Bluetooth Tools

7/30/2019 Bluetooth Tools

1/30

BLUETOOTH TOOLS

Sil Janssens

[email protected]

April 18, 2005


2/30

Abstract

Many different tools to access Bluetooth devices can be found on the internet and p2p

networks. This document gives a very short overview of the different tools related to

Bluetooth security.

Date Author Comment

18/05/2005 Sil Janssens small error corrected

14/05/2005 Sil Janssens adding new tools dicovered



07/12/2004 Sil Janssens corrections after remarks of Dave Singelee26/11/2004 Sil Janssens additions and corrections

24/11/2004 Sil Janssens additions

22/11/2004 Sil Janssens First Draft

Table 1: Version History


3/30

Contents

1 Introduction 6

1.1 Purpose and scope . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

1.2 References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

2 Bluetooth Tools 7

2.1 Affix Bluetooth Stack . . . . . . . . . . . . . . . . . . . . . . . . . . 7

2.1.1 Manufacturer . . . . . . . . . . . . . . . . . . . . . . . . . . 7

2.1.2 Link - Source . . . . . . . . . . . . . . . . . . . . . . . . . . 7

2.1.3 Description . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

2.1.4 Screenshots / Logo . . . . . . . . . . . . . . . . . . . . . . . 8

2.2 Blooover . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8

2.2.1 Manufacturer . . . . . . . . . . . . . . . . . . . . . . . . . . 8

2.2.2 Link - Source . . . . . . . . . . . . . . . . . . . . . . . . . . 8

2.2.3 Description . . . . . . . . . . . . . . . . . . . . . . . . . . . 8


2.3 BlueAlert . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

2.3.1 Manufacturer . . . . . . . . . . . . . . . . . . . . . . . . . . 9

2.3.2 Link - Source . . . . . . . . . . . . . . . . . . . . . . . . . . 9

2.3.3 Description . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

2.4 BlueBug . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

2.4.1 Manufacturer . . . . . . . . . . . . . . . . . . . . . . . . . . 9

2.4.2 Link - Source . . . . . . . . . . . . . . . . . . . . . . . . . . 9

2.4.3 Description . . . . . . . . . . . . . . . . . . . . . . . . . . . 9


2.5 BlueFish . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10

2.5.1 Manufacturer . . . . . . . . . . . . . . . . . . . . . . . . . . 10

2.5.2 Link - Source . . . . . . . . . . . . . . . . . . . . . . . . . . 10

2.5.3 Description . . . . . . . . . . . . . . . . . . . . . . . . . . . 10

2.5.4 Screenshots / Logo . . . . . . . . . . . . . . . . . . . . . . . 112.6 BluePrinting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

