BLUETOOTH TOOLS

Sil Janssens Sil.Janssens@vub.ac.be April 18, 2005

Abstract Many different tools to access Bluetooth devices can be found on the internet and p2p networks. This document gives a very short overview of the different tools related to Bluetooth security. Date 18/05/2005 14/05/2005 08/05/2005 05/05/2005 07/12/2004 26/11/2004 24/11/2004 22/11/2004 Author Sil Janssens Sil Janssens Sil Janssens Sil Janssens Sil Janssens Sil Janssens Sil Janssens Sil Janssens Comment small error corrected adding new tools dicovered adding new tools dicovered adding new tools dicovered corrections after remarks of Dave Singelee additions and corrections additions First Draft

Table 1: Version History

Contents
1 Introduction 1.1 Purpose and scope . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1.2 References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 Bluetooth Tools 2.1 Afx Bluetooth Stack . . . 2.1.1 Manufacturer . . . 2.1.2 Link - Source . . . 2.1.3 Description . . . . 2.1.4 Screenshots / Logo 2.2 Blooover . . . . . . . . . . 2.2.1 Manufacturer . . . 2.2.2 Link - Source . . . 2.2.3 Description . . . . 2.2.4 Screenshots / Logo 2.3 BlueAlert . . . . . . . . . 2.3.1 Manufacturer . . . 2.3.2 Link - Source . . . 2.3.3 Description . . . . 2.4 BlueBug . . . . . . . . . . 2.4.1 Manufacturer . . . 2.4.2 Link - Source . . . 2.4.3 Description . . . . 2.4.4 Screenshots / Logo 2.5 BlueFish . . . . . . . . . . 2.5.1 Manufacturer . . . 2.5.2 Link - Source . . . 2.5.3 Description . . . . 2.5.4 Screenshots / Logo 2.6 BluePrinting . . . . . . . . 2.6.1 Manufacturer . . . 2.6.2 Link - Source . . . 2.6.3 Description . . . . 2.6.4 Screenshots / Logo 2.7 BlueSmack . . . . . . . . 2.7.1 Manufacturer . . . 2.7.2 Link - Source . . . 2.7.3 Description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 6 6 7 7 7 7 7 8 8 8 8 8 9 9 9 9 9 9 9 9 9 10 10 10 10 10 11 11 11 11 11 12 12 12 12 12

2.8

2.9

2.10

2.11

2.12

2.13

2.14

2.15

2.16

2.17

2.18

2.7.4 Screenshots / Logo . . . . . BlueSnarfer . . . . . . . . . . . . . 2.8.1 Manufacturer . . . . . . . . 2.8.2 Link - Source . . . . . . . . 2.8.3 Description . . . . . . . . . BlueSniff . . . . . . . . . . . . . . 2.9.1 Manufacturer . . . . . . . . 2.9.2 Link - Source . . . . . . . . 2.9.3 Description . . . . . . . . . 2.9.4 Screenshots / Logo . . . . . BlueSniper . . . . . . . . . . . . . 2.10.1 Manufacturer . . . . . . . . 2.10.2 Link - Source . . . . . . . . 2.10.3 Description . . . . . . . . . 2.10.4 Screenshots / Logo . . . . . BlueSpam . . . . . . . . . . . . . . 2.11.1 Manufacturer . . . . . . . . 2.11.2 Link - Source . . . . . . . . 2.11.3 Description . . . . . . . . . 2.11.4 Screenshots / Logo . . . . . Bluetooth Location Tracker Project . 2.12.1 Manufacturer . . . . . . . . 2.12.2 Link - Source . . . . . . . . 2.12.3 Description . . . . . . . . . 2.12.4 Screenshots / Logo . . . . . Bluetooth Phone Book Dumper . . . 2.13.1 Manufacturer . . . . . . . . 2.13.2 Link - Source . . . . . . . . 2.13.3 Description . . . . . . . . . BlueZ Bluetooth Stack . . . . . . . 2.14.1 Manufacturer . . . . . . . . 2.14.2 Link - Source . . . . . . . . 2.14.3 Description . . . . . . . . . 2.14.4 Screenshots / Logo . . . . . Braces . . . . . . . . . . . . . . . . 2.15.1 Manufacturer . . . . . . . . 2.15.2 Link - Source . . . . . . . . 2.15.3 Description . . . . . . . . . 2.15.4 Screenshots / Logo . . . . . bt audit . . . . . . . . . . . . . . . 2.16.1 Manufacturer . . . . . . . . 2.16.2 Link - Source . . . . . . . . 2.16.3 Description . . . . . . . . . BTBrowser - JABWT Browser . . . 2.17.1 Manufacturer . . . . . . . . 2.17.2 Link - Source . . . . . . . . 2.17.3 Description . . . . . . . . . 2.17.4 Screenshots / Logo . . . . . btChat . . . . . . . . . . . . . . . . 2.18.1 Manufacturer . . . . . . . . 3

