well just a follow up on my own post :-) it seems that the redfang idea of bruteforcing mac's to see if there are non discoverable devices around had been brought up:
http://www.newswireless.net/articles/0300910-bluestake.html its basically the idea of SSID in 802.11, when broadcasting you are "discoverable" otherwise you can't see the device (fixed in Bluetooth 1.2), but what i have yet to try is an app called "Multisync" which is shown here: http://multisync.sourceforge.net/screenshot.png in there, a checkbox is labeled "Do not tell client we are syncing" which leads me to beleive it is possible (especially if bruteforcing a bluetooth PIN) ... because i still believe you need to pair depending on ur setup ... (client accepts) ... has anyone used the app? (im just trying to figure out how to extract my addy book without having to pair) - jon ----- Original Message ----- From: "jon baer" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, November 14, 2003 8:28 PM Subject: [nycwireless] [ot] Bluetooth security > im trying to figure this one out ... > > http://www.bluestumbler.org/ > > ive been able to sniff my t68i out with bluez tools (hcitools), bluesniff, > redfang, btscanner, etc, but can't figure out the part in which the > backdoors + snarfing can be openly available for file transfers ... > > does anyone know more about this? (or more specifically know what hci > commands + events might be used in this type of attack?) > > - jon > > pgp key: http://www.jonbaer.net/jonbaer.asc > fingerprint: F438 A47E C45E 8B27 F68C 1F9B 41DB DB8B 9A0C AF47 > > -- > NYCwireless - http://www.nycwireless.net/ > Un/Subscribe: http://lists.nycwireless.net/mailman/listinfo/nycwireless/ > Archives: http://lists.nycwireless.net/pipermail/nycwireless/ > -- NYCwireless - http://www.nycwireless.net/ Un/Subscribe: http://lists.nycwireless.net/mailman/listinfo/nycwireless/ Archives: http://lists.nycwireless.net/pipermail/nycwireless/
