Hi folks,

first of all, I'd like to send my regards to the OffSec Kali crews. Since I've opened the door of curiosity on computers, years ago as a teenager, I have never seen so much effort in the spread of quality hacking. You're at The Hackers Choice level, for sure ;D

Well, as Kali Linux being release to its 16.1 version, my USB/Bluetooth adapter (Empire Bluetooth 4.0 USB JC-F-1193 3640) stopped working. So I can go back to my Metallica-inspired hacking sessions, here are the things I've been trying to get my interesting problem solved:

1) Verifying I/O
root@ThinkIsMyCrime:~# dmesg | tail
[ 6716.510642] Bluetooth: RFCOMM ver 1.11
[ 7616.039665] usb 2-1.1: USB disconnect, device number 6
[ 7644.442120] usbcore: deregistering interface driver btusb
[ 7694.315780] usb 2-1.1: new full-speed USB device number 7 using ehci-pci
[ 7694.459484] usb 2-1.1: New USB device found, idVendor=0a12, idProduct=0001
[ 7694.459494] usb 2-1.1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 7694.476728] usbcore: registered new interface driver btusb
[ 7694.661559] Bluetooth: RFCOMM TTY layer initialized
[ 7694.661577] Bluetooth: RFCOMM socket layer initialized
[ 7694.661592] Bluetooth: RFCOMM ver 1.11

2) Checking bluetooth related modules
root@ThinkIsMyCrime:~# lsmod | grep bluetooth
bluetooth 516096 29 bnep,btbcm,btrtl,btusb,rfcomm,btintel
rfkill 24576 8 cfg80211,acer_wmi,bluetooth
crc16 16384 2 ext4,bluetooth

3) More bluetooth information
root@ThinkIsMyCrime:~# hciconfig
hci0: 00:15:831:B0:54 Type: BR/EDR Bus: USB
BD Address: ACL MTU: 310:10 SCO MTU: 64:8
UP RUNNING PSCAN ISCAN
RX bytes:706 acl:0 sco:0 events:53 errors:0
TX bytes:2514 acl:0 sco:0 commands:50 errors:0

4) root@ThinkIsMyCrime:~# hcitool scan
Scanning ...

Hum...it seem nothing was found. The bluetooth interface is up, though. Playing with hcitool options, the device was not found. And as well as hcitool scan, blueman-manager fails in the device discovery process.

If the modules were loaded right, things were supposed to work. Right? Let's look at bluetooth services status:

5) root@ThinkIsMyCrime:~# service bluetooth status
● bluetooth.service - Bluetooth service
Loaded: loaded (/lib/systemd/system/bluetooth.service; enabled; vendor preset: disabled)
Active: active (running) since Sun 2016-09-04 02:25:09 BRT; 30min ago
Docs: man:bluetoothd(8)
Main PID: 7261 (bluetoothd)
Status: "Running"
Tasks: 1 (limit: 4915)
CGroup: /system.slice/bluetooth.service
└─7261 /usr/lib/bluetooth/bluetoothd

Sep 04 02:34:07 ThinkIsMyCrime bluetoothd[7261]: Sap driver initialization failed.
Sep 04 02:34:07 ThinkIsMyCrime bluetoothd[7261]: sap-server: Operation not permitted (1)
Sep 04 02:34:08 ThinkIsMyCrime bluetoothd[7261]: RFCOMM server failed for Headset Voice gateway: rfcomm_bin
Sep 04 02:34:08 ThinkIsMyCrime bluetoothd[7261]: RFCOMM server failed for Headset Voice gateway: rfcomm_bin
Sep 04 02:34:08 ThinkIsMyCrime bluetoothd[7261]: Endpoint registered: sender=:1.125 path=/MediaEndpoint/A2D
Sep 04 02:34:08 ThinkIsMyCrime bluetoothd[7261]: Endpoint registered: sender=:1.125 path=/MediaEndpoint/A2D
Sep 04 02:34:08 ThinkIsMyCrime bluetoothd[7261]: Endpoint registered: sender=:1.123 path=/MediaEndpoint/A2D
Sep 04 02:34:08 ThinkIsMyCrime bluetoothd[7261]: Endpoint registered: sender=:1.123 path=/MediaEndpoint/A2D
Sep 04 02:34:08 ThinkIsMyCrime bluetoothd[7261]: Endpoint registered: sender=:1.119 path=/MediaEndpoint/A2D
Sep 04 02:34:08 ThinkIsMyCrime bluetoothd[7261]: Endpoint registered: sender=:1.119 path=/MediaEndpoint/A2D

Again, everything seems allright, except for the rfcomm server.

Another way to manipulate bluetooth devices is by bluetoothctl.

6) [bluetooth]# show
Controller 00:15:831:B0:54
Name: ThinkIsMyCrime
Alias: ThinkIsMyCrime
Class: 0x0c010c
Powered: yes
Discoverable: yes
Pairable: yes
UUID: Headset AG (00001112-0000-1000-8000-00805f9b34fb)
UUID: Generic Attribute Profile (00001801-0000-1000-8000-00805f9b34fb)
UUID: A/V Remote Control (0000110e-0000-1000-8000-00805f9b34fb)
UUID: Generic Access Profile (00001800-0000-1000-8000-00805f9b34fb)
UUID: PnP Information (00001200-0000-1000-8000-00805f9b34fb)
UUID: A/V Remote Control Target (0000110c-0000-1000-8000-00805f9b34fb)
UUID: Audio Source (0000110a-0000-1000-8000-00805f9b34fb)
UUID: Audio Sink (0000110b-0000-1000-8000-00805f9b34fb)
Modalias: usb:v1D6Bp0246d0524
Discovering: no

7) Finally, the blueman-manager events seek and sucessfully find the adapter, but no device at all is detected.


I have stopped here. Tomorrow I will dive into rfcomm server situation, where maybe lies the answer. If someone experienced the same problem while migrating from last Kali to Rolling version, please raise your finger.

One interesting fact aroused from the investigations is the possibility of use the own bluetooth managing tools to attack related devices. Anyone interested in python + bluetooth hacking? ;D

See you guys and happy hacking ;D