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

12 12 12 13 13 13 13 13 13 13 14 14 14 14 14 14 14 15 15 15 15 15 15 15 15 16 16 16 16 16 16 16 16 17 17 17 17 17 18 18 18 18 18 18 18 18 19 19 20 20

2.19

2.20

2.21

2.22

2.23

2.24

2.25

2.26

2.27

2.28

2.18.2 Link - Source . . . . . . . . . 2.18.3 Description . . . . . . . . . . 2.18.4 Screenshots / Logo . . . . . . BTFS Bluetooth FileSystemMapping . 2.19.1 Manufacturer . . . . . . . . . 2.19.2 Link - Source . . . . . . . . . 2.19.3 Description . . . . . . . . . . BthDisc . . . . . . . . . . . . . . . . 2.20.1 Manufacturer . . . . . . . . . 2.20.2 Link - Source . . . . . . . . . 2.20.3 Description . . . . . . . . . . btScanner . . . . . . . . . . . . . . . 2.21.1 Manufacturer . . . . . . . . . 2.21.2 Link - Source . . . . . . . . . 2.21.3 Description . . . . . . . . . . 2.21.4 Screenshots / Logo . . . . . . btXML . . . . . . . . . . . . . . . . 2.22.1 Manufacturer . . . . . . . . . 2.22.2 Link - Source . . . . . . . . . 2.22.3 Description . . . . . . . . . . 2.22.4 Screenshots / Logo . . . . . . Fine Tooth Comb . . . . . . . . . . . 2.23.1 Manufacturer . . . . . . . . . 2.23.2 Link - Source . . . . . . . . . 2.23.3 Description . . . . . . . . . . 2.23.4 Screenshots / Logo . . . . . . FreeJack . . . . . . . . . . . . . . . . 2.24.1 Manufacturer . . . . . . . . . 2.24.2 Link - Source . . . . . . . . . 2.24.3 Description . . . . . . . . . . 2.24.4 Screenshots / Logo . . . . . . Gnome Bluetooth Subsystem . . . . . 2.25.1 Manufacturer . . . . . . . . . 2.25.2 Link - Source . . . . . . . . . 2.25.3 Description . . . . . . . . . . 2.25.4 Screenshots / Logo . . . . . . Greenplaque . . . . . . . . . . . . . . 2.26.1 Manufacturer . . . . . . . . . 2.26.2 Link - Source . . . . . . . . . 2.26.3 Description . . . . . . . . . . 2.26.4 Screenshots / Logo . . . . . . HCIDump . . . . . . . . . . . . . . . 2.27.1 Manufacturer . . . . . . . . . 2.27.2 Link - Source . . . . . . . . . 2.27.3 Description . . . . . . . . . . Impronto . . . . . . . . . . . . . . . 2.28.1 Manufacturer . . . . . . . . . 2.28.2 Link - Source . . . . . . . . . 2.28.3 Description . . . . . . . . . . 2.28.4 Screenshots / Logo . . . . . . 4

