bluesync


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152

#!/usr/bin/sh

# Function to display usage instructions
usage() {
    echo "Usage: sudo $0 -d <windows_disk> -m <target_mac>"
    echo ""
    echo "Description:"
    echo "  This script extracts the Bluetooth pairing key (Link Key) for a specific"
    echo "  Bluetooth device from a mounted Windows SYSTEM registry hive and injects it"
    echo "  into the corresponding Linux Bluetooth device info file."
    echo ""
    echo "Options:"
    echo "  -d <windows_disk>    Specify the disk partition containing the Windows OS (e.g., sda3)"
    echo "  -m <target_mac>      Target Bluetooth device MAC address (e.g., 80:99:E7:08:0C:92)"
    echo "  -h                   Show this help message and exit"
    echo ""
    echo "Example:"
    echo "  sudo $0 -d sda3 -m 80:99:E7:08:0C:92"
    echo ""
    echo "Note:"
    echo "  - This script must be run as root (sudo)"
    echo "  - After completion, restart Bluetooth service using:"
    echo "      systemctl restart bluetooth"
}

# Automatically called when script exits, to clean up any mounts or dirs
trap cleanup EXIT

# Cleanup function: unmounts Windows disk and removes mount directory
cleanup() {
    umount /mnt/windows 2>/dev/null
    rmdir /mnt/windows 2>/dev/null
}

# Normalize MAC address: removes colons and converts to lowercase
normalize_mac() {
    local input="$1"
    echo "$input" | tr -d ':' | tr 'A-F' 'a-f'
}

# Extracts the raw hex key bytes from chntpw hex dump
extract_hex_bytes() {
    local input="$1"
    echo "$input" | grep '^:00000' | cut -c9-56 | tr -d ' '
}

# Updates the Key field in the Bluetooth device's info file
change_linkkey() {
    local file="$1"
    local new_key="$2"
    sed -i "/^\[LinkKey\]/,/^\[/{s/^Key=.*/Key=$new_key/}" "$file"
}

# Parse command-line arguments
while getopts "hd:m:" opt; do 
    case $opt in
        h) usage; exit 0 ;;
        d) DISK="$OPTARG" ;;
        m) TARGETDEVICE="$OPTARG" ;;
    esac
done

# Check for root privileges
if (( $EUID!=0 )); then
    echo "Need root privileges."
    exit 1
fi
echo -e "running in root privileges...\n"

# Ensure both disk and MAC are provided
if [ -z "$DISK" ] || [ -z "$TARGETDEVICE" ]; then
    echo "missing -d <arg> and -m <arg>"
    usage
    exit 1
fi

# Create mount point for Windows partition
mkdir -p /mnt/windows
echo -e "made mount point at /mnt/windows\n"

# Mount the Windows disk using ntfs-3g driver
mount -t ntfs-3g /dev/$DISK /mnt/windows

# Validate if mount was successful
if ! mountpoint -q /mnt/windows; then
    echo "Failed to mount /dev/$DISK. Check if it's the correct partition and accessible."
    exit 1
fi

# Copy the SYSTEM hive from Windows partition
cp /mnt/windows/Windows/System32/config/SYSTEM ~/SYSTEM.copy

# Validate SYSTEM file copy
if [ ! -f ~/SYSTEM.copy ]; then
    echo "Failed to copy SYSTEM registry file."
    exit 1
fi
echo -e "\n/mnt/windows/Windows/System32/config/SYSTEM registry copy created at ~/SYSTEM.copy\n"

# Use chntpw to extract the CurrentControlSet value
outputCS=$(echo -e "cd Select\nls\nq" | chntpw -e ~/SYSTEM.copy)
controlset_num=$(echo "$outputCS" | grep '<Current>' | awk '{print $(NF-1)}')

# Validate ControlSet detection
if [ -z "$controlset_num" ]; then
    echo "Could not determine ControlSet from SYSTEM hive."
    exit 1
fi
printf -v cs "ControlSet%03d" "$controlset_num"
echo -e "accessing $cs\n"

# Find Linux Bluetooth controller MAC and convert to Windows format
btdriverlinux=$(ls /var/lib/bluetooth/)
btdriverwindows=$(normalize_mac "$btdriverlinux")

echo -e "accessing $cs\Services\BTHPORT\Parameters\Keys\\$btdriverwindows as bluetooth controller\n"

# Normalize target device MAC address for registry lookup
targetdevicewindows=$(normalize_mac "$TARGETDEVICE")

# Extract the hex link key from Windows SYSTEM hive
outputhex=$(echo -e "cd $cs\Services\BTHPORT\Parameters\Keys\\$btdriverwindows\nhex $targetdevicewindows\nq" | chntpw -e ~/SYSTEM.copy)
hex=$(extract_hex_bytes "$outputhex" )

# Validate target hex key
if [ -z "$hex" ]; then
    echo "Could not extract hex key. Is the target device already paired in Windows?"
    exit 1
fi
echo -e "hex key for target device: $hex\n"

# Check if Linux-side info file exists for the target device
if [ ! -f "/var/lib/bluetooth/$btdriverlinux/$TARGETDEVICE/info" ]; then
    echo "Bluetooth info file not found: /var/lib/bluetooth/$btdriverlinux/$TARGETDEVICE/info"
    exit 1
fi

# Replace LinkKey value in the Linux info file with the extracted Windows one
change_linkkey "/var/lib/bluetooth/$btdriverlinux/$TARGETDEVICE/info" "$hex"
echo  -e "updated the Key in the info file of Target Device $TARGETDEVICE\n"

# Prompt user to restart Bluetooth for changes to take effect
echo -e "PLEASE RESTART BLUETOOTH SERVICE TO CONNECT THE DEVICE, USE THE BELOW COMMAND TO RESTART...\nsystemctl restart bluetooth"

# Unmounting after completion
umount /mnt/windows
rmdir /mnt/windows

# remove SYSTEM hive
rm ~/SYSTEM.copy

exit 0