Hack 18 Connect to the Internet with GPRS Bluetooth
| < Day Day Up > |
| Attempt to get the impossible to happen: a GPRS data connection over Bluetooth with Knoppix . Bluetooth is a Personal Area Networking (PAN) protocol with a very limited range (the most powerful consumer devices, Class 1, have a range of 100 meters ). Bluetooth allows you to connect devices together into "pairs." GPRS, or General Packet Radio Service, is a packet-switched protocol that's layered on top of the circuit-switched GSM (or IS-136 TDMA) network. This permits the use of a packet-based data service (like TCP/IP). This hack pairs your cell phone with your computer's Bluetooth adapter and uses your cell phone as a pseudo-modem device. It's not your father's modem, that's for sure. No wires needed. GPRS connections require either a terminal or cellular connection to your given provider. GPRS dynamically allocates bandwidth by the number of available timeslots (time period allocated to one call). In turn , it allocates timeslots based on need, and therefore, you will get extra timeslots only when it's necessary. This provides a very efficient use of the spectrum and has a major benefit over Circuit Switched Data, because it doesn't need to allocate a circuit for constant use. The theoretical bandwidth limit for GPRS is 172.2 Kbps; however, this is assuming that you are able to use all eight timeslots for a given cell. In reality, most providers only let you have two to four timeslots. For instance, T-Mobile gives four RX timeslots and two TX timeslots. 2.10.1 Parts ListYou need more than just a Knoppix disc and a computer to get this connection to work. You must use the following parts:
Using GPRS data is useful for connecting to the Internet at low speed when there is no other reliable connection around. In nearly all cases, if you can make a cell phone call, you can get online. Be warned : GPRS data roaming is very expensive. 2.10.2 Configure the GPRS connection First select K Menu The connection type window (Figure 2-13) gives you the choice between Serial, USB, IRDA, and Bluetooth connections. Select Bluetooth. Figure 2-13. GPRS connection type window After you select Bluetooth, the script scans for any Bluetooth devices in range. It is entirely normal for this step to take 10 to 40 seconds. If the script quickly flashes by without a progress bar and it doesn't find your phone, the Bluetooth adapter didn't even attempt a scan. Make sure that you have a working hci0 device before you attempt to scan. You can test whether you can see your Bluetooth device by issuing the hciconfig -a command: knoppix@ttyp0[knoppix]$ hciconfig -a hci0: Type: USB BD Address: 00:0A:3A:52:3A:20 ACL MTU: 192:8 SCO MTU: 64:8 UP RUNNING PSCAN ISCAN RX bytes:376 acl:0 sco:0 events:16 errors:0 TX bytes:305 acl:0 sco:0 commands:15 errors:0 Features: 0xff 0xff 0x0f 0x00 0x00 0x00 0x00 0x00 Packet type: DM1 DM3 DM5 DH1 DH3 DH5 HV1 HV2 HV3 Link policy: HOLD SNIFF PARK Link mode: SLAVE ACCEPT Name: 'Knoppix-0' Class: 0x000100 Service Classes: Unspecified Device Class: Computer, Uncategorized HCI Ver: 1.1 (0x1) HCI Rev: 0x20d LMP Ver: 1.1 (0x1) LMP Subver: 0x20d Manufacturer: Cambridge Silicon Radio (10) In the event that the script doesn't find a device (and it did actually scan), it prompts you for the address of the hidden Bluetooth device. Use the hcitool program to manually scan for discoverable Bluetooth devices: knoppix@ttyp0[knoppix]$ sudo hcitool scan Scanning ... 00:0A:D9:7D:B8:93 Get Hacked :-) 00:60:57:4F:49:98 Fonbot After you find your device and its address, enter the address at the prompt. Assuming that the script finds your device, it will present you with a list of devices. Select your device (in my case, Fonbot) and click OK. Next, you are prompted for your Bluetooth PIN. Nearly all phones and Bluetooth devices default to a PIN of 1234, just like my luggage combination ”a very strong default password; it's clearly hard to guess. The next screen asks you if you would like to set /dev/modem to point to your newly configured device. Click "Yes." You are now given a list of cell phone providers to choose from (Figure 2-14). This is the tricky part. My Nokia 3650 has service with T-mobile in San Francisco, but if you choose the Knoppix default of T-Mobile, it does not work. This means I have to manually enter the correct init string for my provider, so I select Other. Figure 2-14. List of GPRS providers If you select Other, you are asked to enter the custom init string for GPRS. The init string for T-mobile in the USA is: AT+CGDCONT=1,"IP","internet3.voicestream.com" I suggest you call your service provider and ask for the correct custom init string. You may also find your answer by searching on the Internet. The next window that appears warns you that GPRS use can cause high costs due to high traffic volume. This phone has the unlimited T-Mobile data service, so I won't worry about this. Now that the Bluetooth connection between the phone and the computer is created, the Nokia brings up a prompt that asks for the passcode