2.6.1 Manufacturer . . . . . . . . . . . . . . . . . . . . . . . . . . 11

2.6.2 Link - Source . . . . . . . . . . . . . . . . . . . . . . . . . . 11

2.6.3 Description . . . . . . . . . . . . . . . . . . . . . . . . . . . 11


2.7 BlueSmack . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12

2.7.1 Manufacturer . . . . . . . . . . . . . . . . . . . . . . . . . . 12

2.7.2 Link - Source . . . . . . . . . . . . . . . . . . . . . . . . . . 12

2.7.3 Description . . . . . . . . . . . . . . . . . . . . . . . . . . . 12

2


4/30


2.8 BlueSnarfer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12

2.8.1 Manufacturer . . . . . . . . . . . . . . . . . . . . . . . . . . 12

2.8.2 Link - Source . . . . . . . . . . . . . . . . . . . . . . . . . . 13

2.8.3 Description . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

2.9 BlueSniff . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

2.9.1 Manufacturer . . . . . . . . . . . . . . . . . . . . . . . . . . 13

2.9.2 Link - Source . . . . . . . . . . . . . . . . . . . . . . . . . . 13

2.9.3 Description . . . . . . . . . . . . . . . . . . . . . . . . . . . 13


2.10 BlueSniper . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14

2.10.1 Manufacturer . . . . . . . . . . . . . . . . . . . . . . . . . . 14

2.10.2 Link - Source . . . . . . . . . . . . . . . . . . . . . . . . . . 14

2.10.3 Description . . . . . . . . . . . . . . . . . . . . . . . . . . . 14


2.11 BlueSpam . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14

2.11.1 Manufacturer . . . . . . . . . . . . . . . . . . . . . . . . . . 14

2.11.2 Link - Source . . . . . . . . . . . . . . . . . . . . . . . . . . 15

2.11.3 Description . . . . . . . . . . . . . . . . . . . . . . . . . . . 15


2.12 Bluetooth Location Tracker Project . . . . . . . . . . . . . . . . . . . 15

2.12.1 Manufacturer . . . . . . . . . . . . . . . . . . . . . . . . . . 15

2.12.2 Link - Source . . . . . . . . . . . . . . . . . . . . . . . . . . 15

2.12.3 Description . . . . . . . . . . . . . . . . . . . . . . . . . . . 15


2.13 Bluetooth Phone Book Dumper . . . . . . . . . . . . . . . . . . . . . 16

2.13.1 Manufacturer . . . . . . . . . . . . . . . . . . . . . . . . . . 16

2.13.2 Link - Source . . . . . . . . . . . . . . . . . . . . . . . . . . 162.13.3 Description . . . . . . . . . . . . . . . . . . . . . . . . . . . 16

2.14 BlueZ Bluetooth Stack . . . . . . . . . . . . . . . . . . . . . . . . . 16

2.14.1 Manufacturer . . . . . . . . . . . . . . . . . . . . . . . . . . 16

2.14.2 Link - Source . . . . . . . . . . . . . . . . . . . . . . . . . . 16

2.14.3 Description . . . . . . . . . . . . . . . . . . . . . . . . . . . 16


2.15 Braces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

2.15.1 Manufacturer . . . . . . . . . . . . . . . . . . . . . . . . . . 17

2.15.2 Link - Source . . . . . . . . . . . . . . . . . . . . . . . . . . 17

2.15.3 Description . . . . . . . . . . . . . . . . . . . . . . . . . . . 17


2.16 bt audit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

2.16.1 Manufacturer . . . . . . . . . . . . . . . . . . . . . . . . . . 182.16.2 Link - Source . . . . . . . . . . . . . . . . . . . . . . . . . . 18

2.16.3 Description . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

2.17 BTBrowser - JABWT Browser . . . . . . . . . . . . . . . . . . . . . 18

2.17.1 Manufacturer . . . . . . . . . . . . . . . . . . . . . . . . . . 18

2.17.2 Link - Source . . . . . . . . . . . . . . . . . . . . . . . . . . 18

2.17.3 Description . . . . . . . . . . . . . . . . . . . . . . . . . . . 19


2.18 btChat . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20

2.18.1 Manufacturer . . . . . . . . . . . . . . . . . . . . . . . . . . 20

3


5/30

2.18.2 Link - Source . . . . . . . . . . . . . . . . . . . . . . . . . . 20

2.18.3 Description . . . . . . . . . . . . . . . . . . . . . . . . . . . 20


2.19 BTFS Bluetooth FileSystemMapping . . . . . . . . . . . . . . . . . . 20

2.19.1 Manufacturer . . . . . . . . . . . . . . . . . . . . . . . . . . 20

2.19.2 Link - Source . . . . . . . . . . . . . . . . . . . . . . . . . . 20

2.19.3 Description . . . . . . . . . . . . . . . . . . . . . . . . . . . 20

2.20 BthDisc . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

2.20.1 Manufacturer . . . . . . . . . . . . . . . . . . . . . . . . . . 21

2.20.2 Link - Source . . . . . . . . . . . . . . . . . . . . . . . . . . 21

2.20.3 Description . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

2.21 btScanner . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

2.21.1 Manufacturer . . . . . . . . . . . . . . . . . . . . . . . . . . 21

2.21.2 Link - Source . . . . . . . . . . . . . . . . . . . . . . . . . . 21

2.21.3 Description . . . . . . . . . . . . . . . . . . . . . . . . . . . 21


2.22 btXML . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22

2.22.1 Manufacturer . . . . . . . . . . . . . . . . . . . . . . . . . . 22

2.22.2 Link - Source . . . . . . . . . . . . . . . . . . . . . . . . . . 22

2.22.3 Description . . . . . . . . . . . . . . . . . . . . . . . . . . . 22


2.23 F ine Tooth Comb . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22

2.23.1 Manufacturer . . . . . . . . . . . . . . . . . . . . . . . . . . 22

2.23.2 Link - Source . . . . . . . . . . . . . . . . . . . . . . . . . . 22

2.23.3 Description . . . . . . . . . . . . . . . . . . . . . . . . . . . 22


2.24 FreeJack . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23

2.24.1 Manufacturer . . . . . . . . . . . . . . . . . . . . . . . . . . 232.24.2 Link - Source . . . . . . . . . . . . . . . . . . . . . . . . . . 23

