I am in the middle of an ongoing experiment, where in I am trying to get a Bluetooth headset to work simultaneously with my windows mobile phone and also my PC. I recently got my hands on a Nokia BH-209 headset, I tested the audio quality on the and its amazing! I tested it with skype by pairing it with my PC and the voice clarity is brilliant. I have always been searching for a good reason to ditch my table Mic and this headset maybe the one.

Right now, I am still unable to make it work with both the PC and the phone at the same time, so I need to pair it to the device every time I need to use it. Although pairing is not a tedious process, it still needs some manual labour, like deleting existing devices, adding and re-pairing. Almost a 5 minute task every time I want to use it. I want to avoid this hassle. Yes I am lazy.

The basic idea behind my experiment is simple, fake the connection. Make the headset think that is communicating its my phone, a spoof attack sort of a thing. My knowledge in bluetooth is limited so my initial plan of action was to follow these steps, spoof the mac of the bluetooth dongle on my pc so that it is the same as that of my phone, then change the device class of my PC from Computer -> Desktop to Computer -> Palm (My phone is the imate version of the htc wizard with windows mobile 2005) and finally find the secret authentication key between the phone and the headset. Once I get that I can emulate the phone on the pc and try to connect to it. Unfortunately there are any tools available in windows to do some serious work. The tools that we generally use to change the MACs of network cards like SMAC or A-MAC will not work with bluetooth adapters, so I had to come to Linux.

The first step was to change the Bluetooth hardware address of my bluetooth dongle. After hours of digging around, I finally found a way to do this. Here it is. I did this in Ubuntu 8.10 Intrepid Ibex, it had all the bluetooth modules already installed, else, install hci and hci related packages on your distro.

Some info first. All bluetooth devices have a hardware address similar to the MAC address for network (NIC) cards. That address is the unique identification information on the dongle. There’s a great tool called bdaddr that allows you to change the BD_ADDR, the physical address, in your Bluetooth adapter. It works with Ericcson, Cambridge Silicon Radio and Zeevo chipsets. You can download it here: bdaddr. By the way, you must intstall the bluez-utils and libbluetooth-dev packages.

1

sudo apt-get install bluez-utils libbluetooth-dev

Getting the address of the phone or the device you want to fake. Switch on the bluetooth on the phone.

1

$ hcitool scan
Scanning for available devices

Scanning for available devices

Now we have the address that we need to fake. i.e. 00:12:37:85:1B:78. We need to compile the bdaddr application, extract it to a folder and “make” it.

Compiling bdaddr

Compiling bdaddr

Once that is done, we now a working version of bdaddr.

BD_ADDR

BD_ADDR

As you can see, bdaddr detected my dongle. The device address is same as that of the phone because I recently changed it.

1
2
3

[heaton@sulphure:~/Downloads/bdaddr]$ ./bdaddr
Manufacturer:   Cambridge Silicon Radio (10)
Device address: 00:12:37:85:1B:78

Switch to root to proceed and then follow what I did (in the image below).

Changing the BD_ADDR of the dongle

Changing the BD_ADDR of the dongle

1
2
3

hciconfig hci0
./bdaddr -i hci0 00:12:37:85:1B:98
hciconfig hci0 reset

Unplug the adapter and insert it again. Check for the change in address.

Address changed to new specified one.

Address changed to new specified one.

YAY! my first step is complete, I am working on the next two steps and will post as soon I make a breakthrough.

Bookmark and Share