Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Bluetooth monitor ver 5.72
- = Note: Linux version 6.1.80 (aarch64) 0.479051
- = Note: Bluetooth subsystem version 2.22 0.479058
- = New Index: 00:C0:CA:B3:C5:3C (Primary,USB,hci0) [hci0] 0.479063
- = Open Index: 00:C0:CA:B3:C5:3C [hci0] 0.479064
- = Index Info: 00:C0:CA:B3:C5:3C (MediaTek, Inc.) [hci0] 0.479067
- @ MGMT Open: bluetoothd (privileged) version 1.22 {0x0001} 0.479069
- @ MGMT Open: bluetoothctl (privileged) version 1.22 {0x0002} 0.479071
- > HCI Event: Connect Request (0x04) plen 10 #1 [hci0] 32.396800
- Address: 4C:02:20:92:13:5C (OUI 4C-02-20)
- Class: 0x5a020c
- Major class: Phone (cellular, cordless, payphone, modem)
- Minor class: Smart phone
- Networking (LAN, Ad hoc)
- Capturing (Scanner, Microphone)
- Object Transfer (v-Inbox, v-Folder)
- Telephony (Cordless telephony, Modem, Headset)
- Link type: ACL (0x01)
- < HCI Command: Accept Connection Request (0x01|0x0009) plen 7 #2 [hci0] 32.396866
- Address: 4C:02:20:92:13:5C (OUI 4C-02-20)
- Role: Central (0x00)
- > HCI Event: Command Status (0x0f) plen 4 #3 [hci0] 32.397531
- Accept Connection Request (0x01|0x0009) ncmd 1
- Status: Success (0x00)
- > HCI Event: Role Change (0x12) plen 8 #4 [hci0] 32.477159
- Status: Success (0x00)
- Address: 4C:02:20:92:13:5C (OUI 4C-02-20)
- Role: Central (0x00)
- > HCI Event: Connect Complete (0x03) plen 11 #5 [hci0] 32.480907
- Status: Success (0x00)
- Handle: 51
- Address: 4C:02:20:92:13:5C (OUI 4C-02-20)
- Link type: ACL (0x01)
- Encryption: Disabled (0x00)
- < HCI Command: Read Remote Supported Features (0x01|0x001b) plen 2 #6 [hci0] 32.481044
- Handle: 51 Address: 4C:02:20:92:13:5C (OUI 4C-02-20)
- @ RAW Open: btmon (privileged) version 2.22 {0x0003} 32.481116
- @ RAW Close: btmon {0x0003} 32.481129
- > HCI Event: Command Status (0x0f) plen 4 #7 [hci0] 32.481547
- Read Remote Supported Features (0x01|0x001b) ncmd 1
- Status: Success (0x00)
- > HCI Event: Max Slots Change (0x1b) plen 3 #8 [hci0] 32.485781
- Handle: 51 Address: 4C:02:20:92:13:5C (OUI 4C-02-20)
- Max slots: 5
- > HCI Event: Read Remote Supported Features (0x0b) plen 11 #9 [hci0] 32.500906
- Status: Success (0x00)
- Handle: 51 Address: 4C:02:20:92:13:5C (OUI 4C-02-20)
- Features: 0xff 0xfe 0x8f 0xfe 0xd8 0x3f 0x5b 0x87
- 3 slot packets
- 5 slot packets
- Encryption
- Slot offset
- Timing accuracy
- Role switch
- Hold mode
- Sniff mode
- Power control requests
- Channel quality driven data rate (CQDDR)
- SCO link
- HV2 packets
- HV3 packets
- u-law log synchronous data
- A-law log synchronous data
- CVSD synchronous data
- Paging parameter negotiation
- Power control
- Transparent synchronous data
- Broadcast Encryption
- Enhanced Data Rate ACL 2 Mbps mode
- Enhanced Data Rate ACL 3 Mbps mode
- Enhanced inquiry scan
- Interlaced inquiry scan
- Interlaced page scan
- RSSI with inquiry results
- Extended SCO link (EV3 packets)
- AFH capable peripheral
- AFH classification peripheral
