Stream - social media

kalaki, #TheDailyPenguin, #Alika

21k 12k Comments

Bluetooth is a wireless technology for creating personal networks operating in the 2.4 GHz unlicensed band, usually within a range of 10 meters, though this is modifiable. Unlike Wi-FI wireless technology, Bluetooth offers higher level service profiles (FTP, PUSH, VoIP, serial line emulation, etc.)
Utilising a framework available in both KRYPTOS and OS-XX, it is possible to scan for available Bluetooth devices within an RF proximity.
As they do not require any authentication to be enabled, utilising serial and UART USB loading is possible, provided correct dongles an stacks are configured. It is also possible to modify the appearance of your device upon connection, or mask its connection entirely. The unique address of this Bluetooth device may also be reconfigured upon connection.

>% hccontrol -n xx0hci inquiry #####Finding, Output:

Inquiry result, num_responses=1
Inquiry result #0
       BD_ADDR: XX:XX:XX:XX:XX:XX
       Page Scan Rep. Mode: 0x1
       Page Scan Period Mode: 00
       Page Scan Mode: 00
       Class: 52:02:04
       Clock offset: 0x78ef
Inquiry complete. Status: No error [00]

>% hccontrol -n xx0hci remote_name_request XX:XX:XX:XX:XX:XX #####Requesting, Output:
 
BD_ADDR: XX:XX:XX:XX:XX:XX
Name: {{USERS}} {{DEVICE}}

>% hccontrol -n xx0hci create_connection BT_ADDR #####Creating connection, Output:
>% hccontrol -n xx0hci read_connection_list #####Pairing, Output:

Remote BD_ADDR    Handle Type Mode Role Encrypt Pending Queue State
XX:XX:XX:XX:XX:XX     41  ACL    0 MAST    NONE       0     0 OPEN

#####You can now enter the hcsecd configuration file as to pair these devices. In the pin key of the key-value pair, insert nokey; as the value. Running the config will produce this:

>hcsecd[16484]: Got Link_Key_Request event from 'xx0hci', remote bdaddr XX:XX:XX:XX:XX:XX
>hcsecd[16484]: Found matching entry, remote bdaddr XX:XX:XX:XX:XX:XX, name '{{USERS}} {{DEVICE}}', link key doesn't exist
>hcsecd[16484]: Sending Link_Key_Negative_Reply to 'xx0hci' for remote bdaddr XX:XX:XX:XX:XX:XX
>hcsecd[16484]: Got PIN_Code_Request event from 'xx0hci', remote bdaddr XX:XX:XX:XX:XX:XX
>hcsecd[16484]: Found matching entry, remote bdaddr XX:XX:XX:XX:XX:XX, name '{{USERS}} {{DEVICE}}', PIN code exists
>hcsecd[16484]: Sending PIN_Code_Reply to 'xx0hci' for remote bdaddr XX:XX:XX:XX:XX:XX

The reason for why you would do this is that it can now be used as a DUN profile for connecting to dial-up Internet access servers, or receive data from cellular towers. Furthermore, a PPP profile can be used to cross OSI layers into direct LAN, PC-PC or serial cable emulation:

>% rfcomm_pppd -a XX:XX:XX:XX:XX:XX -c -C dun -l rfcomm-dialup
>% rfcomm_pppd -s -C 7 -l rfcomm-server

And now, you have access to Bluetooth protocols. Which include: L2CAP, RFCOMM, SDP, OPUSH and SPP. This obviously allows for bridging; further escalating into STP and SNMP. If one performs all steps correctly and carefully, it is possible to bind control over a single TFTP, DHCP or NFS server by mounting it to the PXE.

Additionally, emulating VLAN access over IoT and Link 16 devices, such as Critical Infrastructure control centers (including military aircraft). The manner in which you would use this are lateral movement pivoting and cascaded interconnected chain attacks.

#CodeHereIsPurposefullyWrong,#ReportedToRelevantEntities

LOCKLOCK

Dawn of a mission, what’s your ambition?

Courageous is your name, this day yours to claim;

Bear towards the great unknown, by the easterly wind now blown;

Through fire and smoke, battles’ enduring cloak;

Further away on the blue. The horizon belongs to you.

#Sedunn, #Seiftasstlē, #Vasriks

1.6k Comment