for knoppix-0 (the default name for the Bluetooth device in Knoppix). Enter the passcode (in my case, 1234) and press OK on the phone. You are then prompted on the computer for the outgoing Bluetooth PIN ”in my case, 1234. The phone now asks you to "Accept connection request from Knoppix-0?" On the phone, select "Yes," and Knoppix attempts to create a GPRS connection and launches a terminal that displays the connection attempt. In this log, you are able to watch each step of the connection and tell whether the connection succeeded or failed. Here is an example ppp0 configuration after a successful connection: knoppix@ttyp0[knoppix]$ sudo ifconfig ppp0 ppp0 Link encap:Point-to-Point Protocol inet addr:208.54.115.125 P-t-P:10.6.6.6 Mask:255.255.255.255 UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1 RX packets:65 errors:0 dropped:0 overruns:0 frame:0 TX packets:101 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:3 RX bytes:5282 (5.1 KiB) TX bytes:8230 (8.0 KiB) And here is the full output of pppd that you can see in the log window: Jun 10 06:46:35 Knoppix pppd[2153]: pppd 2.4.2 started by root, uid 0 Jun 10 06:47:53 Knoppix chat[2244]: timeout set to 120 seconds Jun 10 06:47:53 Knoppix chat[2244]: abort on (BUSY) Jun 10 06:47:53 Knoppix chat[2244]: abort on (ERROR) Jun 10 06:47:53 Knoppix chat[2244]: abort on (NO CARRIER) Jun 10 06:47:53 Knoppix chat[2244]: send (ATE1^M) Jun 10 06:47:54 Knoppix chat[2244]: expect (OK) Jun 10 06:47:54 Knoppix chat[2244]: ATE1^M^M Jun 10 06:47:54 Knoppix chat[2244]: OK Jun 10 06:47:54 Knoppix chat[2244]: -- got it Jun 10 06:47:54 Knoppix chat[2244]: send (AT+CGDCONT=1,"IP", "internet3.voicestream.com"^M) Jun 10 06:47:55 Knoppix chat[2244]: expect (OK) Jun 10 06:47:55 Knoppix chat[2244]: ^M Jun 10 06:47:55 Knoppix chat[2244]: AT+CGDCONT=1,"IP", "internet3 voicestream.com"^M^M Jun 10 06:47:55 Knoppix chat[2244]: OK Jun 10 06:47:55 Knoppix chat[2244]: -- got it Jun 10 06:47:55 Knoppix chat[2244]: send (ATD*99***1#^M) Jun 10 06:47:55 Knoppix chat[2244]: expect (CONNECT) Jun 10 06:47:55 Knoppix chat[2244]: ^M Jun 10 06:47:55 Knoppix chat[2244]: ATD*99***1#^M^M Jun 10 06:47:55 Knoppix chat[2244]: CONNECT Jun 10 06:47:55 Knoppix chat[2244]: -- got it Jun 10 06:47:55 Knoppix chat[2244]: send (\d) Jun 10 06:47:56 Knoppix pppd[2153]: Serial connection established. Jun 10 06:47:56 Knoppix pppd[2153]: Using interface ppp0 Jun 10 06:47:56 Knoppix pppd[2153]: Connect: ppp0 <--> /dev/modem Jun 10 06:47:57 Knoppix pppd[2153]: Warning - secret file /etc/ppp/pap-secrets has world and/or group access Jun 10 06:47:58 Knoppix pppd[2153]: Warning - secret file /etc/ppp/pap-secrets has world and/or group access Jun 10 06:47:58 Knoppix pppd[2153]: PAP authentication succeeded Jun 10 06:48:13 Knoppix pppd[2153]: local IP address 208.54.116.45 Jun 10 06:48:13 Knoppix pppd[2153]: remote IP address 10.6.6.6 Jun 10 06:48:13 Knoppix pppd[2153]: primary DNS address 66.94.25.120 Jun 10 06:48:13 Knoppix pppd[2153]: secondary DNS address 66.94.9.120 2.10.3 Connection ErrorsIf the connection is successful, but then you get disconnected, you may notice an error in the pppd log that looks something like this: Jun 10 06:49:58 Knoppix pppd[2153]: No response to 4 echo-requests Jun 10 06:49:58 Knoppix pppd[2153]: Serial link appears to be disconnected. Jun 10 06:49:59 Knoppix pppd[2153]: Connection terminated. Jun 10 06:49:59 Knoppix pppd[2153]: Connect time 2.1 minutes. Jun 10 06:49:59 Knoppix pppd[2153]: Sent 23896 bytes, received 93053 bytes. To fix this error, you have to edit your PPP options. In the file /etc/ppp/options are two options you need to change: lcp-echo-interval 30 lcp-echo-failure 4 The lcp-echo-interval variable controls how many seconds between each echo request, and the lcp-echo-failure variable controls how many failed echo requests to allow before giving up. Experiment with changing lcp-echo-interval and lcp-echo-failure to higher values so you will not be disconnected as quickly. If you come across no carrier errors, such as after a forced disconnect, you will probably see the following log output: Jun 10 06:53:19 Knoppix chat[2732]: timeout set to 120 seconds Jun 10 06:53:19 Knoppix chat[2732]: abort on (BUSY) Jun 10 06:53:19 Knoppix chat[2732]: abort on (ERROR) Jun 10 06:53:19 Knoppix chat[2732]: abort on (NO CARRIER) Jun 10 06:53:19 Knoppix chat[2732]: send (ATE1^M) Jun 10 06:53:19 Knoppix chat[2732]: expect (OK) Jun 10 06:53:19 Knoppix chat[2732]: ^M Jun 10 06:53:19 Knoppix chat[2732]: NO CARRIER Jun 10 06:53:19 Knoppix chat[2732]: -- failed Jun 10 06:53:19 Knoppix chat[2732]: Failed (NO CARRIER) Wait until pppd tries to auto- reconnect , and the second time around, it should work. If this still fails, turn off the phone and start again. Once you are connected, use the connection like any other Internet connection. On average, I can get between 1 and 3 Kbps, just enough for a shell connection or some web browsing. When you are finished, disconnect by pressing Ctrl-C in the GRPS connection terminal. ” Jake Appelbaum |
Knoppix | < Day Day Up > |