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

20 20 20 20 20 20 20 21 21 21 21 21 21 21 21 21 22 22 22 22 22 22 22 22 22 23 23 23 23 23 23 23 23 23 23 24 24 24 24 24 25 25 25 25 25 25 25 25 25 26

2.29 OpenOBEX . . . . . . . . 2.29.1 Manufacturer . . . 2.29.2 Link - Source . . . 2.29.3 Description . . . . 2.30 ObexFTP . . . . . . . . . 2.30.1 Manufacturer . . . 2.30.2 Link - Source . . . 2.30.3 Description . . . . 2.31 PsmScan . . . . . . . . . . 2.31.1 Manufacturer . . . 2.31.2 Link - Source . . . 2.31.3 Description . . . . 2.32 RedFang . . . . . . . . . . 2.32.1 Manufacturer . . . 2.32.2 Link - Source . . . 2.32.3 Description . . . . 2.32.4 Screenshots / Logo 2.33 RedSnarf . . . . . . . . . 2.33.1 Manufacturer . . . 2.33.2 Link - Source . . . 2.33.3 Description . . . . 2.33.4 Screenshots / Logo

. . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . .

26 26 26 27 27 27 27 27 27 27 27 28 28 28 28 28 28 28 28 28 29 29

Chapter 1

Introduction
1.1 Purpose and scope
The purpose of this document is to provide a brief overview of the existent Bluetooth security tools.

1.2 References
Sil Janssens, Preliminary study, VUB, 2004, http://student.vub.ac. be/sijansse/2elic/BT/Voorstudie/PreliminaryStudy.pdf Sil Janssens, Software Requirement Specications, VUB, 2004, http://student. vub.ac.be/sijansse/2elic/BT/SRS/SRS.pdf other references are included for each tool in the document

Chapter 2

Bluetooth Tools
2.1 Afx Bluetooth Stack
2.1.1 Manufacturer
Afx: Nokia Research Center at Mobile Networks Lab and released under GPL.

2.1.2 Link - Source

http://affix.sourcefourge.net

2.1.3 Description
Afx is a Bluetooth Protocol Stack for Linux Afx supports core Bluetooth protocols like HCI, L2CAP, RFCOMM, SDP and various Bluetooth proles (see bellow). Afx features: Modular implementation. Socket interface to HCI, L2CAP and RFCOMM protocols. Bluetooth module interface independence. SMP safe. Multiple Bluetooth devices support. Afx currently supports the following Bluetooth Proles: General Access Prole Service Discovery Prole Serial Port Prole DialUp Networking Prole LAN Access Prole

 OBEX Object Push Prole OBEX File Transfer Prole PAN Prole afx-kernel provides kernel modules implementing core protocols and Bluetooth device drivers. Kernel modules can be used separately from the kernel or can be linked statically into the kernel. afx provides control tools, libraries, and server daemons.

2.1.4 Screenshots / Logo

2.2 Blooover
2.2.1 Manufacturer
Trinite

2.2.2 Link - Source

http://trifinite.org/trifinite_stuff_blooover.html

2.2.3 Description
Blooover is a proof-of-concept tool (similar to BlueSnarf) that is intended to run on J2ME-enabled cell phones. Blooover is an audit tool that people can use to check whether their phones and phones of friends and employees are vulnerable.

2.2.4 Screenshots / Logo

2.3 BlueAlert
2.3.1 Manufacturer
TDK

2.3.2 Link - Source

http://www.tdksystems.com/software/apps/content.asp?id= 4 http://www.tdksystems.com/

2.3.3 Description
TDK Systems BlueAlert Windows tool creates a pop-up icon from the system tray, notifying you in advance: When a Bluetooth device is active, or in range of your PC If a particular device goes out of range and a connection is lost I only supports TKS Bluetooth devices.