- LE Supported (Controller)
- 3-slot Enhanced Data Rate ACL packets
- 5-slot Enhanced Data Rate ACL packets
- Sniff subrating
- Pause encryption
- AFH capable central
- AFH classification central
- Enhanced Data Rate eSCO 2 Mbps mode
- Extended Inquiry Response
- Simultaneous LE and BR/EDR (Controller)
- Secure Simple Pairing
- Encapsulated PDU
- Non-flushable Packet Boundary Flag
- Link Supervision Timeout Changed Event
- Inquiry TX Power Level
- Enhanced Power Control
- Extended features
- < HCI Command: Read Remote Extended Features (0x01|0x001c) plen 3 #10 [hci0] 32.500945
- Handle: 51 Address: 4C:02:20:92:13:5C (OUI 4C-02-20)
- Page: 1
- > HCI Event: Command Status (0x0f) plen 4 #11 [hci0] 32.501283
- Read Remote Extended Features (0x01|0x001c) ncmd 1
- Status: Success (0x00)
- > HCI Event: IO Capability Response (0x32) plen 9 #12 [hci0] 32.503408
- Address: 4C:02:20:92:13:5C (OUI 4C-02-20)
- IO capability: DisplayYesNo (0x01)
- OOB data: Authentication data not present (0x00)
- Authentication: Dedicated Bonding - MITM required (0x03)
- > HCI Event: IO Capability Request (0x31) plen 6 #13 [hci0] 32.503530
- Address: 4C:02:20:92:13:5C (OUI 4C-02-20)
- > HCI Event: Connection Packet Type Changed (0x1d) plen 5 #14 [hci0] 32.504532
- Status: Success (0x00)
- Handle: 51 Address: 4C:02:20:92:13:5C (OUI 4C-02-20)
- Packet type: 0xcc18
- DM1 may be used
- DH1 may be used
- DM3 may be used
- DH3 may be used
- DM5 may be used
- DH5 may be used
- > HCI Event: Read Remote Extended Features (0x23) plen 13 #15 [hci0] 32.505907
- Status: Success (0x00)
- Handle: 51 Address: 4C:02:20:92:13:5C (OUI 4C-02-20)
- Page: 1/2
- Features: 0x0b 0x00 0x00 0x00 0x00 0x00 0x00 0x00
- Secure Simple Pairing (Host Support)
- LE Supported (Host)
- Secure Connections (Host Support)
- < HCI Command: Remote Name Request (0x01|0x0019) plen 10 #16 [hci0] 32.505946
- Address: 4C:02:20:92:13:5C (OUI 4C-02-20)
- Page scan repetition mode: R2 (0x02)
- Page scan mode: Mandatory (0x00)
- Clock offset: 0x0000
- < ACL Data TX: Handle 51 flags 0x00 dlen 10 #17 [hci0] 32.505963
- L2CAP: Information Request (0x0a) ident 1 len 2
- Type: Extended features supported (0x0002)
- > HCI Event: Command Status (0x0f) plen 4 #18 [hci0] 32.506406
- Remote Name Request (0x01|0x0019) ncmd 1
- Status: Success (0x00)
- > ACL Data RX: Handle 51 flags 0x02 dlen 10 #19 [hci0] 32.508261
- L2CAP: Information Request (0x0a) ident 2 len 2
- Type: Extended features supported (0x0002)
- < ACL Data TX: Handle 51 flags 0x00 dlen 16 #20 [hci0] 32.508281
- L2CAP: Information Response (0x0b) ident 2 len 8
- Type: Extended features supported (0x0002)
- Result: Success (0x0000)
- Features: 0x000002b8
- Enhanced Retransmission Mode
- Streaming Mode
- FCS Option
- Fixed Channels
- Unicast Connectionless Data Reception
- > HCI Event: Remote Name Req Complete (0x07) plen 255 #21 [hci0] 32.517779
- Status: Success (0x00)
- Address: 4C:02:20:92:13:5C (OUI 4C-02-20)