2.24.3 Description . . . . . . . . . . . . . . . . . . . . . . . . . . . 23


2.25 Gnome Bluetooth Subsystem . . . . . . . . . . . . . . . . . . . . . . 23

2.25.1 Manufacturer . . . . . . . . . . . . . . . . . . . . . . . . . . 23

2.25.2 Link - Source . . . . . . . . . . . . . . . . . . . . . . . . . . 23

2.25.3 Description . . . . . . . . . . . . . . . . . . . . . . . . . . . 23


2.26 G reenplaque . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24

2.26.1 Manufacturer . . . . . . . . . . . . . . . . . . . . . . . . . . 24

2.26.2 Link - Source . . . . . . . . . . . . . . . . . . . . . . . . . . 24

2.26.3 Description . . . . . . . . . . . . . . . . . . . . . . . . . . . 24

2.26.4 Screenshots / Logo . . . . . . . . . . . . . . . . . . . . . . . 252.27 HCIDump . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25

2.27.1 Manufacturer . . . . . . . . . . . . . . . . . . . . . . . . . . 25

2.27.2 Link - Source . . . . . . . . . . . . . . . . . . . . . . . . . . 25

2.27.3 Description . . . . . . . . . . . . . . . . . . . . . . . . . . . 25

2.28 Impronto . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25

2.28.1 Manufacturer . . . . . . . . . . . . . . . . . . . . . . . . . . 25

2.28.2 Link - Source . . . . . . . . . . . . . . . . . . . . . . . . . . 25

2.28.3 Description . . . . . . . . . . . . . . . . . . . . . . . . . . . 25


4


6/30

2.29 OpenOBEX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26

2.29.1 Manufacturer . . . . . . . . . . . . . . . . . . . . . . . . . . 26

2.29.2 Link - Source . . . . . . . . . . . . . . . . . . . . . . . . . . 26

2.29.3 Description . . . . . . . . . . . . . . . . . . . . . . . . . . . 27

2.30 ObexFTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27

2.30.1 Manufacturer . . . . . . . . . . . . . . . . . . . . . . . . . . 27

2.30.2 Link - Source . . . . . . . . . . . . . . . . . . . . . . . . . . 27

2.30.3 Description . . . . . . . . . . . . . . . . . . . . . . . . . . . 27

2.31 PsmScan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27

2.31.1 Manufacturer . . . . . . . . . . . . . . . . . . . . . . . . . . 27

2.31.2 Link - Source . . . . . . . . . . . . . . . . . . . . . . . . . . 27

2.31.3 Description . . . . . . . . . . . . . . . . . . . . . . . . . . . 28

2.32 RedFang . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28

2.32.1 Manufacturer . . . . . . . . . . . . . . . . . . . . . . . . . . 28

2.32.2 Link - Source . . . . . . . . . . . . . . . . . . . . . . . . . . 28

2.32.3 Description . . . . . . . . . . . . . . . . . . . . . . . . . . . 28


2.33 RedSnarf . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28

2.33.1 Manufacturer . . . . . . . . . . . . . . . . . . . . . . . . . . 28

2.33.2 Link - Source . . . . . . . . . . . . . . . . . . . . . . . . . . 28

2.33.3 Description . . . . . . . . . . . . . . . . . . . . . . . . . . . 29


5


7/30

Chapter 1

Introduction

1.1 Purpose and scope

The purpose of this document is to provide a brief overview of the existent Bluetooth

security tools.

