|
|
| |
Credit:
To keep updated with the tool visit the project's homepage at: http://www.alighieri.org/project.html
|
| |
What is Bluesnarfing?
Serious flaws in Bluetooth security lead to disclosure of personal data
Summary
In November 2003, Adam Laurie of A.L. Digital Ltd. discovered that there are serious flaws in the authentication and/or data transfer mechanisms on some Bluetooth enabled devices. Specifically, three vulnerabilities have been found:
First, confidential data can be obtained, anonymously, and without the owner's knowledge or consent, from some Bluetooth enabled mobile phones. This data includes, at least, the entire phonebook and calendar, and the phone's IMEI.
Second, it has been found that the complete memory contents of some mobile phones can be accessed by a previously trusted ("paired") device that has since been removed from the trusted list. This data includes not only the phonebook and calendar, but media files such as pictures and text messages. In essence, the entire device can be "backed up" to an attacker's own system.
Third, access can be gained to the AT command set of the device, giving full access to the higher level commands and channels, such as data, voice and messaging. This third vulnerability was identified by Martin Herfurt, and they have since started working together on finding additional possible exploits resulting from this vulnerability.
Finally, the current trend for "Bluejacking" is promoting an environment which puts consumer devices at greater risk from the above attacks.
The SNARF attack:
It is possible, on some makes of device, to connect to the device without alerting the owner of the target device of the request, and gain access to restricted portions of the stored data therein, including the entire phonebook (and any images or other data associated with the entries), calendar, real time clock, business card, properties, change log, IMEI (International Mobile Equipment Identity, which uniquely identifies the phone to the mobile network, and is used in illegal phone 'cloning'). This is normally only possible if the device is in "discoverable" or "visible" mode, but there are tools available on the Internet that allow even this safety net to be bypassed. Further details will not be released at this time (see below for more on this), but the attack can and will be demonstrated to manufacturers and press if required.
For more information see: http://www.thebunker.net/security/bluetooth.htm
The Tool:
Bluesnarfer will download the phonebook of any mobile device vulnerable to bluesnarfing.
For more information on Bluetooth hacking, see the following whitepaper (with proof of concept): http://www.alighieri.org/tools/bluetooth.tar.gz
Download Information:
The tool's source code can be found at: http://www.alighieri.org/tools/bluesnarfer.tar.gz
The tool compiles under Linux with kernel bluetooth support. (The tool require kernel headers).
|
|
|
| Subject:
|
Bluesnarfer |
Date: |
21 Sep. 2006 |
| From: |
rajenmqhotmail.com |
| Can you please send me a jar application of Bluesnarfer for my k750i |
|
| Subject:
|
bluesnarfer |
Date: |
15 Oct. 2006 |
| From: |
shrub56_2hotmail.com |
| wont work on my p900 sony ericsson any thing im doing wrong? |
|
| Subject:
|
bluesnarfer |
Date: |
8 Jan. 2007 |
| From: |
jamman2007hotmail.com |
| can you please send me the jar version of bluesnarf plz it wud be much appreciated |
|
| Subject:
|
bluesnarfer |
Date: |
16 Jan. 2007 |
| From: |
duncan_campbellblueyonder.co.uk |
| Can you please send me a jar application of Bluesnarfer for my k800i I have been looking all over for one. |
|
| Subject:
|
bluesnarfer |
Date: |
17 Jan. 2007 |
| From: |
sk8erboi_robrobhotmail.com |
| Can u plz send me a jar application of Bluesnarfer for my k610i? |
|
| Subject:
|
bluesnarfer |
Date: |
24 Jan. 2007 |
| From: |
Kozilseznam.cz |
| Can you please send me a jar application of Bluesnarfer for my k750i |
|
| Subject:
|
bluesnarfer |
Date: |
29 Jan. 2007 |
| From: |
little987adamhotmail.com |
| can u pls send me a jar application of Bluesnarfer for my d750i
|
|
| Subject:
|
Bluesnarfer |
Date: |
30 Jan. 2007 |
| From: |
Moi |
Hi guys :)
I see a lot of people asking for the .jar application, just like me.
But the questions.. does the tool exist in .jar?? I don't know.. i hope someone can tell us..
I know a tool named: Bloover it also provide the Bluesnarf attack and is free to download just check google.com
But that tool is a bit old ( 2003) so only old mobiles can be hacked.
I hope someone can supplied some new stuff.
Greets to you all,
The Crow |
|
| Subject:
|
Bluesnarfer |
Date: |
20 Feb. 2007 |
| From: |
Andreas |
Hi, I've tried this Bloover and the only thing you can do with it is to see if the device is able to hack. So, it's not really a "e;hack"e;.
