cader Posted July 7, 2021 Share Posted July 7, 2021 So far I have not been able to have success with either of these. Are they BT low energy only? Does the function expect the BT mac address or the device name? I've tried with many combinations of various options and even looked over a hex dump of the output of /dev/ttyS1 Has anyone else been able to make this work? What am I missing? Link to comment Share on other sites More sharing options...
cader Posted July 7, 2021 Author Share Posted July 7, 2021 I've also monitored /tmp/bt_observation while running both functions. Link to comment Share on other sites More sharing options...
cader Posted July 7, 2021 Author Share Posted July 7, 2021 #!/bin/bash function WHY_NO_WORK() { stty -F /dev/ttyS1 speed 115200 cs8 -cstopb -parenb -echo -ixon -icanon -opost stty -F /dev/ttyS1 speed 115200 cs8 -cstopb -parenb -echo -ixon -icanon -opost sleep 1 echo -n -e "AT+ROLE=2" > /dev/ttyS1 echo -n -e "AT+RESET" > /dev/ttyS1 while true; do timeout 1s cat /dev/ttyS1 > /tmp/bt_observation if grep -qao $1 /tmp/bt_observation; then echo "$1 found" else echo "$1 not found" fi done } WHY_NO_WORK 58:A8:F8:A6:C6:69 Is how I've been testing the BT chip after trying the above. Link to comment Share on other sites More sharing options...
cader Posted July 9, 2021 Author Share Posted July 9, 2021 The only device I've been able to detect with both the above script and the included functions has been my neighbors fitbit. My keyboard and phone (both in normal operation, pairing mode, and my phone running multiple kinds of beacon apps) are not detected. So I cracked the device open and discovered the BBmk2 uses an E104-BT52 chip for RX. I don't know enough about bluetooth to speak with authority, but the chip seems to be focused on BLE. I don't know why a normal BT radio was off the table as the device only runs when supplied with USB power and doesn't have the restricted power parameters of normal BLE applications. Maybe it's a firmware or tooling issue. IDK. But I can say for certain that the radio capabilities of the device are early alpha at best. I hope to be proven wrong as this was not a cheap device. Link to comment Share on other sites More sharing options...
Darren Kitchen Posted July 10, 2021 Share Posted July 10, 2021 I should have clarified this earlier. I've written up an article to help clear this up. https://shop.hak5.org/blogs/bash-bunny/remote-triggers-for-the-bash-bunny-mark-ii The bottom section on how it works explains the function of the extension. Link to comment Share on other sites More sharing options...
cader Posted July 12, 2021 Author Share Posted July 12, 2021 THANK YOU!! I'd given up for a bit with the trigger. So I appreciate the write up. I apologize for my sass. I was getting a little frustrated after fruitless debugging of a black box system and I was rude. My bad. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.