My new bt adapter has just arrived and it works with laptop but I would like to equip OTG :) on my OnePlus One - the Sena UD100-G03. Tried everything I could find online related to bluetooth.
Re-flashed latest Kali nightly (2017.11-18-1618), with latest kernel on CM13.1.2.
Linux version 3.4.112-cyanogenmod-g8fbc62e (root@nhbuild-box) (gcc version 4.7 (GCC) ) #3 SMP PREEMPT Fri Aug 12 19:57:27 CDT 2016
Updated with apt-get update, dist-upgrade but still not getting it. Has the bluetooth package, bluez, blueman.

with dbus running, bluetooth service/bluetoothd does not want to start. Seems like a permission issue to use the "external bt accessing" module for me. Couldn't find any solution for weeks now, hope there is a chance to get it working.
Everything else is working like HID, wlan injection, etc.



[FAIL] bluetooth is not running ... failed!
root@kali:~# bluetoothd -n
bluetoothd[30492]: Bluetooth daemon 5.49
bluetoothd[30492]: Failed to access management interface
bluetoothd[30492]: Adapter handling initialization failed

Also a strange thing that dbus struggles to start since the last few updates (not sure when). Takes about 3mins to start and seems like not doing it's job properly.

Managed to see a dbus-monitor:


root@kali:/# dbus-monitor --system
signal time=1532327145.748679 sender=org.freedesktop.DBus -> destination=:1.0 serial=2 path=/org/freedesktop/DBus; interface=org.freedesktop.DBus; member=NameAcquired
string ":1.0"
signal time=1532327145.754697 sender=org.freedesktop.DBus -> destination=:1.0 serial=4 path=/org/freedesktop/DBus; interface=org.freedesktop.DBus; member=NameLost
string ":1.0"
method call time=1532327345.837790 sender=:1.1 -> destination=org.freedesktop.DBus serial=1 path=/org/freedesktop/DBus; interface=org.freedesktop.DBus; member=Hello
method return time=1532327345.837857 sender=org.freedesktop.DBus -> destination=:1.1 serial=1 reply_serial=1
string ":1.1"
signal time=1532327345.837901 sender=org.freedesktop.DBus -> destination=(null destination) serial=5 path=/org/freedesktop/DBus; interface=org.freedesktop.DBus; member=NameOwnerChanged
string ":1.1"
string ""
string ":1.1"
signal time=1532327345.837962 sender=org.freedesktop.DBus -> destination=:1.1 serial=2 path=/org/freedesktop/DBus; interface=org.freedesktop.DBus; member=NameAcquired
string ":1.1"
method call time=1532327345.838793 sender=:1.1 -> destination=org.freedesktop.DBus serial=2 path=/org/freedesktop/DBus; interface=org.freedesktop.DBus; member=RequestName
string "org.bluez"
uint32 4
signal time=1532327345.838852 sender=org.freedesktop.DBus -> destination=(null destination) serial=6 path=/org/freedesktop/DBus; interface=org.freedesktop.DBus; member=NameOwnerChanged
string "org.bluez"
string ""
string ":1.1"
signal time=1532327345.838910 sender=org.freedesktop.DBus -> destination=:1.1 serial=3 path=/org/freedesktop/DBus; interface=org.freedesktop.DBus; member=NameAcquired
string "org.bluez"
method return time=1532327345.838947 sender=org.freedesktop.DBus -> destination=:1.1 serial=4 reply_serial=2
uint32 1
method call time=1532327345.839649 sender=:1.1 -> destination=org.freedesktop.DBus serial=3 path=/org/freedesktop/DBus; interface=org.freedesktop.DBus; member=AddMatch
string "type='signal',interface='org.freedesktop.DBus.Loca l',member='Disconnected'"
method return time=1532327345.839698 sender=org.freedesktop.DBus -> destination=:1.1 serial=5 reply_serial=3
signal time=1532327345.841698 sender=org.freedesktop.DBus -> destination=:1.1 serial=7 path=/org/freedesktop/DBus; interface=org.freedesktop.DBus; member=NameLost
string "org.bluez"
signal time=1532327345.841757 sender=org.freedesktop.DBus -> destination=(null destination) serial=8 path=/org/freedesktop/DBus; interface=org.freedesktop.DBus; member=NameOwnerChanged
string "org.bluez"
string ":1.1"
string ""
signal time=1532327345.841820 sender=org.freedesktop.DBus -> destination=:1.1 serial=9 path=/org/freedesktop/DBus; interface=org.freedesktop.DBus; member=NameLost
string ":1.1"
signal time=1532327345.841859 sender=org.freedesktop.DBus -> destination=(null destination) serial=10 path=/org/freedesktop/DBus; interface=org.freedesktop.DBus; member=NameOwnerChanged
string ":1.1"
string ":1.1"
string ""


When started it manually, the bluetooth service starts too but still not getting any info from dbus. You can see that in the next reply. I guess bt service starts because there is a not completely started dbus service, so doesn't make any difference.

I tried many configs for avahi-dbus.conf to let everything through, but whenever I reload and start again, it is still slow, and bluetooth is not working.