1.2 References

Sil Janssens, Preliminary study, VUB, 2004, http://student.vub.ac.

be/sijansse/2elic/BT/Voorstudie/PreliminaryStudy.pdf

Sil Janssens, Software Requirement Specifications, VUB, 2004, http://student.

vub.ac.be/sijansse/2elic/BT/SRS/SRS.pdf

other references are included for each tool in the document

6


8/30

Chapter 2

Bluetooth Tools

2.1 Affix Bluetooth Stack

2.1.1 Manufacturer

Affix: Nokia Research Center at Mobile Networks Lab and released under GPL.

2.1.2 Link - Source

http://affix.sourcefourge.net

2.1.3 Description

Affix is a Bluetooth Protocol Stack for Linux Affix supports core Bluetooth protocols

like HCI, L2CAP, RFCOMM, SDP and various Bluetooth profiles (see bellow).

Affix features:

Modular implementation.

Socket interface to HCI, L2CAP and RFCOMM protocols.

Bluetooth module interface independence.

SMP safe.

Multiple Bluetooth devices support.

Affix currently supports the following Bluetooth Profiles:

General Access Profile

Service Discovery Profile

Serial Port Profile

DialUp Networking Profile

LAN Access Profile

7


9/30

OBEX Object Push Profile

OBEX File Transfer Profile

PAN Profile

affix-kernel provides kernel modules implementing core protocols and Bluetooth de-

vice drivers. Kernel modules can be used separately from the kernel or can be linked

statically into the kernel.

affix provides control tools, libraries, and server daemons.

2.1.4 Screenshots / Logo

2.2 Blooover

2.2.1 Manufacturer

Trifinite

2.2.2 Link - Source

http://trifinite.org/trifinite_stuff_blooover.html

2.2.3 Description

Blooover is a proof-of-concept tool (similar to BlueSnarf) that is intended to run on

J2ME-enabled cell phones. Blooover is an audit tool that people can use to check

whether their phones and phones of friends and employees are vulnerable.

8


10/30


2.3 BlueAlert

2.3.1 Manufacturer

TDK

2.3.2 Link - Source

http://www.tdksystems.com/software/apps/content.asp?id=

4

http://www.tdksystems.com/

2.3.3 Description

TDK Systems BlueAlert Windows tool creates a pop-up icon from the system tray,

notifying you in advance:

When a Bluetooth device is active, or in range of your PC

If a particular device goes out of range and a connection is lost

I only supports TKS Bluetooth devices.

2.4 BlueBug

2.4.1 Manufacturer

Trifinite

2.4.2 Link - Source

http://trifinite.org/trifinite_stuff_bluebug.html

2.4.3 Description

BlueBug is the name of a Bluetooth security loophole on some Bluetooth-enabled cell

phones. Exploiting this loophole allows the unauthorized downloading phone books

and call lists, the sending and reading of SMS messages from the attacked phone and

many more things.

The tool and source code is NOT available!

9


11/30


2.5 BlueFish

2.5.1 Manufacturer

nobodaddy

2.5.2 Link - Source

http://www.nobodaddy.org/portfolio/bluefish.htm

2.5.3 Description

Bluefish is a surveillance system which tracks the presence of Bluetooth devices, and

their users.

Bluefish constantly scans for Bluetooth-enabled devices, such as phones, PDAs,

and wireless peripherals. When a new device is found, Bluefish takes a picture of the

area in which the device is discovered and catalogues all retrievable information about

the device. If the device is ever discovered again, the user will be sent the last imagecaptured of them via Bluetooth. All images are tagged with the devices name and the

time it was last observed.

Over time, a profile is built for each discovered device, making it possible to track

individual users who frequent the scanning area.

10


12/30


2.6 BluePrinting

2.6.1 Manufacturer

Collin Mulliner and Martin Herfurt, Trifinite

2.6.2 Link - Source

http://trifinite.org/trifinite_stuff_blueprinting.html

http://trifinite.org/Downloads/Blueprinting.pdf

http://trifinite.org/Downloads/bp_v100.zip

2.6.3 Description

Blueprinting is a method to remotely find out details about bluetooth-enabled devices.

Blueprinting can be used for generating statistics about manufacturers and models and

to find out whether there are devices in range that have issues with Bluetooth security.