Bye, Andreas |
|
| Subject:
|
Bluesnarfer |
Date: |
4 Mar. 2007 |
| From: |
Bulgarian_hacker |
Read this information first ! http://trifinite.org/trifinite_stuff_lds.html
Then go to...... and read the information http://www.bluez.org/
The tool does exist download it from: http://www.bluez.org/download.html
I've tried the program and it works
have fun
|
|
| Subject:
|
Bluesnarfer |
Date: |
21 Mar. 2007 |
| From: |
d_r |
Hey, assholes!
This tool is written for Linux. NOT FOR SHITTY JAVA ENABLED PHONES LIKE YOURS. AKA, THERE IS NO .JAR FILE!!!!!
Go buy a nokia 770 and then come back. |
|
| Subject:
|
Bluesnarfer |
Date: |
6 Apr. 2007 |
| From: |
mark |
| eneyone know what mobilephone's/pda's use linux |
|
| Subject:
|
bluesnarfer for windows |
Date: |
15 Jun. 2007 |
| From: |
phenom |
| hey guys is there any windows version of bluesnarfer, i hard its been imported to windows. |
|
| Subject:
|
bluesnarfer |
Date: |
14 Oct. 2007 |
| From: |
fezter |
| has anyone got instructions on how to use dsniff on a 770 plz |
|
| Subject:
|
BLUE SNARFER |
Date: |
17 Oct. 2007 |
| From: |
charlieswanseahotmail.com |
Can u send me the jar application for my K800i
I cant find one anywhere
Thanks Alot CHARLIE |
|
| Subject:
|
Is there a version for Windows |
Date: |
21 Nov. 2007 |
| From: |
JJ |
| I am looking for a windows version. please repost with the name and location of that program. |
|
| Subject:
|
Jar version |
Date: |
20 Dec. 2007 |
| From: |
james.w810ihotmail.co.uk |
Make it a jar file yourself. When you download change the save as type to 'all files'. Then in the file name get rid of the .tar and change it to .jar
This will make it a jar file. |
|
| Subject:
|
bluetooth |
Date: |
31 Dec. 2007 |
| From: |
pieman |
| you people should take a look at backtrack 3 and do a lot of reading and research and you will find what you are looking for and more just open up your mind and tack your time
|
|
| Subject:
|
Fools! |
Date: |
21 Feb. 2008 |
| From: |
NotAnIdiot |
| Erm just as was pointed out earlier the tool on this site is linux based and is infact just the source code as it is meant for developers to edit compile and test. No mainstream phones use linux they all use the old school Java system, whilst there are bluesnarfing programs available for Java phones, If you are serious about testing out security floors in Linux get yourself a Compaq Ipaq H3600 or better (known as the golden Ipaqs) and flash it with linux (google opie familiar ipaq). Then use the linux source code and you have a very very versatile mobile security testing platform. Oh and the people who created this site wont respond to posts like "e;Can you please send me a jar application of Bluesnarfer for my k750i"e; . So pleased dont newb it up. |
|
| Subject:
|
If your looking for Bluetooth Hacking Tools The Here is your Jackpot Find. |
Date: |
1 Mar. 2008 |
| From: |
InsaneCripple |
So your interested in the whole blue'z hacking scene then your better of going to http://www.remote-exploit.org and DL there Backtrack 2 Live CD , BT2 is a Linux based OS that was made for the IT folk's for it has every kind of hacking program you need and also includes over 10 of the most common Bluetooth tool's used in bluehacking and all you need to do is DL BT2 to DVD then restart your PC with BT2 in the DVD drive and BT2 will boot up and will bring you to a login screen where you will enter the following Login User Name "e; root "e; and the password is "e; toor "e; then after you login you will type ' Startx "e; this will load BT2 in KDE a GUI application that will allow all you windows baby's to use the Linux based OS system then click on the bottom left side just like windows START and the scroll up to BackTrack and then over to Raido Application's and then you will see the BlueTooth folder and inside will be all the BlueTooth programs allready installed and ready to use. Also when you click on BTscanner it will bring up a Command prompt where you type "e; Btscanner "e; then hit enter and that will bring up the BTscanner in a GUI so you can use your mouse and then your off and running.
.Jar or .Tar files are for Linux based OS and you will need a Linux based OS to even attempt to use them and BT2 allready is setup primed and ready to fire and if you need more help go to the Backtrack WIKI forum and you will find all the anwsers your looking for. |
|
|
|
|
