--------------------------
(RFCOMM) Socket programming basics (II) 
--------------------------
...Bluetooth anyone?!




Hello, there!



I know, it's been a while since the last time I wrote something. Then again, look at the bright side,
all those cookies would have made you fluffier by now. A break from now and then is good.

As you can well recall, many moons ago I wrote a part one tutorial on socket programming basics. 
Cannot complain, tho' - the rest of tutorials were quite nice and full of information, 
having a different approach.

Today, I have prepared the second part. Not so fast with the "yey! server-client architecture! gonna 
multithread the bits out of it!". It's just a small, different, yet practical approach!
Being a self-learner is a kick in the gr0in - hard to adapt to others expectations. /yolo 
      
Anywayz,  prepare your environment for more networking &containers enlightment ... and bluetooth!
Don`t forget coffee and cookies! They are a must.


...and let's get down to business.


[---------------Prepare thy environment


Yes, "ahaha" image to be used again. (I think I mostly use this to force you reading my previous zines).
Also, it was a good thing  we did kernel modules before, because we will be needing some device access.

      
1) Create a new container, with the necessary privileges, which will be used for bluetooth:



null@tr0n:~$ sudo docker  run   --privileged --net=host --cap-add=ALL --name=huoo  \
-d  -v  /dev:/dev -v  /lib/modules:/lib/modules -v  /usr/src:/usr/src -ti ahaha 


2) After you start the container, there are updates and packages to install


root@tr0n:/home# ls
Dockerfile    webish    webish.c
root@tr0n:/home# 
root@tr0n:/home#  apt-get update && apt-get install -y strace bluez bluetooth usbutils

[*** time for a coffee break*** ]

      
(I know, you might get the impression you are still on the host, and not inside the container.
Gawd dayum,  this --net=host, man... 
Anywayz, if you do run a "docker" command,and it won't work,  you are inside the container.)

Now, lets' start the services, and see if any errors (... and how to fix them! Aww, yiss!)

First thing, check if /var/run/dbus folder with below files have been created:


root@tr0n:/home# ls /var/run/dbus/
pid                system_bus_socket 


Chances are they did not, and you would get stuck with this horrible error when starting the daemon:


root@tr0n:/home# bluetoothd -n
bluetoothd[2777]: Bluetooth daemon 4.101
D-Bus setup failed: Failed to connect to socket /var/run/dbus/system_bus_socket: No such file or directory
bluetoothd[2777]: Unable to get on D-Bus


...so just create the dbus folder, and configure it manually:


root@tr0n:/home# mkdir -p /var/run/dbus
root@tr0n:/home# dbus-uuidgen --ensure
root@tr0n:/home# dbus-daemon --system --fork
root@tr0n:/home# ls /var/run/dbus
pid  system_bus_socket


Success!

Now, start the daemon:


root@tr0n:/home# bluetoothd -n



Next, start dbus service:

root@tr0n:/home# service dbus start

Now, you might get errors even here... *roll_eyes*.

So, if you like it better put a strace on it ... and investigate:


root@tr0n:/home# strace service dbus start
execve("/usr/sbin/service", ["service", "dbus", "start"], [/* 10 vars */]) = 0
brk(0)                                  = 0x55cbed4d8000
access("/etc/ld.so.nohwcap", F_OK)      = -1 ENOENT (No such file or directory)
mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f740b8e4000
[...snip...]
open("/etc/init.d/dbus", O_RDONLY)      = 3
fcntl(3, F_DUPFD, 10)                   = 10
close(3)                                = 0
[...snip....]
stat("/usr/bin/dbus-daemon", 0x7ffe64369d10) = -1 ENOENT (No such file or directory)
[....snip....]


AHA! Apparently, there is no such thing as dbus-daemon file. Let's see if that's true:

*uses 1337-ist find command*   

root@tr0n:/home# find / -name dbus-uuidgen
root@tr0n:/home#/bin/dbus-uuidgen
^C


So, the path was all wrong - fix this by modifying /etc/init.d/dbus with the proper path.

(I have found same issue for another file, but you have to strace and find it.)

Good, if all issues are fixed, start the dbus service once again:

root@tr0n:/home# service dbus start
root@tr0n:/home# service dbus status
 * dbus is running


Let's do some checking:


root@tr0n:/home# hcitool dev
Devices:
	hci0	00:XX:XX:XX:CC:11
    
root@tr0n:/home# hciconfig hci0 up    
hci0:	Type: BR/EDR  Bus: USB
	BD Address: 00:XX:XX:XX:CC:11 ACL MTU: 1021:8  SCO MTU: 64:1
	UP RUNNING PSCAN 
	RX bytes:1611 acl:0 sco:0 events:82 errors:0
	TX bytes:2067 acl:0 sco:0 commands:82 errors:0



So far, so good...

Let's see if we can scan for something...

root@tr0n:/home# hcitool scan
Scanning ...
root@tr0n:/home# 

      
What?! 
      

root@tr0n:/home# hcitool lescan
Set scan parameters failed: Input/output error


What?! waht?? ..WAT?!?!