2.4 BlueBug
2.4.1 Manufacturer
Trinite

2.4.2 Link - Source

http://trifinite.org/trifinite_stuff_bluebug.html

2.4.3 Description
BlueBug is the name of a Bluetooth security loophole on some Bluetooth-enabled cell phones. Exploiting this loophole allows the unauthorized downloading phone books and call lists, the sending and reading of SMS messages from the attacked phone and many more things. The tool and source code is NOT available! 9

2.4.4 Screenshots / Logo

2.5 BlueFish
2.5.1 Manufacturer
nobodaddy

2.5.2 Link - Source

http://www.nobodaddy.org/portfolio/bluefish.htm

2.5.3 Description
Bluesh is a surveillance system which tracks the presence of Bluetooth devices, and their users. Bluesh constantly scans for Bluetooth-enabled devices, such as phones, PDAs, and wireless peripherals. When a new device is found, Bluesh takes a picture of the area in which the device is discovered and catalogues all retrievable information about the device. If the device is ever discovered again, the user will be sent the last image captured of them via Bluetooth. All images are tagged with the devices name and the time it was last observed. Over time, a prole is built for each discovered device, making it possible to track individual users who frequent the scanning area.

10

2.5.4 Screenshots / Logo

2.6 BluePrinting
2.6.1 Manufacturer
Collin Mulliner and Martin Herfurt, Trinite

2.6.2 Link - Source

http://trifinite.org/trifinite_stuff_blueprinting.html http://trifinite.org/Downloads/Blueprinting.pdf http://trifinite.org/Downloads/bp_v100.zip

2.6.3 Description
Blueprinting is a method to remotely nd out details about bluetooth-enabled devices. Blueprinting can be used for generating statistics about manufacturers and models and to nd out whether there are devices in range that have issues with Bluetooth security. Every bluetooth-enabled device has some characteristics that are either unique (Bluetooth device address), maufacturer specic (the rst part of the bluetooth device address) or model-specic (service description records). Blueprinting is combining the different information that Bluetooth-enabled devices reveal in order to determine the manufacturer as well as the model of the device. Upon different characteristics it is also possible to tell about the respective rmware version that runs on certain devices. Every Bluetooth-enabled device that offers services to other Bluetooth-enabled devices does announce these services via the service discovery protocol (SDP). So, remote devices can query devices upon the offered capabilities.

11

2.6.4 Screenshots / Logo

2.7 BlueSmack
2.7.1 Manufacturer
Trinite

2.7.2 Link - Source

http://trifinite.org/trifinite_stuff_bluesmack.html http://www.insecure.org/sploits/ping-o-death.html

2.7.3 Description
BlueSmack is a Bluetooth attack that knocks out some Bluetooth-enabled devices immediately. This Denial of Service attack can be conducted using standard tools that ship with the ofcial Linux Bluez utils package.

2.7.4 Screenshots / Logo

2.8 BlueSnarfer
2.8.1 Manufacturer
Dante Alighieri

12

2.8.2 Link - Source

http://www.alighieri.org/tools/bluesnarfer.tar.gz http://www.alighieri.org/tools/bluetooth.tar.gz

2.8.3 Description
rfcomm connection to bdaddr and send/recv AT command from gsm extension

2.9 BlueSniff
2.9.1 Manufacturer
The Shmoo Group, Bruce Potter - Brian Caswell

2.9.2 Link - Source

http://bluesniff.shmoo.com/ http://www.shmoo.com/gdead/dc-11-brucepotter.ppt http://bluesniff.shmoo.com/bluesniff-0.1.tar.gz

2.9.3 Description
Bluesniff is proof of concept code for a Bluetooth wardriving utility. It provided a GUI for nding discoverable and hidden Bluetooth devices. It is focused on providing a UI Front-end for Redfang.

