Advice for HackerOtherPenetration Testing

Hack Like Mr. Robot: How to Hack Bluetooth using Kali Linux?

How to Hack Bluetooth using Kali Linux? Episode 6 of Mr. Robot has traveled every which way and, not surprisingly, it didn’t disillusion. By and by, our saint, Elliot, has utilized his remarkable mind and hacking abilities to wonderment and rouse us.

In this scene, Elliot is being extorted by the merciless and unwavering street pharmacist, Vera, to hack him out of prison. He is holding Elliot’s new love intrigue, Shayla, prisoner and has given Elliot until midnight to hack the correctional facility’s PC framework keeping in mind the end goal to discharge him.

How to Hack Bluetooth using Kali Linux?

Elliot tries to disclose to Vera that such a hack isn’t possible in a matter of hours, yet rather days or weeks to discover a security weakness that he can misuse. Vera, being the horrendous and dim witted executioner that he is, won’t yield to give Elliot additional time. Therefore, Elliot needs to endeavor some not exactly ideal procedures to attempt to hack Vera out of prison to spare the exquisite Shayla (as you recollect, Shayla is additionally his morphine provider).

Malicious Flash Drive

In his first endeavor to hack the prison, Elliot has Darlene, his companion and adversary from f/society, “unintentionally” drop contaminated glimmer drives outside the correctional facility. The methodology here is that in the event that somebody inside the correctional facility’s system lifts one up and embeds it into their PC framework, which will then infuse malware and give Elliot an association all things considered.

Obviously, an imbecilic prison guard picks one up and embeds it into his PC. Elliot can get a SSH association with it, yet before he can do anything, the AV programming identifies it and separates Elliot. Elliot then scolds Darlene as a “script-kiddie” for utilizing an outstanding malware from Rapid9 (a reference to Metasploit’s engineer, Rapid7) instead of build up another adventure, and Darlene guards herself saying “I just had 60 minutes.” (She could have re-encoded it with Veil-Evasion and it may have gone past the AV programming undetected.)

Some have addressed whether this approach could work. Before the debilitating of the programmed autorun include on present day working frameworks, you could have an EXE record on the glimmer drive that would consequently execute. On a present day OS, autorun is crippled as a matter of course.

We may accept that this machine had the autorun include empowered or, more probable, Darlene had introduced the malware on a glimmer drive that has been reconstructed to copy a USB console. At the point when the glimmer drive is introduced on the framework, the working framework then perceives the blaze drive as a USB console, giving it access with the privileges of the signed in client and after that infuses its vindictive code into the working framework. Along these lines, this approach may have worked had Darlene re-encoded the malware with Veil-Evasion.

Hack WPA2

While Elliot is going by Vera in prison, he carries his telephone with him, on which he has introduced a Wi-Fi scanner application. With that scanner, he can see all the Wireless APs and sees that they are altogether secured with WPA2. In spite of the fact that he knows he can split WPA2, he perceives that the brief span outline he is working with is insufficient to savage compel WPA2.

During the time spent checking remote hotspots and encryption advances with his telephone, Elliot sees a Bluetooth association when a prison guard’s auto drive ups close him.

That goads Elliot into another methodology, in particular, hack the Bluetooth and enter the jail’s PC framework by means of the cop auto’s committed cell association with the jail!

How to Hack Bluetooth using Kali Linux? Hacking a Bluetooth Keyboard

Enable Bluetooth

Before Elliot can do anything, he needs to enable Bluetooth on his Linux hacking system by starting the bluetooth service:

kali > service bluetooth start

Next, he needs to activate the Bluetooth device:

kali > hciconfig hci0 up

Then he checks to see if it is actually working, as well as its properties, by typing:

kali > hciconfig hci0

Scan for Bluetooth Devices

The first thing Elliot does in this hack is to scan for Bluetooth connections. If you look closely at Elliot’s screen, you can see that he is using hcitool, a built-in Bluetooth configuration tool in Kali Linux. Although this works, I have had better success with btscanner, a built-in Bluetooth scanner with a rudimentary GUI. To use it, simple type:

kali > btscanner

Then select “i” to initiate an inquiry scan. You can see the results below.

Using btscanner, we can get a list of all the Bluetooth devices in range. This one here has a MAC address and a name of “Tyler”—to spoof this device, we must spoof the MAC address and name of the device.

This is how Elliot gets the MAC address and name of the Bluetooth device in the cop’s car. Remember that Bluetooth is a low-power protocol with a range of just about 10 meters (although with a directional antenna, distances as much as 100 meters have been achieved).

Spoof the MAC Address of the Keyboard

Now that Elliot has the name and MAC address of the cop’s keyboard, he will need to spoof it by cloning the cop’s keyboard with this info. Kali Linux has a tool designed to spoof Bluetooth devices called spooftooph. We can use it to spoof the keyboard with a command similar to this:

kali > spooftooph -i hci0 -a A0:02:DC:11:4F:85 -n Car537

  • -i designates the device, in this case hci0
  • -a designates the MAC address we want to spoof
  • -n designates the name of the device we want to spoof, in this case “Car537”

If we do it right, our Bluetooth device will spoof the MAC address and name of the cop’s computer-Bluetooth device.

To check to see whether we were successful, we can use hciconfig followed by the device and the switch “name” that will list the name of the device. Remember, this is our Bluetooth device that we are trying emulate with the cop car’s Bluetooth device. If we are successful, it will have the same MAC address and name of the cop’s Bluetooth device.

kali > hciconfig hci0 name

Now, we have a Bluetooth device that is a perfect clone of the cop car’s Bluetooth keyboard!

Link Bluetooth Device to the Cop’s Laptop

Now, here is where reality and the Mr. Robotstoryline diverge. Mr. Robot’s hacking is very realistic, but even in this show, the director takes some literary license. That’s allowed—creative works should be not limited by reality.

For Eliot to now connect to the cop car’s laptop, he would need the link-key (this is a key to identify the previously-paired Bluetooth device) that was exchanged between the keyboard and the Bluetooth adapter on the laptop.

He could guess it (unlikely) or crack it, but it won’t be as fast as it appeared in the show. Another possibility is that when the system rebooted or the keyboard was disconnected, Elliot could connect to the laptop as it is a clone of the cop’s keyboard. In either case, it would take more time than Elliot had in this episode to hack the cop’s Bluetooth keyboard.

Hack the Prison

In the final step, Elliot uses the cop’s hacked computer to upload malware via FTP that will give him control of the prison cell doors. Few people realize that prisons and other industrial systems, often referred to as SCADA, are very hackable.

The Stuxnet hack of Iran’s uranium enrichment facility was very similar to this. These industrial system have PLCs that are basically digital controllers. Presumably, this prison had PLCs controlling the prison cell doors (a very reasonable assumption) and Elliot’s malware infected them and gave him control, enabling him to open all the cells, releasing Vera and all the other prisoners.

William Keener

William is a tech writer at Hacktoday. He's been writing how-to guides for about 4 years now and has covered many topics. He loves to cover topics related to Windows, Android, and the latest tricks and tips.

Related Articles

Back to top button