Every bluetooth-enabled device has some characteristics that are either unique (Blue-

tooth device address), maufacturer specific (the first part of the bluetooth device ad-

dress) or model-specific (service description records). Blueprinting is combining the

different information that Bluetooth-enabled devices reveal in order to determine themanufacturer as well as the model of the device. Upon different characteristics it is

also possible to tell about the respective firmware version that runs on certain devices.

Every Bluetooth-enabled device that offers services to other Bluetooth-enabled devices

does announce these services via the service discovery protocol (SDP). So, remote de-

vices can query devices upon the offered capabilities.

11


13/30


2.7 BlueSmack

2.7.1 Manufacturer

Trifinite

2.7.2 Link - Source

http://trifinite.org/trifinite_stuff_bluesmack.html

http://www.insecure.org/sploits/ping-o-death.html

2.7.3 Description

BlueSmack is a Bluetooth attack that knocks out some Bluetooth-enabled devices im-

mediately. This Denial of Service attack can be conducted using standard tools that

ship with the official Linux Bluez utils package.


2.8 BlueSnarfer

2.8.1 Manufacturer

Dante Alighieri

12


14/30

2.8.2 Link - Source

http://www.alighieri.org/tools/bluesnarfer.tar.gz

http://www.alighieri.org/tools/bluetooth.tar.gz

2.8.3 Description

rfcomm connection to bdaddr and send/recv AT command from gsm extension

2.9 BlueSniff

2.9.1 Manufacturer

The Shmoo Group, Bruce Potter - Brian Caswell

2.9.2 Link - Source

http://bluesniff.shmoo.com/

http://www.shmoo.com/gdead/dc-11-brucepotter.ppt

http://bluesniff.shmoo.com/bluesniff-0.1.tar.gz

2.9.3 Description

Bluesniff is proof of concept code for a Bluetooth wardriving utility. It provided a GUI

for finding discoverable and hidden Bluetooth devices. It is focused on providing a UI

Front-end for Redfang.


13


15/30

2.10 BlueSniper

2.10.1 Manufacturer

Flexilis

2.10.2 Link - Source

http://www.flexilis.com

http://www.blueserker.com/html/modules.php?op=modload&name=

News&file=index&catid=&topic=14

2.10.3 Description

The BlueSniper is a rifle stock with a scope and yagi antenna attached. A cable at-taches the antenna to the Bluetooth card, which can be in a PDA or laptop computer.

The laptop can be carried in a backpack with the cables connecting into the backpack,

giving it the Ghostbusters look.

The Flexilis teams demonstrated the gun with some home-brewed Bluetooth scanning

software. They pointed the gun down the hallways and out windows. Almost instantly,

vulnerable phones with their unique Bluetooth device numbers appeared on the laptop

screen. The device is powerful enough to detect devices through building walls.


2.11 BlueSpam

2.11.1 Manufacturer

Collin R. Mulliner

14


16/30


http://www.mulliner.org/palm/bluespam.php

2.11.3 Description

BlueSpam is a Palm OS application that searches for all discoverable Bluetooth devices

and send a arbitrary file to them if they support OBEX.


2.12 Bluetooth Location Tracker Project

2.12.1 Manufacturer

Collin R. Mulliner, Andreas Steini Steinhauser, Daniel Dorau.


http://www.betaversion.net/blt/

http://www.betaversion.net/blt/blt.pdf

http://www.betaversion.net/blt/blt_server-0.15.tgz

http://www.betaversion.net/blt/blt-bluez-client.tgz

http://www.betaversion.net/blt/bltwebd-0.1.tgz

2.12.3 Description

Linux software to track Bluetooth devices in combination with a GPS devices, client

and server architecture.


15


17/30

2.13 Bluetooth Phone Book Dumper

2.13.1 Manufacturer

Collin R. Mulliner


http://www.saftware.de/bluetooth/btxml.c

2.13.3 Description

Bluetooth phone book dumper creates a backup of the Nokia 6310i via bluetooth. It

also works on some Ericsson mobile phones.

The data is written to stdout in a standard xml format. There is no need to enter any data

on the host or phone side and no pairing is needed, it simply uses GSM AT commandsover a RFCOMM connection.

The software uses the Linux BlueZ Bluetooth stack.

