|
1 | 1 | ## Overview |
2 | 2 |
|
3 | 3 | This module connects to any Hardware device that supports the HWBridge API. For details |
4 | | -on the HWBridge API see [API Reference]. On successful connection to a HW Bridge a |
5 | | -hwbridge session will be established. |
| 4 | +on the HWBridge API see [API Reference](http://api.hwbridge.reference.rapid7.com). On successful connection to a HWBridge a |
| 5 | +HWBridge session will be established. |
| 6 | + |
| 7 | +## Devices |
| 8 | + |
| 9 | +Any ELM327 or STN1100 interface will work with the HWBridge. However, the below list of devices was utilized for this testing, and are known goods. |
| 10 | +This should **not** be taken as an endorcement for a specific brand/vendor/seller in any way shape or form. |
| 11 | + |
| 12 | +### USB |
| 13 | + |
| 14 | +### Bluetooth (less stable) |
| 15 | + |
| 16 | +1. BAFX Products 34t5: [amazon](https://www.amazon.com/gp/product/B005NLQAHS) [BAFX Site](https://bafxpro.com/products/obdreader) |
| 17 | + ``` |
| 18 | + Part Number: 1008 |
| 19 | + Controller: ELM327 |
| 20 | + Firmware Revision: 1.5 |
| 21 | + Band rate: 38400 |
| 22 | + ``` |
| 23 | + |
| 24 | +## Bluetooth Adapter Connection |
| 25 | + |
| 26 | +Bluetooth HWBridge adapters, depending on the Operating System, may take several additional steps to establish a connection and communications bus. |
| 27 | +The following steps were [recorded during the testing of this module](https://github.com/rapid7/metasploit-framework/pull/7795#issuecomment-274302326) |
| 28 | +on setting up the BAFX 34t5 with Kali Linux 2016.2 (rolling). |
| 29 | + |
| 30 | +1. Ensure no locks on the Bluetooth device via: `rfkill list` (and subsequent `unblock` commands) |
| 31 | +2. Make sure Bluetooth service is started: `/etc/init.d/bluetooth start`, or `bluetoothd` |
| 32 | +3. Start bluetoothctl: `bluetoothctl` |
| 33 | +4. Turn on scanning: `scan on` |
| 34 | +5. Turn on agent: `agent on` |
| 35 | +6. Make sure we can see OBDII: `devices` |
| 36 | +7. Attempt to pair: `[bluetooth]# pair 00:0D:18:AA:AA:AA` |
| 37 | + ``` |
| 38 | + Attempting to pair with 00:0D:18:AA:AA:AA |
| 39 | + [CHG] Device 00:0D:18:AA:AA:AA Connected: yes |
| 40 | + ``` |
| 41 | +9. If prompted for pin: `1234` |
| 42 | +10. Trust the device in order to not put in the pin again: `trust 00:0D:18:AA:AA:AA` |
| 43 | +11. Use rfcomm to make the connection and serial interface in a different window (not bluetoothctl): `rfcomm connect /dev/rfcomm1 "00:0D:18:AA:AA:AA"` |
6 | 44 |
|
7 | 45 | ## Options |
8 | 46 |
|
9 | 47 | **TARGETURI** |
10 | 48 |
|
11 | | - Specifies the base target URI to communicate to the HW Bridge API. By default this is '/' but it |
| 49 | + Specifies the base target URI to communicate to the HWBridge API. By default this is '/' but it |
12 | 50 | could be things such as '/api' or the randomly generated URI from the local_hwbridge module |
13 | 51 |
|
14 | 52 | **DEBUGJSON** |
@@ -40,7 +78,7 @@ msf auxiliary(connect) > run |
40 | 78 | ``` |
41 | 79 |
|
42 | 80 | On successful connection to a Hardware device you will be prompted with a special notice to |
43 | | -remind you that any action you take on the hwbridge could have physical affects and consequences. |
| 81 | +remind you that any action you take on the HWBridge could have physical affects and consequences. |
44 | 82 | Our lawyers asked us to put that there. You can verify the session was created by type 'sessions' |
45 | 83 |
|
46 | 84 | ``` |
@@ -88,5 +126,4 @@ and their argument syntax. These methods will become available as command line |
88 | 126 | within the hardware bridge. |
89 | 127 |
|
90 | 128 | For a simple example of a custom method see auxiliary/server/local_hwbridge for a more complete |
91 | | -list on how to define custom methods see the [API Reference] |
92 | | - |
| 129 | +list on how to define custom methods see the [API Reference](http://api.hwbridge.reference.rapid7.com) |
0 commit comments