2.9.4 Screenshots / Logo

13

2.10 BlueSniper
2.10.1 Manufacturer
Flexilis

2.10.2 Link - Source

http://www.flexilis.com http://www.blueserker.com/html/modules.php?op=modload&name= News&file=index&catid=&topic=14

2.10.3 Description
The BlueSniper is a rie stock with a scope and yagi antenna attached. A cable attaches the antenna to the Bluetooth card, which can be in a PDA or laptop computer. The laptop can be carried in a backpack with the cables connecting into the backpack, giving it the Ghostbusters look. The Flexilis teams demonstrated the gun with some home-brewed Bluetooth scanning software. They pointed the gun down the hallways and out windows. Almost instantly, vulnerable phones with their unique Bluetooth device numbers appeared on the laptop screen. The device is powerful enough to detect devices through building walls.

2.10.4 Screenshots / Logo

2.11 BlueSpam
2.11.1 Manufacturer
Collin R. Mulliner

14

2.11.2 Link - Source

http://www.mulliner.org/palm/bluespam.php

2.11.3 Description
BlueSpam is a Palm OS application that searches for all discoverable Bluetooth devices and send a arbitrary le to them if they support OBEX.

2.11.4 Screenshots / Logo

2.12 Bluetooth Location Tracker Project

2.12.1 Manufacturer
Collin R. Mulliner, Andreas Steini Steinhauser, Daniel Dorau.

2.12.2 Link - Source

http://www.betaversion.net/blt/ http://www.betaversion.net/blt/blt.pdf http://www.betaversion.net/blt/blt_server-0.15.tgz http://www.betaversion.net/blt/blt-bluez-client.tgz http://www.betaversion.net/blt/bltwebd-0.1.tgz

2.12.3 Description
Linux software to track Bluetooth devices in combination with a GPS devices, client and server architecture.

2.12.4 Screenshots / Logo

15

2.13 Bluetooth Phone Book Dumper

2.13.1 Manufacturer
Collin R. Mulliner

2.13.2 Link - Source

http://www.saftware.de/bluetooth/btxml.c

2.13.3 Description
Bluetooth phone book dumper creates a backup of the Nokia 6310i via bluetooth. It also works on some Ericsson mobile phones. The data is written to stdout in a standard xml format. There is no need to enter any data on the host or phone side and no pairing is needed, it simply uses GSM AT commands over a RFCOMM connection. The software uses the Linux BlueZ Bluetooth stack.

2.14 BlueZ Bluetooth Stack

2.14.1 Manufacturer
BlueZ Project

2.14.2 Link - Source

http://www.bluez.org

2.14.3 Description
BlueZ is an implementation of the Bluetooth wireless standards specications for Linux. The code is licensed under the GNU General Public License (GPL) and is now included in the Linux 2.4 and Linux 2.6 kernel series. BlueZ provides support for the core Bluetooth layers and protocols. It is exible, efcient and uses a modular implementation. It has many interesting features: Complete modular implementation Symmetric multi processing safe Multithreaded data processing Support for multiple Bluetooth devices Real hardware abstraction Standard socket interface to all layers Device and service level security support

16

Currently BlueZ consists of many separate modules: Bluetooth kernel subsystem core L2CAP and SCO audio kernel layers RFCOMM, BNEP, CMTP and HIDP kernel implementations HCI UART, USB, PCMCIA and virtual device drivers General Bluetooth and SDP libraries and daemons Conguration and testing utilities Protocol decoding and analysis tools The BlueZ kernel modules, libraries and utilities are known to be working prefectly on many architectures supported by Linux.