2.14 BlueZ Bluetooth Stack

2.14.1 Manufacturer

BlueZ Project


http://www.bluez.org

2.14.3 Description

BlueZ is an implementation of the Bluetooth wireless standards specifications for Linux.

The code is licensed under the GNU General Public License (GPL) and is now included

in the Linux 2.4 and Linux 2.6 kernel series.

BlueZ provides support for the core Bluetooth layers and protocols. It is flexible,

efficient and uses a modular implementation. It has many interesting features:

Complete modular implementation

Symmetric multi processing safe

Multithreaded data processing

Support for multiple Bluetooth devices

Real hardware abstraction

Standard socket interface to all layers

Device and service level security support

16


18/30

Currently BlueZ consists of many separate modules:

Bluetooth kernel subsystem core

L2CAP and SCO audio kernel layers

RFCOMM, BNEP, CMTP and HIDP kernel implementations

HCI UART, USB, PCMCIA and virtual device drivers

General Bluetooth and SDP libraries and daemons

Configuration and testing utilities

Protocol decoding and analysis tools

The BlueZ kernel modules, libraries and utilities are known to be working prefectly on

many architectures supported by Linux.


2.15 Braces

2.15.1 Manufacturer

The Shmoo Group, Bruce Potter, Brian


http://braces.shmoo.com/

2.15.3 Description

Bluetooth tracking application used at a demonstration on the BlackHat conference

USA 2004.

17


19/30


2.16 bt audit

2.16.1 Manufacturer

Collin R. Mulliner


http://www.betaversion.net/btdsd/

2.16.3 Description

bt audit is a suit of programs and scripts to do Bluetooth device auditing. The suit cur-

rently consists of two port scanners, psm scan for the L2CAP layer and rfcomm scan

for the RFCOMM layer.

2.17 BTBrowser - JABWT Browser

2.17.1 Manufacturer

Klings.org BenHui.net


http://www.benhui.net/bluetooth/btbrowser.html

http://www.benhui.net/bluetooth/btbrowser.jar

http://www.benhui.net/bluetooth/btbrowser.jad

http://wireless.klings.org/main.php/BTBrowser/

http://wireless.klings.org/source/btbrowser_src.zip

18


20/30

2.17.3 Description

Bluetooth (JABWT) Browser is a J2ME MIDP MIDlet that can browse and explore thetechnical specification of surrounding Bluetooth devices.

BTBrowser will discover nearby devices (if they are discoverable. You can browse

device Bluetooth information and all supported profiles and service records of each

device. This is a great utility tool to sniff bluetooth information.

This MIDlet MIDP2.0/CLDC1.0 works on phones that support JSR-82 (a.k.a JABWT

or Java Bluetooth) specification. Examples are Nokia 6600 and Sony Ericsson P900.

The following attributes will be shown if they are set in the Bluetooth service record:

0x0100, ServiceName

0x0101, ServiceDescription

0x0102, ProviderName

0x0000, ServiceRecordHandle

0x0003, ServiceID

0x0001, ServiceClassIDList

0x0004, ProtocolDescriptorList

0x0009, BluetoothProfileDescriptorList

0x0007, ServiceInfoTimeToLive

0x0008, ServiceAvailability

0x000A, DocumentationURL

0x000B, ClientExecutableURK

0x000C, IconURL


19


21/30

2.18 btChat

2.18.1 Manufacturer

Collin R. Mulliner


http://www.mulliner.org/bluetooth/btchat/

2.18.3 Description

btChat is a Bluetooth based chatting/IM (instant messaging) system


2.19 BTFS Bluetooth FileSystemMapping

2.19.1 Manufacturer

Collin R. Mulliner


www.mulliner.org/bluetooth/btfs.php

2.19.3 Description

BTFS brings basic Bluetooth support to the filesystem by mapping functions like in-

quiry (search for Bluetooth devices) and file transfer (via OBEX) to normal file opera-

tions.

BTFS is a FUSE (Filesystem in USErspace) application.

With btfs a simple ls DEVICES shows you all Bluetooth devices within range and cp

somefile OPUSH/devicename sends the given file to the device (via OBEX).

20


22/30

2.20 BthDisc

2.20.1 Manufacturer

[email protected]


www.lookout.net/mike

http://archiv.egocrew.de/tools/windows-utilities/bthdisc-00.

