esp32_bluetooth_classic_sniffer
esp32_bluetooth_classic_sniffer copied to clipboard
Matheus-Garbelini
SDP query failed 0x04, retrying...
hi regardless of the target type i always get this message:
Starting RFCOMM Query TX --> BT_Baseband / Raw SDP query failed 0x04, retrying... TX --> BT_Baseband / Raw SDP query failed 0x04, retrying... TX --> BT_Baseband / Raw SDP query failed 0x04, retrying... TX --> BT_Baseband / Raw SDP query failed 0x04, retrying... TX --> BT_Baseband / Raw
does it means that remote device is patched?
Hi @nocomp , from your logs, it appears no connection is possible to your target. Perhaps check if your target is really a BT classic device and if the BDAddress is correct.
Bonjour matheus, thx for your reply, i ve tried smart bands, bt rubki s cube, watch, phone, always the same behaviour, quite weird no? is there a sort of vuln bt emulator that exist in order to test if it s all ok in my conf? best regards
Hi @nocomp does the braktooth PoC works for you instead? If you try scanning targets from the PoC with the --scan argument, do you get something? Also, what ESP32 dev. board are you using?
hi matheus, braktooth doesn t work cause of bandwith issues of my adapter https://github.com/Matheus-Garbelini/braktooth_esp32_bluetooth_classic_attacks/issues/2
i use the adaptater in picture on code page, the esp32 doit dev kit
this is what i get so far:
nocomp@sdrbox:~/tools/bt/esp32_bluetooth_classic_sniffer$ ./BTSnifferBREDR.py [!] Bridge will start without BT host stack Using options: Serial Port: /dev/ttyUSB0 Serial Baud: 921600 BT Host Program: None Host BDAddress: e0:d4:e8:19:c7:68 Target BDAddress: None [!] Reset Done! EN pin toggled HIGH->LOW->HIGH [!] Waiting 0.8s... [ESP32BT] Firmware version: 1.4.1 sh: 1: setserial: not found HCI Bridge started on /dev/pts/2 ESP32BT driver started on /dev/ttyUSB0@921600
nocomp@sdrbox:~/tools/bt/esp32_bluetooth_classic_sniffer$ ./BTSnifferBREDR.py --live-terminal Using options: Serial Port: /dev/ttyUSB0 Serial Baud: 921600 BT Host Program: ./host_stack/spp_counter Host BDAddress: e0:d4:e8:19:c7:68 Target BDAddress: None [!] Reset Done! EN pin toggled HIGH->LOW->HIGH [!] Waiting 0.8s... [ESP32BT] Firmware version: 1.4.1 sh: 1: setserial: not found HCI Bridge started on /dev/pts/2 ESP32BT driver started on /dev/ttyUSB0@921600 Starting ['./host_stack/spp_counter', '-u', '/dev/pts/2', '-a', 'None'] Packet Log: logs/hci_dump.pklg H4 device: /dev/pts/2 SDP service record size: 95 Local version information:
- HCI Version 0x0008
- HCI Revision 0x030e
- LMP Version 0x0008
- LMP Subversion 0x030e
- Manufacturer 0x0060 Local name: TX --> BT_Baseband / Raw TX --> BT_Baseband / Raw BTstack up and running at E0:D4:E8:19:C7:68
hcitool lescan gives me E3:81:1A:03:F8:01 GoCube_01F803_1
then
nocomp@sdrbox:~/tools/bt/esp32_bluetooth_classic_sniffer$ ./BTSnifferBREDR.py --target=E3:81:1A:03:F8:01 --live-terminal Using options: Serial Port: /dev/ttyUSB0 Serial Baud: 921600 BT Host Program: ./host_stack/sdp_rfcomm_query Host BDAddress: e0:d4:e8:19:c7:68 Target BDAddress: e3:81:1a:03:f8:01 [!] Reset Done! EN pin toggled HIGH->LOW->HIGH [!] Waiting 0.8s... [ESP32BT] Firmware version: 1.4.1 sh: 1: setserial: not found HCI Bridge started on /dev/pts/2 ESP32BT driver started on /dev/ttyUSB0@921600 Starting ['./host_stack/sdp_rfcomm_query', '-u', '/dev/pts/2', '-a', 'E3:81:1A:03:F8:01'] Packet Log: logs/hci_dump.pklg H4 device: /dev/pts/2 address=E3:81:1A:03:F8:01 Local version information:
- HCI Version 0x0008
- HCI Revision 0x030e
- LMP Version 0x0008
- LMP Subversion 0x030e
- Manufacturer 0x0060 Local name: BTstack up and running at E0:D4:E8:19:C7:68 Starting RFCOMM Query TX --> BT_Baseband / Raw SDP query failed 0x04, retrying... TX --> BT_Baseband / Raw
gettin despaired
thank you for your time
@Matheus-Garbelini pls help, was checked with smart braslets and headphones
Any idea what caused this? I had no problems running sniffer then installed the brak tool and now even after fresh vm wont run