2.14.4 Screenshots / Logo

2.15 Braces
2.15.1 Manufacturer
The Shmoo Group, Bruce Potter, Brian

2.15.2 Link - Source

http://braces.shmoo.com/

2.15.3 Description
Bluetooth tracking application used at a demonstration on the BlackHat conference USA 2004.

17

2.15.4 Screenshots / Logo

2.16 bt audit
2.16.1 Manufacturer
Collin R. Mulliner

2.16.2 Link - Source

http://www.betaversion.net/btdsd/

2.16.3 Description
bt audit is a suit of programs and scripts to do Bluetooth device auditing. The suit currently consists of two port scanners, psm scan for the L2CAP layer and rfcomm scan for the RFCOMM layer.

2.17 BTBrowser - JABWT Browser

2.17.1 Manufacturer
Klings.org BenHui.net

2.17.2 Link - Source

http://www.benhui.net/bluetooth/btbrowser.html http://www.benhui.net/bluetooth/btbrowser.jar http://www.benhui.net/bluetooth/btbrowser.jad http://wireless.klings.org/main.php/BTBrowser/ http://wireless.klings.org/source/btbrowser_src.zip

18

2.17.3 Description
Bluetooth (JABWT) Browser is a J2ME MIDP MIDlet that can browse and explore the technical specication of surrounding Bluetooth devices. BTBrowser will discover nearby devices (if they are discoverable. You can browse device Bluetooth information and all supported proles and service records of each device. This is a great utility tool to sniff bluetooth information. This MIDlet MIDP2.0/CLDC1.0 works on phones that support JSR-82 (a.k.a JABWT or Java Bluetooth) specication. Examples are Nokia 6600 and Sony Ericsson P900. The following attributes will be shown if they are set in the Bluetooth service record: 0x0100, ServiceName 0x0101, ServiceDescription 0x0102, ProviderName 0x0000, ServiceRecordHandle 0x0003, ServiceID 0x0001, ServiceClassIDList 0x0004, ProtocolDescriptorList 0x0009, BluetoothProleDescriptorList 0x0007, ServiceInfoTimeToLive 0x0008, ServiceAvailability 0x000A, DocumentationURL 0x000B, ClientExecutableURK 0x000C, IconURL

2.17.4 Screenshots / Logo

19

2.18 btChat
2.18.1 Manufacturer
Collin R. Mulliner

2.18.2 Link - Source

http://www.mulliner.org/bluetooth/btchat/

2.18.3 Description
btChat is a Bluetooth based chatting/IM (instant messaging) system

2.18.4 Screenshots / Logo

2.19 BTFS Bluetooth FileSystemMapping

2.19.1 Manufacturer
Collin R. Mulliner

2.19.2 Link - Source

www.mulliner.org/bluetooth/btfs.php

2.19.3 Description
BTFS brings basic Bluetooth support to the lesystem by mapping functions like inquiry (search for Bluetooth devices) and le transfer (via OBEX) to normal le operations. BTFS is a FUSE (Filesystem in USErspace) application. With btfs a simple ls DEVICES shows you all Bluetooth devices within range and cp somele OPUSH/devicename sends the given le to the device (via OBEX).

20

2.20 BthDisc
2.20.1 Manufacturer
mike@lookout.net

2.20.2 Link - Source

www.lookout.net/mike http://archiv.egocrew.de/tools/windows-utilities/bthdisc-00. 00.01.zip http://www.meer-net.com/Info/WindowsXP.html http://security-protocols.com/modules.php?name=News&file= article&sid=1880

2.20.3 Description
Simple command line utility to list discoverable bluetooth devices. Example of win32 bluetooth device/service discovery API. Requires Microsoft Bluetooth Stack (hotx for XP SP1, included w/ XP SP2).

2.21 btScanner
2.21.1 Manufacturer
Pentest

2.21.2 Link - Source

http://www.pentest.co.uk/cgi-bin/viewcat.cgi?cat=downloads&section= 01_bluetooth

2.21.3 Description
btscanner is a tool designed specically to extract as much information as possible from a Bluetooth device without the requirement to pair. A detailed information screen extracts HCI and SDP information, and maintains an open connection to monitor the RSSI and link quality. btscanner is based on the BlueZ Bluetooth stack, which is included with recent Linux kernels, and the BlueZ toolset. btscanner also contains a complete listing of the IEEE OUI numbers and class lookup tables. Using the information gathered from these sources it is possible to make educated guesses as to the host device type.