- Name: aptx.sniff.trojan.root.exploit
- @ MGMT Event: Device Connected (0x000b) plen 50 {0x0001} [hci0] 32.517796
- BR/EDR Address: 4C:02:20:92:13:5C (OUI 4C-02-20)
- Flags: 0x00000000
- Data length: 37
- Name (complete): aptx.sniff.trojan.root.exploit
- Class: 0x5a020c
- Major class: Phone (cellular, cordless, payphone, modem)
- Minor class: Smart phone
- Networking (LAN, Ad hoc)
- Capturing (Scanner, Microphone)
- Object Transfer (v-Inbox, v-Folder)
- Telephony (Cordless telephony, Modem, Headset)
- @ MGMT Event: Device Connected (0x000b) plen 50 {0x0002} [hci0] 32.517796
- BR/EDR Address: 4C:02:20:92:13:5C (OUI 4C-02-20)
- Flags: 0x00000000
- Data length: 37
- Name (complete): aptx.sniff.trojan.root.exploit
- Class: 0x5a020c
- Major class: Phone (cellular, cordless, payphone, modem)
- Minor class: Smart phone
- Networking (LAN, Ad hoc)
- Capturing (Scanner, Microphone)
- Object Transfer (v-Inbox, v-Folder)
- Telephony (Cordless telephony, Modem, Headset)
- > ACL Data RX: Handle 3837 flags 0x02 dlen 16 #22 [hci0] 43.543744
- Channel: 512 len 12 [PSM 0 mode Basic (0x00)] {chan 65535}
- 33 00 e2 d4 1f 00 00 00 66 37 00 00 3.......f7..
- > HCI Event: Disconnect Complete (0x05) plen 4 #23 [hci0] 43.751513
- Status: Success (0x00)
- Handle: 51 Address: 4C:02:20:92:13:5C (OUI 4C-02-20)
- Reason: Remote User Terminated Connection (0x13)
- @ MGMT Event: Device Disconnected (0x000c) plen 8 {0x0001} [hci0] 43.751546
- BR/EDR Address: 4C:02:20:92:13:5C (OUI 4C-02-20)
- Reason: Connection terminated by remote host (0x03)
- @ MGMT Event: Device Disconnected (0x000c) plen 8 {0x0002} [hci0] 43.751546
- BR/EDR Address: 4C:02:20:92:13:5C (OUI 4C-02-20)
- Reason: Connection terminated by remote host (0x03)
- > HCI Event: Connect Request (0x04) plen 10 #24 [hci0] 48.560759
- Address: 4C:02:20:92:13:5C (OUI 4C-02-20)
- Class: 0x5a020c
- Major class: Phone (cellular, cordless, payphone, modem)
- Minor class: Smart phone
- Networking (LAN, Ad hoc)
- Capturing (Scanner, Microphone)
- Object Transfer (v-Inbox, v-Folder)
- Telephony (Cordless telephony, Modem, Headset)
- Link type: ACL (0x01)
- < HCI Command: Accept Connection Request (0x01|0x0009) plen 7 #25 [hci0] 48.560830
- Address: 4C:02:20:92:13:5C (OUI 4C-02-20)
- Role: Central (0x00)
- > HCI Event: Command Status (0x0f) plen 4 #26 [hci0] 48.561489
- Accept Connection Request (0x01|0x0009) ncmd 1
- Status: Success (0x00)
- > HCI Event: Role Change (0x12) plen 8 #27 [hci0] 48.641366
- Status: Success (0x00)
- Address: 4C:02:20:92:13:5C (OUI 4C-02-20)
- Role: Central (0x00)
- > HCI Event: Connect Complete (0x03) plen 11 #28 [hci0] 48.645114
- Status: Success (0x00)
- Handle: 50
- Address: 4C:02:20:92:13:5C (OUI 4C-02-20)
- Link type: ACL (0x01)
- Encryption: Disabled (0x00)
- < HCI Command: Read Remote Supported Features (0x01|0x001b) plen 2 #29 [hci0] 48.645247
- Handle: 50 Address: 4C:02:20:92:13:5C (OUI 4C-02-20)
- @ RAW Open: btmon (privileged) version 2.22 {0x0003} 48.645325
