Commit 54b10e6e authored by Devon Kearns's avatar Devon Kearns

Imported Upstream version 0.5.2

parents
v0.5.2
- Added -B flag to remove the banner. Easier to use on small screens.
v0.5.1
- Fixed bug in variable name "class" causing conflict name issues.
v0.5
- Fixed segmentation fault in manual assigning of Device Name and Class of Device
- Modified flags
- Depreciated
-r: Assign random NAME, CLASS, and ADDR
-l <log>: Load SpoofTooph CSV logfile
-d <log>: Dump scan into SpoofTooph CSV logfile
- New
-w <file>: Write to CSV file
-r <file>: Read from CSV file
-R: Assign random NAME, CLASS, and ADDR
-m: Specify multiple interfaces during selection
-u: USB delay. Interactive delay for reinitializing interfaces
v0.4.1 - 06/15/2011
- Took out some testing code
v0.4 - 03/24/2011
- Save file on exit.
- Fixed problem with saving log.
- Fixed problem with closing threads.
- Changed probes for device name. Scan runs much much faster now.
v0.3
- Fixed socket closing error
- Fixed log data verification for valid ADDR and CLASS
- Changed logging format to CSV: ADDR,CLASS,NAME
- Added -m flag for choosing multiple interfaces to use for cloning
(Useful to test Man-In-The-Middle attacks)
- Fixed the problem with reading in the Class from a log
- Fixed overflow problem with array of devices
- Fixed selection of Bluetooth interface from a always using
interface hci0
- Changed device array to dynmically resize
- Added -b flag for specifying the number of Bluetooth devices
to display per page
v0.1
- Initial release
spooftooph
Copyright (C) 2009-2011 Shadow Cave LLC
Written 2009-2011 by JP Dunning (.ronin)
ronin [ at ] shadowcave [dt] org
<www.hackfromacave.com>
License
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License version 2 as
published by the Free Software Foundation;
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS SOFTWARE IS
DISCLAIMED.
ABOUT
Spooftooph is designed to automate spoofing or cloning Bluetooth device
Name, Class, and Address. See 'Usage' for more information of its capabilities.
INSTALL
1. Run "make" to compile binaries.
2. Run "make install" to install into system.
3. Run "make clean" to delete binaries from spooftooph directory.
RESOURCES
- BlueZ
- BlueZ-devel
- ncurses
- ncurses-devel
USAGE
To modify the Bluetooth adapter, spooftooth must be run with root privileges.
Spooftooph offers five modes of usage:
1) Specify NAME, CLASS and ADDR.
> spooftooph -i hci0 -n new_name -a 00:11:22:33:44:55 -c 0x1c010c
2) Randomly generate NAME, CLASS and ADDR.
> spooftooph -i hci0 -r
3) Scan for devices in range and select device to clone. Optionally dump the device
information in a specified log file.
> spooftooph -i hci0 -s -d file.log
4) Load in device info from log file and specify device info to clone.
> spooftooph -i hci0 -l file.log
5) Clone a random devices info in range every X seconds.
> spooftooph -i hci0 -t 10
HELP
NAME
spooftooph
SYNOPSIS
spooftooph -i dev [-m] [-sd] [-nac] [-r] [-l] [-t]
DESCRIPTION
-a <address> : Specify new ADDR
-b <num_lines> : Number of Bluetooth profiles to display per page
-c <class> : Specify new CLASS
-d <log> : Dump scan into log file
-h : Help
-i <dev> : Specify interface
-l <log> : Load a list of Bluetooth profiles to clone from saved log
-n <name> : Specify new NAME
-m : Specify multiple interfaces durring selection.
-r : Assign random NAME, CLASS, and ADDR
-s : Scan for devices in local area
-t <time> : Time interval to clone device in range
\ No newline at end of file
This diff is collapsed.
/*
SpoofTooph
Copyright (C) 2010 Shadow Cave LLC
Written 2010 by JP Dunning (.ronin)
ronin@shadowcave.org
<www.hackfromacave.com>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License version 2 as
published by the Free Software Foundation;
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS SOFTWARE IS
DISCLAIMED.