2.21.4 Screenshots / Logo

21

2.22 btXML
2.22.1 Manufacturer
Saftware, Andreas Oberritter, GNU General Public License

2.22.2 Link - Source

www.saftware.de/bluetooth/btxml.c

2.22.3 Description
Creates a backup of the Nokia 6310i (and for Ericsson T610 and T68i) via Bluetooth.

2.22.4 Screenshots / Logo

2.23 Fine Tooth Comb

2.23.1 Manufacturer
The Shmoo Group

2.23.2 Link - Source

http://bluetooth.shmoo.com http://www.oook.cz/bsd/bluetooth.html

2.23.3 Description
A Bluetooth scanner for FreeBSD. This tool tries to nd other Bluetooth devices in three different ways: A periodic inquiry scan About every minute (it varies) discoverable devices are listed. These show up as: ++IRMAC ADDRESS Report devices that try to connect to the scanning host If somebody tries to check what services you are offering, it makes note of what address tried to connect. (It rejects them.) You must have inquiry and page scanning turned on for this to be of use. These show up as: ++CRMAC ADDRESSA for ACL, S for SCODevice Class Brute force It steps through each of the manufacturers listed in ftc manuf.h and tries all possible device IDs. This is very slow! Devices that are found show up as: ++BFMAC ADDRESS If the attempt times out, it will show: BFMAC ADDRESS 22

2.23.4 Screenshots / Logo

2.24 FreeJack
2.24.1 Manufacturer
Software13

2.24.2 Link - Source

http://www.software13.co.uk/freejack/

2.24.3 Description
FreeJack is a Java based BlueJacking application for mobile devices. The aim of this software is to allow the anonymous sending of messages to Bluetooth enabled devices within range.

2.24.4 Screenshots / Logo

2.25 Gnome Bluetooth Subsystem

2.25.1 Manufacturer
Useful Information Company, GPL

2.25.2 Link - Source

http://usefulinc.com/software/gnome-bluetooth/

2.25.3 Description
Current features include: Controller object to manage the discovery of nearby Bluetooth devices Controller will create serial (RFCOMM) connections for clients to devices

23

 libbtcl, a GObject wrapper for Bluetooth functionality An OBEX server, so you can beam les such as pictures, addresses or contacts from other Bluetooth devices to your computer An OBEX push send tool, so you can beam les from your computer to remote devices. Nautilus menu integration

2.25.4 Screenshots / Logo

2.26 Greenplaque
2.26.1 Manufacturer
Kevin Finisterre, Ollie Whitehouse

2.26.2 Link - Source

http://digitalmunition.com

2.26.3 Description
Multi-dongle Bluetooth Hunter / Killer RedFang was a small proof-of-concept application to nd non discoveredable bluetooth devices. Greenplaque on the other hand is an application to nd discoverable bluetooth devices. After being found the device will promptly be slayed.

24

2.26.4 Screenshots / Logo

2.27 HCIDump
2.27.1 Manufacturer
Maxim Krasnyansky

2.27.2 Link - Source

http://linuxcommand.org/man_pages/hcidump8.html

2.27.3 Description
HCIDump is a HCI packet analyzer. It reads raw HCI data coming from and going to a Bluetooth device and prints to screen commands, events and data in a human-readable form.