Thanks for reading!

service bluetooth start

service bluetooth start

Might not be obvious, I did that and doesn't work, except when I get the dbus service reloaded, then the bluetooth service starts. Still doesn't get bluetooth communication though, nor info in the rfkill list.



root@kali:~# service bluetooth start
[ ok ] Starting bluetooth: bluetoothd.
root@kali:~# service bluetooth status
[FAIL] bluetooth is not running ... failed!
root@kali:~# service dbus force-reload
[....] Reloading system message bus config...
Failed to open connection to "system" message bus: Did not receive a reply. Possible causes include: the remote application did not send a reply, the message bus security policy blocked the reply, the reply timeout expired, or the network connection was broken.
root@kali:~# service dbus status
[ ok ] dbus is running.
root@kali:~# service bluetooth start
[ ok ] Starting bluetooth: bluetoothd.
root@kali:~# service bluetooth status
[ ok ] bluetooth is running.
root@kali:~# hciconfig -a
root@kali:~# hciconfig hci0 up
Can't get device info: No such device
root@kali:~# service bluetooth status
[ ok ] bluetooth is running.
root@kali:~# hciconfig hci0 up
Can't get device info: No such device
root@kali:~# rfkill list
0: phy0: Wireless LAN
Soft blocked: no
Hard blocked: no

After researching and changing programs, settings for countless hours, I finally thought okay, let's build a kernel from scratch for it. I have enabled btusb, and rfcomm (NOT as a module, as OnePlusOne doesn't load modules! And now I can see my bluetooth adapter. Dbus and bluetooth service doesn't even need to be run for it. Bluetooth service still can't run btw.

Scanning, inquiring, sdptool works.

But the most needed part of it doesn't work: RFCOMM
I have enbaled in the kernel, so for me now it seems to be an rfcomm driver issue.

Even after creating it's folder manually


mkdir -p /dev/bluetooth/rfcomm
mknod -m 666 /dev/bluetooth/rfcomm/0 c 216 0

bluesnarfer gets the device name, then gives me timeout error:


device name: *********
bluesnarfer: open /dev/bluetooth/rfcomm/0, Connection timed out
bluesnarfer: bt_rfcomm_config failed
bluesnarfer: unable to create rfcomm connection
bluesnarfer: release rfcomm ok

l2ping gives me the same error, less explained


Can't connect: Connection timed out

I have tried almost all possible non-rfcomm related things:
Re installed:
CM13.0 + nethunter nightly / my own build from nethunter-fs builder, with many other, and my own kernel
CM13.1 + nethunter nightly / my own build from nethunter-fs builder, with many other, and my own kernel
LineageOS 14.1 + nethunter nightly / my own build from nethunter-installer with kernels from the web
LineageOS 15.1 + nethunter nightly / my own build from nethunter-installer with kernel from the web (yes there is one available a few days ago!)

Also I am looking for the LineageOS 15.1 Nethunter kernel sources (or the solution for the original problem :) ), so I can try to build a new one with btusb and rfcomm enabled (as the above one doesn't have it)

@jcadduono @binkybear - you might be able to help me with kernels :)

Thanks for reading!

Installing bluez-4.7 from bluez.org makes the bluetooth service running. And 4.5 makes l2ping and rfcomm working. Although very unstable, it starts and l2ping works. Will try to check the difference in the services as rfcomm does not work without bt service. Even 4.99 from old.kali.org does not work in terms of service. Dbus actually works after creating a new kalifs. Will do a bit of research then close this issue but I have to return to life now. Maybe >4.5 bluez is not compatilbe with 3.4.11x kernels

In the meantime, it seems that the only possible way to get the bluetooth service running and working at all, by install bluez-4.5 without deleting the latest one installed..? Everything works, except bluesnarfer (which was not updated since published, any way of running it reboots the phone after few mins).

For those who need btusb enabled Oneplus One (bacon) kernel (also enabled CANBus)
https://androidfilehost.com/?fid=1322778262904029166

Also for those who suffers from laggy DBUS too, I have built latest Kalifs:
Generic NetHunter armhf full with su
https://www.androidfilehost.com/?fid=11410932744536983523
Generic NetHunter armhf full without su
https://www.androidfilehost.com/?fid=11410932744536983520

https://github.com/pwnieexpress/blue_hydra

Blue hydra tri it

Tried and nice. However, does not help bluetooth service to work. So anything that needs rfcomm, which needs btservice, fails with timeout

https://github.com/pwnieexpress/blue_hydra

Blue hydra tri it

Tried and nice. However, does not help bluetooth service to work. So anything that needs rfcomm, which needs btservice, fails with timeout

It all works until bluez 4.101, but some features are not working, eg. audio though bluetooth, and bluesnarfer, and who knows what else.

Kind of an RTFM for me, the bluez page clearly says what happened since bluez4

http://www.bluez.org/bluez-5-api-introduction-and-porting-guide/

So it turns out, that the

Failed to access management interface
comes from when I want to run btmgmt (which replaces the old org.bluez dbus way of working), which says

Unable to open btmgmt_socket
I can't see anything related to this in the kernel config, nor the kali side of packages. I can see that the btmgmt.h is included in the drivers, but no option in the config.

Any help would be appreciated.

Seems like the problem comes from the fact that socket bind is not permitted or so, the wrong argument comes when it wants to bind socket. Same happens at avahi-daemon, and openvas.

strace result for bluteoothd:


socket(AF_BLUETOOTH, SOCK_RAW|SOCK_CLOEXEC|SOCK_NONBLOCK, BTPROTO_HCI) = 4 bind(4, {sa_family=AF_BLUETOOTH, hci_dev=htobs(65535), hci_channel=HCI_CHANNEL_CONTROL}, 6) = -1 EINVAL (Invalid argument)

On my kali amd64 laptop, it binds succesfully. Not sure what's missing, there must be some kind of permission issue, but googling for days didn't help me. Maybe @binkybear ? Any ways to enable socket binding for bluetoothd?