Re: [Ubertooth-general] Transmit Bluetooth Classic

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

For my experiment, I can assume that all devices are connectable. I wanted to be able to provide a channel number because as far as I know, connectable devices follow a specific order of channels when in page scanning mode and would therefore hit that channel number if I had previously sniffed a paging request for that connectable device on that frequency. With the rate of hopping on Bluetooth however, I could probably get away with naively hopping channels while transmitting until I'm able to sniff a response from an SDR.
I have an SDR that is able to monitor multiple Bluetooth channels (currently 8 but I think I could get more), so I'm thankfully a little better off than monitoring one channel at a time. I initially planned on having my SDR as a Bluetooth sniffer and an Ubertooth as a transmitter, but it seems that while the Ubertooth has the ability to transmit, little code exists out there using that feature. I'll probably end up replacing the Ubertooth with a Linux-capable Bluetooth module, using BlueZ to send my commands, to avoid programming the Ubertooth from scratch. I'll give RedFang a look as well. Thank you for your advice, Mark.

Tyler
On Jul 27 2020, at 4:11 pm, mni...@sp... wrote:
> Without doing any research, my two cents: the other device needs to be connectable, regardless of discoverability. If it’s connectable and you know the lap, then yes, that should work in terms of an initial physical connection. See RedFang. You can muck with the scanning windows and timing with a stack like BlueZ, but you can’t pick a specific transmit channel via a standard HCI call. You would need a Vendor Specific Command, or an SDR to select a specific channel (and send out the paging packet).
>
>
> Not sure what picking a specific channel will buy you, as the other device (if it’s in page scanning mode; i.e. connectable), will be hopping through channels listening for its Device Access Code. Albeit at a much slower rate then the paging device (3200 hops/sec).
>
> Catching the connection, etc. with an Ubertooth is problematic as you may know the device address(es), but not the channel they will end up connecting on (a priori). However, if you do it enough times, and maybe have more then one Ubertooth, you should see the connection at some point. Or, back to the wide band SDR idea, like the fancy PCAP test equipment out there.
>
> Hope that helps,
>
> Mark
>
> From: Tyler Tucker <tyl...@gm...>
> Sent: Monday, July 27, 2020 3:01 PM
> To: mni...@sp...; ube...@li...
> Subject: Re: [Ubertooth-general] Transmit Bluetooth Classic
>
>
>
>
> Yeah I've been looking at BlueZ as another option. Essentially what I'd like to do is carry out a paging request replay attack where I would give a script an LAP and perhaps a channel number and it would send out paging requests on that channel for that LAP in the hopes that the device with that LAP would respond, revealing its position near the receiver. As far as I understand, this could be done to detect Bluetooth classic devices which are set in non-discoverable mode, given that you already know the LAP, which I can assume to have prior knowledge of for my experiment. Do you know if BlueZ offers this level of control?
>
>
> Thanks,
>
>
> Tyler
>
>
> On Jul 24 2020, at 1:45 pm, mni...@sp... (https://link.getmailspring.com/link/FCE...@ge.../0?redirect=mailto%3Amnichols%40spanalytics.com&recipient=dWJlcnRvb3RoLWdlbmVyYWxAbGlzdHMuc291cmNlZm9yZ2UubmV0) wrote:
> > Tyler,
> >
> >
> >
> >
> > Why not simply use a commercial Bluetooth dongle with BlueZ to connect to a device? Connecting would be sending paging packets.
> >
> >
> >
> > Unless I’m missing the point. But, as you point out, Ubertooth does not transmit AFAIK.
> >
> >
> >
> > Regards,
> >
> >
> >
> > Mark
> >
> >
> >
> >
> > From: Tyler Tucker <tyl...@gm... (https://link.getmailspring.com/link/FCE...@ge.../1?redirect=mailto%3Atylermtucker%40gmail.com&recipient=dWJlcnRvb3RoLWdlbmVyYWxAbGlzdHMuc291cmNlZm9yZ2UubmV0)>
> > Sent: Friday, July 24, 2020 1:30 PM
> >
> > To: ube...@li... (https://link.getmailspring.com/link/FCE...@ge.../2?redirect=mailto%3Aubertooth-general%40lists.sourceforge.net&recipient=dWJlcnRvb3RoLWdlbmVyYWxAbGlzdHMuc291cmNlZm9yZ2UubmV0)
> >
> > Subject: [Ubertooth-general] Transmit Bluetooth Classic
> >
> >
> >
> >
> >
> >
> >
> > Hey all,
> >
> >
> >
> >
> > I'm interested in using the Ubertooth One to transmit Bluetooth Classic paging packets. However, there doesn't seem to be any recent examples of transmitting with the Ubertooth that I can find. Is anyone familiar with existing code that could help me out?
> >
> >
> >
> >
> > Thanks,
> >
> >
> >
> >
> > Tyler