Shellcoders Programming Uncovered (Uncovered series)

For hunting for Bluetooth networks, it is necessary to increase the operating radius up to 100 meters . This can be done easily. To achieve this goal, it is enough to open the case of a Bluetooth adapter (Fig. 29.3), remove the electronics module from the case, use a soldering iron to heat and remove the existing antenna cable, and solder a wire of an external 2.4-GHz antenna taken from a WLAN device. Detailed instructions explaining how to carry out this modification can be found at http://www.bluedriving.com .

Figure 29.3: Bluetooth adapter

However, for a serious attack, a distance of 100 meters is not enough. True hunters acquire pencil-beam random or parabolic antennae. Such antennae are widely available and can be purchased from such companies as Hyper-Link Technologies or PCTEL (manufacturer of MAXRAD). It is possible to purchase such an antenna over the Internet. A high-quality antenna costs about $50.

The most popular model is HG2415Y from HyperLink Technologies, characterized by an amplification coefficient equal to 14 dB and a suitable directional pattern (Fig. 29.4). It is compact (462 — 76 mm) and can be carried in a bag, which would allow the hacker to avoid undesirable attention.

Figure 29.4: Directional pattern of the HG2415Y antenna

For convenience of aiming (with such a directional pattern, this task is not trivial), most hackers install the antenna with a photographic tripod and equip it with a butt and an optical sight. As a result, the hacker creates a B1ueSniper rifle with injurious action of 1 km.

Among parabolic antennae, the top choice is HG2424G from Hyper-Link Technologies. The amplification coefficient of 24 dB is excellent . A sharp directional pattern (Fig. 29.5) allows a hacker to detect Bluetooth-enabled devices at the distance of several kilometers. However, this antenna is too bulky (100 — 60 sm), which considerably complicates its transportation. The narrow directional pattern complicates aiming, which is especially inconvenient when the target moves quickly. Therefore, in most cases, HG2415Y is preferred by wardriving hackers.

Figure 29.5: Directional pattern of the HG2424G antenna

A third antenna, the 1.5-m parabolic HG2430D providing a 30-dB amplification coefficient, costs $300. Is it worth this money? Certainly, it would be good for hunting for stationary targets. However, for wardriving it is too bulky and inconvenient.

Interesting Links Related to Antennae

• PCTEL. An American company that manufactures antennae and supplies them through the Internet: http://www.maxrad.com/cgi/press.cgi .

• HyperLink Technologies. Another American company, from which it is possible to purchase an antenna: http://www.hyperlinktech.com/web/antennas_2400_out_directionaLphp .

• " Building a BlueSniper Rifle ." An interesting article on building a B1ueSniper rifle, which can scan and attack Bluetooth devices more than a mile away: http://www.tomsnetworking.com/Sections-article106-page1.php .