00.01.zip

http://www.meer-net.com/Info/WindowsXP.html

http://security-protocols.com/modules.php?name=News&file=

article&sid=1880

2.20.3 Description

Simple command line utility to list discoverable bluetooth devices. Example of win32

bluetooth device/service discovery API.

Requires Microsoft Bluetooth Stack (hotfix for XP SP1, included w/ XP SP2).

2.21 btScanner

2.21.1 Manufacturer

Pentest


http://www.pentest.co.uk/cgi-bin/viewcat.cgi?cat=downloads&section=

01_bluetooth

2.21.3 Description

btscanner is a tool designed specifically to extract as much information as possible

from a Bluetooth device without the requirement to pair. A detailed information screen

extracts HCI and SDP information, and maintains an open connection to monitor the

RSSI and link quality. btscanner is based on the BlueZ Bluetooth stack, which is in-

cluded with recent Linux kernels, and the BlueZ toolset. btscanner also contains a

complete listing of the IEEE OUI numbers and class lookup tables. Using the informa-tion gathered from these sources it is possible to make educated guesses as to the host

device type.


21


23/30

2.22 btXML

2.22.1 Manufacturer

Saftware, Andreas Oberritter, GNU General Public License


www.saftware.de/bluetooth/btxml.c

2.22.3 Description

Creates a backup of the Nokia 6310i (and for Ericsson T610 and T68i) via Bluetooth.


2.23 Fine Tooth Comb

2.23.1 Manufacturer

The Shmoo Group


http://bluetooth.shmoo.com

http://www.oook.cz/bsd/bluetooth.html

2.23.3 Description

A Bluetooth scanner for FreeBSD.

This tool tries to find other Bluetooth devices in three different ways:

A periodic inquiry scan

About every minute (it varies) discoverable devices are listed. These show up as:

++IRMAC ADDRESS

Report devices that try to connect to the scanning host

If somebody tries to check what services you are offering, it makes note of what

address tried to connect. (It rejects them.) You must have inquiry and page

scanning turned on for this to be of use. These show up as: ++CRMAC AD-

DRESSA for ACL, S for SCODevice Class

Brute force

It steps through each of the manufacturers listed in ftc manuf.h and tries all

possible device IDs. This is very slow! Devices that are found show up as:

++BFMAC ADDRESS If the attempt times out, it will show: BFMAC

ADDRESS

22


24/30


2.24 FreeJack

2.24.1 Manufacturer

Software13


http://www.software13.co.uk/freejack/

2.24.3 Description

FreeJack is a Java based BlueJacking application for mobile devices. The aim of this

software is to allow the anonymous sending of messages to Bluetooth enabled devices

within range.


2.25 Gnome Bluetooth Subsystem

2.25.1 Manufacturer

Useful Information Company, GPL

2.25.2 Link - Source http://usefulinc.com/software/gnome-bluetooth/

2.25.3 Description

Current features include:

Controller object to manage the discovery of nearby Bluetooth devices

Controller will create serial (RFCOMM) connections for clients to devices

23


25/30

libbtcl, a GObject wrapper for Bluetooth functionality An OBEX server, so you

can beam files such as pictures, addresses or contacts from other Bluetooth

devices to your computer

An OBEX push send tool, so you can beam files from your computer to remote

devices.

Nautilus menu integration


2.26 Greenplaque

2.26.1 Manufacturer

Kevin Finisterre, Ollie Whitehouse


http://digitalmunition.com

2.26.3 Description

Multi-dongle Bluetooth Hunter / Killer

RedFang was a small proof-of-conceptapplication to find non discoveredable bluetooth

devices.

Greenplaque on the other hand is an application to find discoverable bluetooth devices.

After being found the device will promptly be slayed.

24


26/30


2.27 HCIDump

2.27.1 Manufacturer

Maxim Krasnyansky


http://linuxcommand.org/man_pages/hcidump8.html

2.27.3 Description

HCIDump is a HCI packet analyzer. It reads raw HCI data coming from and going to a

Bluetooth device and prints to screen commands, events and data in a human-readable

form.