- @ RAW Close: btmon {0x0003} 48.645339
- > HCI Event: Command Status (0x0f) plen 4 #30 [hci0] 48.645746
- Read Remote Supported Features (0x01|0x001b) ncmd 1
- Status: Success (0x00)
- > HCI Event: Max Slots Change (0x1b) plen 3 #31 [hci0] 48.658741
- Handle: 50 Address: 4C:02:20:92:13:5C (OUI 4C-02-20)
- Max slots: 5
- > HCI Event: Read Remote Supported Features (0x0b) plen 11 #32 [hci0] 48.754991
- Status: Success (0x00)
- Handle: 50 Address: 4C:02:20:92:13:5C (OUI 4C-02-20)
- Features: 0xff 0xfe 0x8f 0xfe 0xd8 0x3f 0x5b 0x87
- 3 slot packets
- 5 slot packets
- Encryption
- Slot offset
- Timing accuracy
- Role switch
- Hold mode
- Sniff mode
- Power control requests
- Channel quality driven data rate (CQDDR)
- SCO link
- HV2 packets
- HV3 packets
- u-law log synchronous data
- A-law log synchronous data
- CVSD synchronous data
- Paging parameter negotiation
- Power control
- Transparent synchronous data
- Broadcast Encryption
- Enhanced Data Rate ACL 2 Mbps mode
- Enhanced Data Rate ACL 3 Mbps mode
- Enhanced inquiry scan
- Interlaced inquiry scan
- Interlaced page scan
- RSSI with inquiry results
- Extended SCO link (EV3 packets)
- AFH capable peripheral
- AFH classification peripheral
- LE Supported (Controller)
- 3-slot Enhanced Data Rate ACL packets
- 5-slot Enhanced Data Rate ACL packets
- Sniff subrating
- Pause encryption
- AFH capable central
- AFH classification central
- Enhanced Data Rate eSCO 2 Mbps mode
- Extended Inquiry Response
- Simultaneous LE and BR/EDR (Controller)
- Secure Simple Pairing
- Encapsulated PDU
- Non-flushable Packet Boundary Flag
- Link Supervision Timeout Changed Event
- Inquiry TX Power Level
- Enhanced Power Control
- Extended features
- < HCI Command: Read Remote Extended Features (0x01|0x001c) plen 3 #33 [hci0] 48.755019
- Handle: 50 Address: 4C:02:20:92:13:5C (OUI 4C-02-20)
- Page: 1
- > HCI Event: Command Status (0x0f) plen 4 #34 [hci0] 48.755362
- Read Remote Extended Features (0x01|0x001c) ncmd 1
- Status: Success (0x00)
- > HCI Event: IO Capability Response (0x32) plen 9 #35 [hci0] 48.756239
- Address: 4C:02:20:92:13:5C (OUI 4C-02-20)
- IO capability: DisplayYesNo (0x01)
- OOB data: Authentication data not present (0x00)
- Authentication: Dedicated Bonding - MITM required (0x03)
- > HCI Event: IO Capability Request (0x31) plen 6 #36 [hci0] 48.756363
- Address: 4C:02:20:92:13:5C (OUI 4C-02-20)
- > HCI Event: Connection Packet Type Changed (0x1d) plen 5 #37 [hci0] 48.758738
- Status: Success (0x00)
- Handle: 50 Address: 4C:02:20:92:13:5C (OUI 4C-02-20)
- Packet type: 0xcc18
- DM1 may be used
- DH1 may be used
- DM3 may be used
- DH3 may be used
- DM5 may be used
- DH5 may be used
- > HCI Event: Read Remote Extended Features (0x23) plen 13 #38 [hci0] 48.795114
- Status: Success (0x00)
- Handle: 50 Address: 4C:02:20:92:13:5C (OUI 4C-02-20)
- Page: 1/2
- Features: 0x0b 0x00 0x00 0x00 0x00 0x00 0x00 0x00
- Secure Simple Pairing (Host Support)
- LE Supported (Host)
