Skip to content

Category: Linux



Wrote a quick & dirty python wrapper for the bluez-utils bccmd command to set a the btaddr
of an bluetooth hci device. The native bccmd syntax is awkward, so that i found it handy to have a script which accepts normal formated btaddr as an argument and does some error checking and status infomation.


root@linux:~/devel/tech/bluetooth/# ./setbtaddr hci0 01:0E:07:75:B7:12
Exec './bccmd  -d hci0 psset -r bdaddr 0x75 0x00 0x12 0xB7 0x07 0x00 0x0E 0x01'
hci0:   Type: USB
        BD Address: 01:0E:07:75:B7:12 ACL MTU: 192:8 SCO MTU: 64:8
        UP RUNNING
        RX bytes:86 acl:0 sco:0 events:9 errors:0
        TX bytes:33 acl:0 sco:0 commands:9 errors:0


1 Comment

H00lyshit – DIY Bluetooth Sniffer

Since the [23c3]( every interested researcher knew that is easy to compromise bluetooth sessions using the BTcrack tool.Thierry Zoller showed how it’s possible to [retrieve]( link keys, The only problem was to get hands on a bluetooth sniffer device to get the raw bluetooth packets. Such devices are not available at consumer prices. But somehow Max Moser found a [way]( to tranform a vanilla usb bt dongle into a bluetooth sniffer device. Don’t believe the hype…Now bluetooth security is dead.

Mini Howto:

#Backup old firmware
dfutool -d hci0 archiv backup.dfu
# Backup config
bccmd -d hci0 pslist -s 0x000F >> backup_cfg
# Check Vendor ID ( has to be 0x0a12)
bccmd -d hci0 psget -s 0x000f 0x02be
# Write new Product ID
bccmd -d hci0 psset -s 0x0002 0x02bf 0x0002 

Toying with a Juicebox

Got a new Toy. It’s a Juicebox from Mattel, a kids video and mp3 player. Actually it’s a linux based and has Samsung S3C44B0 ARM CPU, 8MB Flash and 2MB Ram. Since it has JTAG Pinouts you can use it as a really cheap ARM Dev Board. You can’t get one for around $10 at ebay. You find a lot of good info [here](

Made some LCD test stuff, a 3d starfield and a simple fire demo. This code runs directly on the hardware not on top of the build-in linux. You need a JTAG cable to download the code directly into the RAM.

I’m using [openocd]( for this:

load_binary lcd_3.bin 0x0c001000 
resume 0x0c001000


[download source](

Comments closed

Nokia 6100 GLCD Port for Epson based Displays

Ported the [glcd]( lib to the Epson based Nokia LCDs. I tried to leave the code portable so that you can switch between the Epson and the Philips controller via a #define switch.

Actually i only changed the lowlevel hw access and init functions to deal with the Epson controller. Currently native screen rotation is implemented but i didn’t work on the hardware scrolling stuff. May i’ll do this later.


[download source](