Ahkay, it looks like my bluez is broken. (Some dudez were able to fix their issues with a simple
bluetooth services restart, but this was not the happy scenario)

Well, time to use a newer bluez version...install xz-utils, make, wget, a newer version of bluez, 
and *takes a deep breath* a few more libraries!



root@tr0n:/home# apt-get install -y libglib2.0-dev libical-dev libreadline-dev libudev-dev \
libdbus-1-dev libdbus-glib-1-dev
root@tr0n:/home# apt-get install make
root@tr0n:/home# apt-get install wget
root@tr0n:/home# apt install xz-utils
root@tr0n:/home# apt-get install libudev-dev libical-dev libreadline6-dev libdbus-1-dev libglib2.0-dev
root@tr0n:/home# apt-get install wget https://www.kernel.org/pub/linux/bluetooth/bluez-5.41.tar.xz

[*** just in time for another coffee break ***]


Good! Configure your bluez!


root@tr0n:/home# tar xf bluez-5.41.tar.xz 
root@tr0n:/home# cd bluez-5.41
root@tr0n:/home/bluez-5.41#./configure
root@tr0n:/home/bluez-5.41# make && make install

[ *** coffee break again *** ]


Check new version:


root@tr0n:/home#hcitool | grep ver
hcitool - HCI Tool ver 5.41


Now, restart bluetooth service, and let's try the scanning again:
 ..from obvious paranoia issues, 
I do tend to chance IPs, mac address and so... same here!

root@tr0n:/home# hcitool scan       
Scanning ...
      XX:XX:XX:XX:36:XX	  [TV] Samsung
      XX:12:XX:XX:26:XX   Blueberry (Old) Phone


	    
Now we're talking!
	    
	
[---------------Le Wild Testing
	    

Obviously, we're gonna do some testing with the phone, because that's my neighbors TV ... xD

Right! So, a few more packages to install:


root@tr0n:/home# apt install bluez-hcidump
root@tr0n:/home# apt-get install  libbluetooth-dev


Yey! Time to make a client, and see if this container can bother my phone:

Before diving into the small rfcomm sockets client code (that I copied-pasted, and simply modified 
the hardcoded part like a total j3rk that I am), I must give the credits to this awesome tutorial: 
https://people.csail.mit.edu/albert/bluez-intro/index.html

... and obviously, you will have to read it, 'cause how can you party when you have not
figured out what that code does, huh-huh?! (in my defence, I do need moar people to find my blog, 
therefore writing stuff that everyone googles about might help me with some popularity. 
Do ya feel me nao?!)


#include<stdio.h>
#include<unistd.h>
#include<sys/socket.h>
#include<bluetooth/bluetooth.h>
#include<bluetooth/rfcomm.h>

int main(int argc, char **argv)
{
    struct sockaddr_rc addr = { 0 };
    int s, status;
    char dest[18] = "XX:12:XX:XX:26:XX";

    s = socket(AF_BLUETOOTH, SOCK_STREAM, BTPROTO_RFCOMM);

    addr.rc_family = AF_BLUETOOTH;
    addr.rc_channel = (uint8_t) 1;
    str2ba( dest, &addr.rc_bdaddr );

    status = connect(s, (struct sockaddr *)&addr, sizeof(addr));

    if( status == 0 ) {
        status = write(s, "huehue", 6);
    }

    if( status < 0 ) perror("uh oh");

    close(s);
    return 0;
}




Compile it:


 root@nullQ:/home#gcc client.c -lbluetooth -o client

 
And run it... wait for it...! there's a trick!  Before running it, I suggest you apply strace:


root@tr0n:/home# strace ./client


... and you will see why. 
  
Once I run the program, my phone will let me know that some punk wants to connect...
	




	    
So, this is why I am using strace, if I choose Yes, strace will let me know what is going on:

	    
	    


	  
	  
... and if I say "nah, man... I ain't got time for this!", well...strace is such a nice good guy:


	
 

	  
	  
	
Neat, aye?!
	

For those who want more, you could also check with tcpdump (run it from the host).

If you run "tcpdump -D", you will notice a bluetooth option:


tcpdump -D
1.docker0 [Up, Running]
[....snip....]
11.bluetooth0 (Bluetooth adapter number 0)
[...snip....]


	
Just go for "tcpdump -vv -i bluetooth0", and see what you can find.

Further stuff, you can go ahead and try l2ping (that's like ping, but for bluetooth!), 
hcidump-raw command (especially when you need to debug issues), and take a look at the  "lsmod| grep blue". 



Well, that's a wrap for today! I hope you enjoyed this, since it was a very light zine.

In case you are wondering if more blue stuff coming on your way, well.. since we do have a working environment...
let me think about it!
  
  
Don`t forget to strace everything. See you soon!
  

=========================
  
https://people.csail.mit.edu/albert/bluez-intro/index.html
  
https://docs.ubuntu.com/core/en/stacks/bluetooth/bluez/docs/reference/available-commands 
	  
-------EOF---------