed how it’s possible to [retrieve](http://secdev.zoller.lu/research/bluetoothcracker.htm) link keys, The only problem was to get hands on a bluetooth sniffer device to get the raw bluetooth packets. Such devices are not available at consumer prices. But somehow Max Moser found a [way](http://www.remote-exploit.org/research/busting_bluetooth_myth.pdf) to tranform a vanilla usb bt dongle into a bluetooth sniffer device. Don’t believe the hype…Now bluetooth security is dead.
Mini Howto:
#Backup old firmware dfutool -d hci0 archiv backup.dfu # Backup config bccmd -d hci0 pslist -s 0x000F >> backup_cfg # Check Vendor ID ( has to be 0x0a12) bccmd -d hci0 psget -s 0x000f 0x02be # Write new Product ID bccmd -d hci0 psset -s 0x0002 0x02bf 0x00025 Comments
Wrote a little Bash script using [Sleuthkit](http://www.sleuthkit.org/) tools to recover a deleted file from a partion. Tested the script with ext2 and fat32 filesystems.
Setup a test image:
dd if=/dev/zero of=image bs=1k count=8192 mkfs.ext2 image mount -o loop image /mnt/image cp something /mnt/image rm /mnt/image/something sync umount /mnt/image |
Now you can start the script to find a token of the deleted file:
./find.sh image “Test”
The Code for find.sh
#!/bin/sh IMAGE=$1 TOKEN=$2 BSIZE=1024 TYPE="linux-ext2" TMP="dls_$(date +%Y%d%m_%H%M%S)" if [ $# -ne 2 ] then echo "Usage: $0 image token" exit -1 fi if [ ! -f $IMAGE ] then echo "Cannot find $IMAGE" exit -1 fi if [ -z "$TOKEN" ] then echo "Pleae give search token" exit -1 fi echo "--------------------------" echo "Found deleted" fls -f $TYPE -rd $IMAGE dls -f $TYPE $IMAGE > $TMP strings -t d $TMP > $TMP.str echo "--------------------------" grep -i "$TOKEN" $TMP.str echo "--------------------------" echo -en "Select Offset:" read n ADDR=$(grep -i "$TOKEN" $TMP.str | grep "$n" | sed 's/^[ \t]*//' | head -n 1 | cut -d " " -f1) if [ -z "$ADDR" ] then echo "Nothing found for '$TOKEN'" exit -1 fi echo "Found $ADDR" OFFSET=$(echo "$ADDR / $BSIZE" | bc) echo "Using Offset $OFFSET" BLOCK=$(dcalc -f $TYPE -u $OFFSET $IMAGE) echo "Using Block $BLOCK" echo "----------------------------" dcat -f $TYPE $IMAGE $BLOCK echo echo "----------------------------" INODE=$(ifind -f $TYPE $IMAGE -d $BLOCK) echo "Found Inode $INODE" istat -f $TYPE $IMAGE $INODE BLOCKS=$(istat -f $TYPE $IMAGE $INODE | tail -n 1) echo "---------------------------" echo "Found Blocks $BLOCKS" echo "---------------------------" (for BLOCK in $BLOCKS do dcat -f $TYPE $IMAGE $BLOCK done) | tee $TMP.found echo "---------------------------" echo "Saved to $TMP.found" echo "---------------------------" rm -f $TMP $TMP.str |