2.28 Impronto

2.28.1 Manufacturer

Rococo Software


http://rococosoft.com

http://www.rococosoft.com/blue_university.html

http://www.rococosoft.com/blue_dk.html

2.28.3 Description

Impronto Developer Kit is a standards-based Java tool designed to make building Blue-

tooth applications easy. Improntos framework hides complex Bluetooth protocols be-

hind standard Java APIs (JSR82), letting developers focus on writing wireless applica-

tions rather than on low-level Bluetooth networking issues. The result is faster, easier

construction of Bluetooth applications.

25


27/30

Support for IrDA - ircomm and irdaobex - which allows access to infrared wireless

technologies through standardised specifications (Linux Developer Kit only)

Provides abstractions of Bluetooth wireless communication using the Java 2 Platform,

Micro Edition (J2ME)

Generic Connection Framework

Based on J2ME Connected Limited Device Configuration (CLDC)

Addresses primary Bluetooth profiles:

Generic Access Profile

Service Discovery Profile

Serial Port Profile

Generic Object Exchange Profile


2.29 OpenOBEX

2.29.1 Manufacturer

OpenOBEX Sourceforge, LGPL GPL


http://openobex.sourceforge.net/

http://prdownloads.sourceforge.net/openobex/openobex-1.

0.1.tar.gz

26


28/30

http://prdownloads.sourceforge.net/openobex/openobex-apps-1.

0.0.tar.gz

2.29.3 Description

Free open source implementation of the Object Exchange (OBEX) protocol. OBEX

is a session protocol and can best be described as a binary HTTP protocol. OBEX is

optimized for ad-hoc wireless links and can be used to exchange all kind of objects like

files, pictures, calendar entries (vCal) and business cards (vCard).

The OpenOBEX Project has a sample IrCp (infrared copy) application and an associ-

ated ObexFTP application.

2.30 ObexFTP

2.30.1 Manufacturer

OpenOBEX Sourceforge, LGPL GPL


http://triq.net/obex/

http://openobex.sourceforge.net/

http://prdownloads.sourceforge.net/openobex/obexftp-0.

10.3.tar.gz

http://triq.net/obex/examples.html

2.30.3 Description

Free open source implementation of the Object Exchange (OBEX) protocol. OBEX

is a session protocol and can best be described as a binary HTTP protocol. OBEX is

optimized for ad-hoc wireless links and can be used to exchange all kind of objects like

files, pictures, calendar entries (vCal) and business cards (vCard).

The common usage for ObexFTP is to access your mobile phones memory to store and

retrieve e.g. your phonebook, logos, ringtones, music, pictures and alike.

2.31 PsmScan

2.31.1 Manufacturer

Collin R. Mulliner


http://www.betaversion.net/btdsd/

27


29/30

2.31.3 Description

This tool was written as part of the Bluetooth device security database project. Somehardware manufacturers could hide special functions on PSMs (Protocol/Service

Multiplexer) without listing them in the SDP database, this tool should find them. It

scans a range of L2CAP PSMs to check if they are open (accept connections)

2.32 RedFang

2.32.1 Manufacturer

Ollie Whitehouse, @stake


http://www.atstake.com

http://www.securiteam.com/tools/5JP0I1FAAE.html

http://cansecwest.com/csw04/csw04-Whitehouse.pdf

2.32.3 Description

RedFang is an application that finds non-discoverable Bluetooth devices by brute-

forcing the last six bytes of the devices Bluetooth address and doing a read remote name().


2.33 RedSnarf

2.33.1 Manufacturer

Ollie Whitehouse, @stake


http://www.atstake.com

http://cansecwest.com/csw04/csw04-Whitehouse.pdf

http://www.thebunker.net/security/bluetooth.htm

28


30/30

2.33.3 Description

RedSnarf is the @stake implementation of the BlueStumbler/BlueSnarf application:OBEX PULLing / Snarfing.

On some makes of devices, it is possible to connect to the device, without alerting

the owner of the target device of the request, and gain access to restricted portions

of the stored data, including the phonebook, calendar, realtime clock, business card,

properties, IMEI.

The tool and source code is NOT available!


Date post:	14-Apr-2018
Category:	Documents
Upload:	marco-antonio-martinez-andrade
View:	218 times
Download:	0 times

Bluetooth Tools

Documents