- Secure Connections (Host Support)
- < HCI Command: Remote Name Request (0x01|0x0019) plen 10 #39 [hci0] 48.795154
- Address: 4C:02:20:92:13:5C (OUI 4C-02-20)
- Page scan repetition mode: R2 (0x02)
- Page scan mode: Mandatory (0x00)
- Clock offset: 0x0000
- < ACL Data TX: Handle 50 flags 0x00 dlen 10 #40 [hci0] 48.795168
- L2CAP: Information Request (0x0a) ident 1 len 2
- Type: Extended features supported (0x0002)
- > HCI Event: Command Status (0x0f) plen 4 #41 [hci0] 48.795612
- Remote Name Request (0x01|0x0019) ncmd 1
- Status: Success (0x00)
- > ACL Data RX: Handle 50 flags 0x02 dlen 10 #42 [hci0] 48.797436
- L2CAP: Information Request (0x0a) ident 2 len 2
- Type: Extended features supported (0x0002)
- < ACL Data TX: Handle 50 flags 0x00 dlen 16 #43 [hci0] 48.797460
- L2CAP: Information Response (0x0b) ident 2 len 8
- Type: Extended features supported (0x0002)
- Result: Success (0x0000)
- Features: 0x000002b8
- Enhanced Retransmission Mode
- Streaming Mode
- FCS Option
- Fixed Channels
- Unicast Connectionless Data Reception
- > HCI Event: Remote Name Req Complete (0x07) plen 255 #44 [hci0] 48.840736
- Status: Success (0x00)
- Address: 4C:02:20:92:13:5C (OUI 4C-02-20)
- Name: aptx.sniff.trojan.root.exploit
- @ MGMT Event: Device Connected (0x000b) plen 50 {0x0001} [hci0] 48.840756
- BR/EDR Address: 4C:02:20:92:13:5C (OUI 4C-02-20)
- Flags: 0x00000000
- Data length: 37
- Name (complete): aptx.sniff.trojan.root.exploit
- Class: 0x5a020c
- Major class: Phone (cellular, cordless, payphone, modem)
- Minor class: Smart phone
- Networking (LAN, Ad hoc)
- Capturing (Scanner, Microphone)
- Object Transfer (v-Inbox, v-Folder)
- Telephony (Cordless telephony, Modem, Headset)
- @ MGMT Event: Device Connected (0x000b) plen 50 {0x0002} [hci0] 48.840756
- BR/EDR Address: 4C:02:20:92:13:5C (OUI 4C-02-20)
- Flags: 0x00000000
- Data length: 37
- Name (complete): aptx.sniff.trojan.root.exploit
- Class: 0x5a020c
- Major class: Phone (cellular, cordless, payphone, modem)
- Minor class: Smart phone
- Networking (LAN, Ad hoc)
- Capturing (Scanner, Microphone)
- Object Transfer (v-Inbox, v-Folder)
- Telephony (Cordless telephony, Modem, Headset)
- > ACL Data RX: Handle 3837 flags 0x02 dlen 16 #45 [hci0] 59.808396
- Channel: 256 len 12 [PSM 0 mode Basic (0x00)] {chan 65535}
- 32 00 30 a0 20 00 00 00 66 37 00 00 2.0. ...f7..
- > HCI Event: Disconnect Complete (0x05) plen 4 #46 [hci0] 60.014342
- Status: Success (0x00)
- Handle: 50 Address: 4C:02:20:92:13:5C (OUI 4C-02-20)
- Reason: Remote User Terminated Connection (0x13)
- @ MGMT Event: Device Disconnected (0x000c) plen 8 {0x0001} [hci0] 60.014376
- BR/EDR Address: 4C:02:20:92:13:5C (OUI 4C-02-20)
- Reason: Connection terminated by remote host (0x03)
- @ MGMT Event: Device Disconnected (0x000c) plen 8 {0x0002} [hci0] 60.014376
- BR/EDR Address: 4C:02:20:92:13:5C (OUI 4C-02-20)
- Reason: Connection terminated by remote host (0x03)
Add Comment
Please, Sign In to add comment