Welcome back to my 10th blog on Project Loki!
I do have a request for you the reader. If you happen to know of a Linux bluetooth tool that is not in the list I have came across and believe it would be an interesting one to test on the Raspberry Pi Kali setup. Please let me know. It seems the core tools are over 10 years old and I would think something new must be out there in the Linux world!
Now back to Loki:
So I am still using the StickyPi menu system even though I have not added any tools specifically into the menu system. I do want to pursue the potential but I wanted to be sure Project Loki worked as a Bluetooth Scanner prior to getting stuck on a menu. :-)
So at this point I just touch the Terminal option.
I apologize about the quality of pictures. The Touchscreen is being very glaring tonight and as such the camera is having serious issues getting it focused.
First off let's use the hciconfig command to verify I have bluetooth recognized and running.
As you can see it recognizes my internal bluetooth and it is showing as UP RUNNING.
Good to Go!
Lets use the command hcitool scan to see what can be discovered before going over to our new tools.
Here we can see it discovers 2 devices. One is a tablet and one is a phone. Showing the Mac addresses and names for each.
Now let's see what our new tools can do! sudo btscanner
Just as a reminder, last blog we went over Btscanner: btscanner- "btscanner is a tool designed specifically to extract as much information as possible from a Bluetooth device without the requirement to pair. A detailed information screen extracts HCI and SDP information, and maintains an open connection to monitor the RSSI and link quality. btscanner is based on the BlueZ Bluetooth stack, which is included with recent Linux kernels, and the BlueZ toolset. btscanner also contains a complete listing of the IEEE OUI numbers and class lookup tables. Using the information gathered from these sources it is possible to make educated guesses as to the host device type.btscanner is a tool designed specifically to extract as much information as possible from a Bluetooth device without the requirement to pair. A detailed information screen extracts HCI and SDP information, and maintains an open connection to monitor the RSSI and link quality. btscanner is based on the BlueZ Bluetooth stack, which is included with recent Linux kernels, and the BlueZ toolset. btscanner also contains a complete listing of the IEEE OUI numbers and class lookup tables. Using the information gathered from these sources it is possible to make educated guesses as to the host device type."
Here we have the btscanner "gui". :-)
A better view of the options.
b=brute force scan
So let's hit i for inquiry scan.
Here at the bottom it shows you it has found 2 devices. Or at least the mac addresses seen.
Another full screen view showing bottom and information displayed at top for the 2 devices found.
Here is a zoomed look at the top. You can see a little more information up here including date/time.
By using the arrow key you can toggle between the two.
Before we get into why we want to toggle between the devices, lets type A to abort scan.
Now let's arrow back down to the NS-15T8LTE and hit enter to select.
Here you are provided with a variety of more detailed information including that it is a Computer/Handheld PC-PDA and that it has Networking, Capturing, and Object Transfer as services.
Plenty of more details here so if you were to see an interesting item you had scanned this allows you to look deeper.
Okay, let's take a look at a couple of more tools we downloaded. Starting with bluelog.
From our last blog:
bluelog- "Bluelog is a Linux Bluetooth scanner with optional daemon mode and web front-end, designed for site surveys and traffic monitoring. It’s intended to be run for long periods of time in a static location to determine how many discoverable Bluetooth devices there are in the area."
We are just using it as a long term scanner with logging option right now.
As you can see it is scanning. We can leave this for a length of time unattended and come back later to see what it has found.
Okay, Ctrl-C, our time is done. Since I know I won't find anything more then what it has seen. :-)
A quick ls to display the directory. Here we see the log file for today.
Using handy dandy nano, we nano bluelog-2018-07-18*
There we go, it has found the two mac addresses. No names, just the addresses. But it is logged.
After exiting from nano I wanted to check on Red Fang. The bruteforce scanner.
So type in sudo fang
enter ye olde password
And you can see it start the slow and steady scan of incrementing addresses. This is Sssssllllloooowwww.
But I can see where it would be interesting if left in an area for a long time.
So some useful tools to monitor the bluetooth networks and to even leave in place and brute force devices that are "hidden".
I will continue to look into getting the menu system working but I feel good that this is a working bluetooth security platform and expect to be able to finetune and enjoy it more.
As I mentioned before, if you know of other useful bluetooth linux tools please share over to me and I will see how the work with Project Loki.