2.28 Impronto
2.28.1 Manufacturer
Rococo Software

2.28.2 Link - Source

http://rococosoft.com http://www.rococosoft.com/blue_university.html http://www.rococosoft.com/blue_dk.html

2.28.3 Description
Impronto Developer Kit is a standards-based Java tool designed to make building Bluetooth applications easy. Improntos framework hides complex Bluetooth protocols behind standard Java APIs (JSR82), letting developers focus on writing wireless applications rather than on low-level Bluetooth networking issues. The result is faster, easier construction of Bluetooth applications. 25

Support for IrDA - ircomm and irdaobex - which allows access to infrared wireless technologies through standardised specications (Linux Developer Kit only) Provides abstractions of Bluetooth wireless communication using the Java 2 Platform, Micro Edition (J2ME) Generic Connection Framework Based on J2ME Connected Limited Device Conguration (CLDC) Addresses primary Bluetooth proles: Generic Access Prole Service Discovery Prole Serial Port Prole Generic Object Exchange Prole

2.28.4 Screenshots / Logo

2.29 OpenOBEX
2.29.1 Manufacturer
OpenOBEX Sourceforge, LGPL GPL

2.29.2 Link - Source

http://openobex.sourceforge.net/ http://prdownloads.sourceforge.net/openobex/openobex-1. 0.1.tar.gz 26

 http://prdownloads.sourceforge.net/openobex/openobex-apps-1. 0.0.tar.gz

2.29.3 Description
Free open source implementation of the Object Exchange (OBEX) protocol. OBEX is a session protocol and can best be described as a binary HTTP protocol. OBEX is optimized for ad-hoc wireless links and can be used to exchange all kind of objects like les, pictures, calendar entries (vCal) and business cards (vCard). The OpenOBEX Project has a sample IrCp (infrared copy) application and an associated ObexFTP application.

2.30 ObexFTP
2.30.1 Manufacturer
OpenOBEX Sourceforge, LGPL GPL

2.30.2 Link - Source

http://triq.net/obex/ http://openobex.sourceforge.net/ http://prdownloads.sourceforge.net/openobex/obexftp-0. 10.3.tar.gz http://triq.net/obex/examples.html

2.30.3 Description
Free open source implementation of the Object Exchange (OBEX) protocol. OBEX is a session protocol and can best be described as a binary HTTP protocol. OBEX is optimized for ad-hoc wireless links and can be used to exchange all kind of objects like les, pictures, calendar entries (vCal) and business cards (vCard). The common usage for ObexFTP is to access your mobile phones memory to store and retrieve e.g. your phonebook, logos, ringtones, music, pictures and alike.

2.31 PsmScan
2.31.1 Manufacturer
Collin R. Mulliner

2.31.2 Link - Source

http://www.betaversion.net/btdsd/

27

2.31.3 Description
This tool was written as part of the Bluetooth device security database project. Some hardware manufacturers could hide special functions on PSMs (Protocol/Service Multiplexer) without listing them in the SDP database, this tool should nd them. It scans a range of L2CAP PSMs to check if they are open (accept connections)

2.32 RedFang
2.32.1 Manufacturer
Ollie Whitehouse, @stake

2.32.2 Link - Source

http://www.atstake.com http://www.securiteam.com/tools/5JP0I1FAAE.html http://cansecwest.com/csw04/csw04-Whitehouse.pdf

2.32.3 Description
RedFang is an application that nds non-discoverable Bluetooth devices by bruteforcing the last six bytes of the devices Bluetooth address and doing a read remote name().

2.32.4 Screenshots / Logo

2.33 RedSnarf
2.33.1 Manufacturer
Ollie Whitehouse, @stake

2.33.2 Link - Source

http://www.atstake.com http://cansecwest.com/csw04/csw04-Whitehouse.pdf http://www.thebunker.net/security/bluetooth.htm

28

2.33.3 Description
RedSnarf is the @stake implementation of the BlueStumbler/BlueSnarf application: OBEX PULLing / Snarfing. On some makes of devices, it is possible to connect to the device, without alerting the owner of the target device of the request, and gain access to restricted portions of the stored data, including the phonebook, calendar, realtime clock, business card, properties, IMEI. The tool and source code is NOT available!

2.33.4 Screenshots / Logo

29