*/
#define LENGTH_NAME 249
#define LENGTH_ADDR 18
#define LENGTH_CLASS 9
struct btdev {
char name[LENGTH_NAME];
char addr[LENGTH_ADDR];
char cod[LENGTH_CLASS];
int flags;
int major_class;
int minor_class;
uint8_t pscan_rep_mode;
uint8_t pscan_mode;
uint8_t clock_offset;
};
/*
SpoofTooph
Copyright (C) 2010 Shadow Cave LLC
Written 2010 by JP Dunning (.ronin)
ronin [ at ] shadowcave [dt] org
<www.hackfromacave.com>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License version 2 as
published by the Free Software Foundation;
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS SOFTWARE IS
DISCLAIMED.
*/
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <unistd.h>
/*
* A majority of the following code is from 'hciconfig.c'
*/
static char * get_minor_device_name(int major, int minor)
{
switch (major) {
case 0: /* misc */
return "";
case 1: /* computer */
switch(minor) {
case 0:
return "Uncategorized";
case 1:
return "Desktop workstation";
case 2:
return "Server";
case 3:
return "Laptop";
case 4:
return "Handheld";
case 5:
return "Palm";
case 6:
return "Wearable";
}
break;
case 2: /* phone */
switch(minor) {
case 0:
return "Uncategorized";
case 1:
return "Cellular";
case 2:
return "Cordless";
case 3:
return "Smart phone";
case 4:
return "Wired modem / voice gateway";
case 5:
return "Common ISDN Access";
case 6:
return "Sim Card Reader";
}
break;
case 3: /* lan access */
if (minor == 0)
return "Uncategorized";
switch(minor / 8) {
case 0:
return "Fully available";
case 1:
return "1-17% utilized";
case 2:
return "17-33% utilized";
case 3:
return "33-50% utilized";
case 4:
return "50-67% utilized";
case 5:
return "67-83% utilized";
case 6:
return "83-99% utilized";
case 7:
return "No service available";
}
break;
case 4: /* audio/video */
switch(minor) {
case 0:
return "Uncategorized";
case 1:
return "Headset profile";
case 2:
return "Hands-free";
/* 3 is reserved */
case 4:
return "Microphone";
case 5:
return "Loudspeaker";
case 6:
return "Headphones";
case 7:
return "Portable Audio";
case 8:
return "Car Audio";
case 9:
return "Set-top box";
case 10:
return "HiFi Audio Device";
case 11:
return "VCR";
case 12:
return "Video Camera";
case 13:
return "Camcorder";
case 14:
return "Video Monitor";
case 15:
return "Video Display and Loudspeaker";
case 16:
return "Video Conferencing";
/* 17 is reserved */
case 18:
return "Gaming/Toy";
}
break;
case 5: /* peripheral */ {
static char cls_str[48];
cls_str[0] = '\0';
switch(minor & 48) {
case 16:
strncpy(cls_str, "Keyboard", sizeof(cls_str));
break;
case 32:
strncpy(cls_str, "Pointing device", sizeof(cls_str));
break;
case 48:
strncpy(cls_str, "Combo keyboard/pointing device", sizeof(cls_str));
break;
}
if((minor & 15) && (strlen(cls_str) > 0))
strcat(cls_str, "/");
switch(minor & 15) {
case 0:
break;
case 1:
strncat(cls_str, "Joystick", sizeof(cls_str) - strlen(cls_str));
break;
case 2:
strncat(cls_str, "Gamepad", sizeof(cls_str) - strlen(cls_str));
break;
case 3:
strncat(cls_str, "Remote control", sizeof(cls_str) - strlen(cls_str));
break;
case 4:
strncat(cls_str, "Sensing device", sizeof(cls_str) - strlen(cls_str));
break;
case 5:
strncat(cls_str, "Digitizer tablet", sizeof(cls_str) - strlen(cls_str));
break;
case 6:
strncat(cls_str, "Card reader", sizeof(cls_str) - strlen(cls_str));
