Wireless CTF Notes using a Raspberry Pi

For WCTF it’s a good idea to use Pentoo. However on short notice, I could only find Kali for Rapsberry Pi for an easy on-the-go build. Some notes for myself which might be useful to whoever reads this.

Bluetooth Fox Hunting

First enable bluetooth:

systemctl enable bluetooth 
systemctl enable hciuart

For bluetooth fox-hunting:

• blue_hydra
• ble_finder
• blue_sonar

For finding bluetooth with ble_finder, edit blue_hydra.yml to set:

rssi_log: true

Then use ble_finder to locate the devices in the list specified in the python script.

Alternatively, use blue_sonar to find the MAC you are hunting:

blue_sonar -t XX:XX:XX:XX:XX:XX

Bluetooth spoofing

To change/spoof the bluetooth MAC address on Raspberry Pi, you’ll need the tool bdaddr¹:

apt-get install libbluetooth-dev
wget -U firefox https://drive.google.com/open?id=1Gu4SSI8Rem3iFcCT70dRHKB4UGdee7n_
bzip2 -d bdaddrtar.bz2 && tar xf bdaddrtar
cd bdaddr && make

First confirm your original MAC address

$ hcitool dev
Devices:
        hci0    AA:AA:AA:AA:AA:AA

Run bdaddr to change the address:

$ ./bdaddr -i hci0 -r 00:11:22:33:44:55
Manufacturer:   Broadcom Corporation (15)
Device address: AA:AA:AA:AA:AA:AA
New BD address: 00:11:22:33:44:55

Address changed - Device reset successully

Reset and restart the hci device and bluetooth service

hciconfig hci0 reset
systemctl restart bluetooth.service

Finally, doublecheck the change:

$ hcitool dev
Devices:
        hci0    00:11:22:33:44:55

Wifi spoofing

To spoof wifi MAC address, download macchanger

apt-get install macchanger
macchanger -h
macchanger -m XX:XX:XX:XX:XX:XX

Sources: