NetHunter Bluetooth-Arsenal

Bluetooth-Arsenal is the control centre for Bluetooth based attacks.

Start Bluetooth Arsenal

Click on the hamburger menu item and select โ€œBluetooth Arsenalโ€ to open the Bluetooth menu. Here you can start & stop the services, enable the interfaces, and scan for discoverable devices. Note that devices can be also found which is not in discovery mode, using the Redfang in the next page. BLE is not supported yet.

Only first run: Tap on โ€œCheck and installโ€ on the welcome popup to install dependencies. If you need to setup or update in the future, use the options menu at any time on the top right corner.

Main Menu

Connect your bluetooth adapter(s) via OTG if you havenโ€™t done so, and press the refresh icon to have them in the spinner menu. Enable dbus, bluetooth services, and bring up the adapter (hci0) using the switches. If you select a second adapter (hci1), tap refresh again, and bring up that one too with the interface switch. Select the required interface for scanning in the spinner. Enter your scan time if 10 seconds is not ideal. You are ready to scan, press โ€œSCAN FOR DEVICESโ€. If any found, tap on it, so it will be selected for later usage.

Enter your interface name, if your use multiple adapters. You can paste the selected target address by tapping on the โ€œUSE SELECTED TARGETโ€.

L2ping

Ideal for crashing targetโ€™s bluetooth stack, so the connected device(s) may get disconnected, available for discovery or attacks. Modify the size, or count if needed. Flood ping also boosts up the possibility to disconnect paired devices. Reverse ping sends echo response instead of echo request.

Redfang

Use to find devices which are not in pairing mode. Enter the target range, and modify the logfile path if needed. Tap on โ€œHUNT FOR DEVICESโ€ to start.

Blueranger

See how close the target is. Tap on โ€œCHECK PROXIMITYโ€ to start.

SDPtool

Look at the targetโ€™s services to find open ones. Handsfree service is our vulnerable audio service. Tap on โ€œDISCOVER SERVICESโ€ to start.

Spoof

Enter your interface name, if your use multiple adapters. You can paste the selected targetโ€™s address, name, and class by tapping on the โ€œUSE SELECTED TARGETโ€, otherwise enter the desired modifications.

Tap on โ€œAPPLYโ€ to set. You can also verify by tapping on โ€œCHECKโ€.

Carwhisperer

Enter your interface name, if your use multiple adapters. You can paste the selected target address by tapping on the โ€œUSE SELECTED TARGETโ€.

Modify the channel, if the targetโ€™s Handsfree service is on a different one. Select the mode:

Listen

Will start recording the audio from the targetโ€™s microphone. Modify the record filename if needed.

Inject

Will inject the selected audio to the target, so it will be played on itโ€™s speaker. Enter or select the audio fileโ€™s path to inject.

Tapping on โ€œLAUNCHโ€ starts the script in the terminal. You can kill in the terminal with CTRL+C or in the app by tapping on โ€œKILLโ€. Play button starts to stream live on your speaker if listening is running, otherwise it will play the last recording. Please note that the Stop button will stop the playback, pause is not supported.

Last updated