{"id":364,"date":"2009-08-04T09:21:06","date_gmt":"2009-08-04T13:21:06","guid":{"rendered":"http:\/\/www.willhackforsushi.com\/?p=364"},"modified":"2009-08-04T09:21:06","modified_gmt":"2009-08-04T13:21:06","slug":"bluetooth-and-os-language-pack-correlation","status":"publish","type":"post","link":"https:\/\/www.willhackforsushi.com\/?p=364","title":{"rendered":"Bluetooth and OS Language Pack Correlation"},"content":{"rendered":"<p><a href=\"http:\/\/www.willhackforsushi.com\/wp-content\/uploads\/2009\/08\/sp-esperanto1.gif\"><img loading=\"lazy\" decoding=\"async\" src=\"http:\/\/www.willhackforsushi.com\/wp-content\/uploads\/2009\/08\/sp-esperanto1-300x231.gif\" alt=\"sp-esperanto1\" title=\"sp-esperanto1\" width=\"300\" height=\"231\" class=\"alignleft size-medium wp-image-374\" srcset=\"https:\/\/www.willhackforsushi.com\/wp-content\/uploads\/2009\/08\/sp-esperanto1-300x231.gif 300w, https:\/\/www.willhackforsushi.com\/wp-content\/uploads\/2009\/08\/sp-esperanto1-150x115.gif 150w, https:\/\/www.willhackforsushi.com\/wp-content\/uploads\/2009\/08\/sp-esperanto1.gif 390w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/><\/a>The Bluetooth Service Discovery Protocol (SDP) is used to publish and enumerate the services of a Bluetooth device.  Through SDP, your mobile phone knows that your Mac accepts file transfers or can extend your wired network over Bluetooth, for example.<\/p>\n<p>We can enumerate the SDP information for a given device with the Linux command &#8220;sdptool&#8221;:<\/p>\n<pre lang=\"c\">\r\n$ sdptool records 00:1D:25:EC:47:86\r\n\r\nService Name: FTP\r\nService RecHandle: 0x10002\r\nService Class ID List:\r\n  \"OBEX File Transfer\" (0x1106)\r\nProtocol Descriptor List:\r\n  \"L2CAP\" (0x0100)\r\n  \"RFCOMM\" (0x0003)\r\n    Channel: 2\r\n  \"OBEX\" (0x0008)\r\nLanguage Base Attr List:\r\n  code_ISO639: 0x656e\r\n  encoding:    0x6a\r\n  base_offset: 0x100\r\nProfile Descriptor List:\r\n  \"OBEX File Transfer\" (0x1106)\r\n    Version: 0x0100\r\n<\/pre>\n<p>This output shows us that the target is publishing the OBEX File Transfer service (the target is a Windows Mobile phone).  The developer who implemented this profile gave it the service name &#8220;FTP&#8221;, which is what you would see in a typical GUI interface to identify this service.<\/p>\n<p>Notice the data following the Language Base Attribute List, &#8220;code_ISO639&#8221;.  This field is referring to ISO specification 639:1988 (E\/F), used to denote a 2-letter code for the language used to denote human-readable fields associated with this service.  This language code will often correspond to the language pack on the host operating system.  In this example, the value 0x656e corresponds corresponds to the hexadecimal equivalent of the ASCII letters &#8220;en&#8221;, denoting the English language used on this system.<\/p>\n<p>I find this information very useful since it helps me in selecting the right exploit for the target, using my two favorite penetration testing tools, the <a href=\"http:\/\/www.metasploit.org\/framework\/\" target=\"_blank\">Metasploit Framework<\/a> and <a href=\"http:\/\/www.coresecurity.com\/\" target=\"_blank\">Core IMPACT<\/a>.<\/p>\n<p>I&#8217;ve <a href=\"http:\/\/www.willhackforsushi.com\/resources\/iso639.txt\">modified the ISO specification<\/a> to also include the hexadecimal values for the language code, making it easy to interpret the output from sdptool, available <a href=\"http:\/\/www.willhackforsushi.com\/?page_id=121\">Projects<\/a> section.<\/p>\n<p>If anyone finds the language code 0x656f, please <a href=\"http:\/\/www.willhackforsushi.com\/?page_id=87\">drop me a note<\/a>.<\/p>\n<p>-Josh<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The Bluetooth Service Discovery Protocol (SDP) is used to publish and enumerate the services of a Bluetooth device. Through SDP, your mobile phone knows that your Mac accepts file transfers or can extend your wired network over Bluetooth, for example. &hellip; <a href=\"https:\/\/www.willhackforsushi.com\/?p=364\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[5],"tags":[],"class_list":["post-364","post","type-post","status-publish","format-standard","hentry","category-bluetooth"],"_links":{"self":[{"href":"https:\/\/www.willhackforsushi.com\/index.php?rest_route=\/wp\/v2\/posts\/364","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.willhackforsushi.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.willhackforsushi.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.willhackforsushi.com\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.willhackforsushi.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=364"}],"version-history":[{"count":9,"href":"https:\/\/www.willhackforsushi.com\/index.php?rest_route=\/wp\/v2\/posts\/364\/revisions"}],"predecessor-version":[{"id":377,"href":"https:\/\/www.willhackforsushi.com\/index.php?rest_route=\/wp\/v2\/posts\/364\/revisions\/377"}],"wp:attachment":[{"href":"https:\/\/www.willhackforsushi.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=364"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.willhackforsushi.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=364"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.willhackforsushi.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=364"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}