break;
default:
strncat(cls_str, "(reserved)", sizeof(cls_str) - strlen(cls_str));
break;
}
if(strlen(cls_str) > 0)
return cls_str;
}
case 6: /* imaging */
if (minor & 4)
return "Display";
if (minor & 8)
return "Camera";
if (minor & 16)
return "Scanner";
if (minor & 32)
return "Printer";
break;
case 7: /* wearable */
switch(minor) {
case 1:
return "Wrist Watch";
case 2:
return "Pager";
case 3:
return "Jacket";
case 4:
return "Helmet";
case 5:
return "Glasses";
}
break;
case 8: /* toy */
switch(minor) {
case 1:
return "Robot";
case 2:
return "Vehicle";
case 3:
return "Doll / Action Figure";
case 4:
return "Controller";
case 5:
return "Game";
}
break;
case 63: /* uncategorised */
return "";
}
return "Unknown";
}
/*
* major_devices[] from 'hciconfig.c'
*
*/
static const char *major_devices[] = { "Miscellaneous",
"Computer",
"Phone",
"LAN Access",
"Audio/Video",
"Peripheral",
"Imaging",
"Wearable",
"Toy",
"Uncategorized" };
/*
* services[] from 'hciconfig.c'
*
*/
static const char *services[] = { "Positioning",
"Networking",
"Rendering",
"Capturing",
"Object Transfer",
"Audio",
"Telephony",
"Information" };
\ No newline at end of file
# Makefile for spooftooph
CC = gcc
BT_LIB = -lbluetooth
NCURSES_LIB = -lncurses
PTHREAD = -pthread
BIN = /usr/bin
all: spooftooph
spooftooph:
$(CC) $(BT_LIB) $(NCURSES_LIB) $(PTHREAD) dev_class.c namelist.c spooftooph.c bdaddr.c oui.c -o spooftooph
install:
cp spooftooph $(BIN)
uninstall:
rm -i $(BIN)/spooftooph
clean:
rm spooftooph
This diff is collapsed.
/*
*
* BlueZ - Bluetooth protocol stack for Linux
*
* Copyright (C) 2004-2010 Marcel Holtmann <marcel@holtmann.org>
*
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
*
*/
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
#include <stdio.h>
#include <errno.h>
#include <fcntl.h>
#include <unistd.h>
#include <stdlib.h>
#include <string.h>
#include <sys/stat.h>
#include <sys/mman.h>
#include "oui.h"
/* http://standards.ieee.org/regauth/oui/oui.txt */
#define OUIFILE "/var/lib/misc/oui.txt"
char *ouitocomp(const char *oui)
{
struct stat st;
char *str, *map, *off, *end;
int fd;
fd = open("oui.txt", O_RDONLY);
if (fd < 0) {
fd = open(OUIFILE, O_RDONLY);
if (fd < 0) {
fd = open("/usr/share/misc/oui.txt", O_RDONLY);
if (fd < 0)
return NULL;
}
}
if (fstat(fd, &st) < 0) {
close(fd);
return NULL;
}
str = malloc(128);
if (!str) {
close(fd);
return NULL;
}
memset(str, 0, 128);
map = mmap(0, st.st_size, PROT_READ, MAP_SHARED, fd, 0);
if (!map || map == MAP_FAILED) {
free(str);
close(fd);
return NULL;
}
off = strstr(map, oui);
if (off) {
off += 18;
end = strpbrk(off, "\r\n");
strncpy(str, off, end - off);
} else {
free(str);
str = NULL;
}
munmap(map, st.st_size);
close(fd);
return str;
}
int oui2comp(const char *oui, char *comp, size_t size)
{
char *tmp;
tmp = ouitocomp(oui);
if (!tmp)
return -1;
snprintf(comp, size, "%s", tmp);
free(tmp);
return 0;
}
/*
*
* BlueZ - Bluetooth protocol stack for Linux
*
* Copyright (C) 2004-2010 Marcel Holtmann <marcel@holtmann.org>
*
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
*
*/
char *ouitocomp(const char *oui);
int oui2comp(const char *oui, char *comp, size_t size);
This diff is collapsed.
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment