Searching hidden bluetooth devices with software called redfang.
This little tool will find hidden bluetooth devices but it will take a lots of time because it scan through every address from given range.
Example range 00803789EE76-00803789EEff (138 address(es)) take about 50 minutes to scan.
You can download redfang here: redfang.2.5.tar.gz
On this post I will search device:
- 0001e364dd9b Siemens Gigaset SL2 Professional
Which should be really easy to find because I know it’s address.
So I use command fang and give it range 0001e364dd9a to 0001e364dd9d (I know that it’s just four address):
and it found my GigaSet phone called ScriptKiddie =)
When I turn on bluetooth on my Nokia Communicator E90 results will be little different:
Found: PIN1234 [00:1a:89:xx:xx:xx] Getting Device Information.. Connected. LMP Version: 2.0 (0x3) LMP Subversion: 0x6cc Manufacturer: Cambridge Silicon Radio (10) Features: 0xbf 0xee 0x0f 0x46 <3-slot packets> <5-slot packets> <encryption> <slot offset=""> <timing accuracy=""> <role switch=""> <sniff mode=""> <rssi> <channel quality=""> <sco link=""> <hv3 packets=""> <u-law log=""> <a-law log=""> <cvsd> <paging scheme=""> <power control=""> <transparent sco=""> <edr acl="" 2="" mbps=""> <edr acl="" 3="" mbps=""> <inquiry with="" rssi=""> <afh cap.="" slave=""> <afh class.="" slave=""> <3-slot EDR ACL> <5-slot EDR ACL> <afh cap.="" master=""> <afh class.="" master="">
If you just want to find example Nokia phones and your have too much time you can scan through everything under 00-02-EE which will take a lots of time but…
You can find whole list of manufactures and mac-address here: https://standards.ieee.org/products-services/regauth/index.html.
138 address takes 50 mins…
My question then is what real-world uses would this tool have? Even if I target a phone of a specific vendor, that doesn’t look all too promising in finding a valid MAC address in any decent amount of time…
That’s true. We just have to remember that this is just a proof-of-concept application.
It’s difficult to obtain knowledgeable folks on this topic, but you sound like you know what you’re talking about! Thanks