分类: LINUX
2009-02-04 11:49:06
You have found a device. What can you do with it? Can you use it to
go online, send or receive files, or stream audio? This is a job for
SDP--a protocol to offer and request services. What does my Zaurus
offer?# sdptool browse 00:A0:96:0A:D1:80
Browsing 00:A0:96:0A:D1:80 ...
#
It looks like there is no service. I need to add some. How about NAP to offer networking, DUN to offer PPP networking, OPUSH to receive files, and SP to let another computer use the Zaurus serial port?
# sdptool add NAP
# sdptool add DUN
# sdptool add OPUSH
# sdptool add SPAttention: I don't have space in this article to configure DUN, OPUSH, and SP. I'll just show how to fake support for this profile. Why not play pretend for once? An addition benefit is that this approach is useful as a honeypot to find in the syslog devices attempting to take advantage of DUN, OPUSH, and SP for Bluesnarfing or Bluejacking attacks.
Now what does the Zaurus offer?
# sdptool browse 00:A0:96:0A:D1:80
Browsing 00:A0:96:0A:D1:80 ...
Service Name: Network Access Point Service
Service RecHandle: 0x10000
Service Class ID List:
"Network access point" (0x1116)
Protocol Descriptor List:
"L2CAP" (0x0100)
PSM: 15
"BNEP" (0x000f)
Version: 0x0100
SEQ16: 10 20 30 40
Profile Descriptor List:
"PAN access point" (0x1116)
Version: 0x0100
Service Name: Dial-Up Networking
Service RecHandle: 0x10001
Service Class ID List:
"Dialup Networking" (0x1103)
"Generic Networking" (0x1201)
Protocol Descriptor List:
"L2CAP" (0x0100)
"RFCOMM" (0x0003)
Channel: 1
Profile Descriptor List:
"Dialup Networking" (0x1103)
Version: 0x0100
Service Name: OBEX Object Push
Service RecHandle: 0x10002
Service Class ID List:
"OBEX Object Push" (0x1105)
Protocol Descriptor List:
"L2CAP" (0x0100)
"RFCOMM" (0x0003)
Channel: 4
"OBEX" (0x0008)
Profile Descriptor List:
"OBEX Object Push" (0x1105)
Version: 0x0100
Service Name: Serial Port
Service Description: COM Port
Service RecHandle: 0x10003
Service Class ID List:
"Serial Port" (0x1101)
Protocol Descriptor List:
"L2CAP" (0x0100)
"RFCOMM" (0x0003)
Channel: 1
Language Base Attr List:
code_ISO639: 0x656e
encoding: 0x6a
base_offset: 0x100
Profile Descriptor List:
"Serial Port" (0x1101)
Version: 0x0100Much better.
Now I want to try some networking. Imagine the Zaurus has a network connection to the internet, and you would like to share that connection with other devices. It's IP over Bluetooth!
On the Zaurus, start the network daemon in server mode:
# pand --listen --master --role NAPOn your PC, look for a NAP:
# sdptool search NAP
Inquiring ...
Searching for NAP on 00:A0:96:0A:D1:80 ...
Service Name: Network Access Point Service
Service RecHandle: 0x10000
Service Class ID List:
"Network access point" (0x1116)
Protocol Descriptor List:
"L2CAP" (0x0100)
PSM: 15
"BNEP" (0x000f)
Version: 0x0100
SEQ16: 10 20 30 40
Profile Descriptor List:
"PAN access point" (0x1116)
Version: 0x0100It looks like the Zaurus correctly advertises its support for PAN. Now connect with pand in client mode:
# /usr/bin/pand --role PANU --service NAP --connect 00:A0:96:0A:D1:80You can also let pand search in client mode to find a NAP to connect to and then do the connection:
# /usr/bin/pand --role PANU --service NAP --searchEach device will then have a bnep0 device that supports automatic configuration--perhaps with DHCP or with a static IP address.
pand calls a script named dev-up in /etc/bluetooth/pan/ whenever it creates a bnepx interface; this is the easiest way to configure bnep0. You can alternatively try to use hotplug.
On the Zaurus, type (and store in /etc/bluetooth/pan/dev-up for the next time):
ifconfig bnep0 192.168.1.1
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADEOn the PC, type (and store in /etc/bluetooth/pan/dev-up for the next time):
ifconfig bnep0 192.168.1.2
route add default gw 192.168.1.1You can now ping the Zaurus and use it to connect to the internet.
pand is a network daemon--you can use it to do
different things, including peer-to-peer networking, if you use GN
instead of NAP. On the client run:
# pand --listen --role GNThis will look for peer-to-peer servers to connect to as you pass by. Along with a DHCP request to get an IP address on bnep0, it offers unique possibilities to share files with passersby who have configured their Bluetooth devices likewise. See for more information.
So far, your Bluetooth device has only reached the feature set provided by WiFi--maybe with more nice options and possibilities for automation.
Even with just networking, there is much more than PAN in Bluetooth.
My next article will play with DUND and SP--respectively, PPP over Bluetooth and serial port export to handle traditional serial port issues. You can take advantage of these profiles to offer dial-on-demand services and wireless synchronization of a Palm pilot featuring Bluetooth.
I will also show how to exchange files with OBEX, and use that to back up a cellphone. I will explain Bluesnarfing and Bluejacking attacks to transform the cellphone backup into a "cellphone slurper," which will attempt to download the content of the phonebook, calendar, pictures, etc. of any passing Bluetooth phone that accepts the transfer.
Guylhem Aznar is a third year medical resident and Ph. D. student and the coordinator of The Linux Documentation Project