Searching hidden bluetooth devices with software called redfang.
This little tool will find hidden bluetooth devices but it will take a lots of time because it scan through every address from given range.
Example range 00803789EE76-00803789EEff (138 address(es)) take about 50 minutes to scan.
You can download redfang here: redfang.2.5.tar.gz
On this post I will search device:
- 0001e364dd9b Siemens Gigaset SL2 Professional
Which should be really easy to find because I know it’s address.
So I use command fang and give it range 0001e364dd9a to 0001e364dd9d (I know that it’s just four address):
Redfang
and it found my GigaSet phone called ScriptKiddie =)
When I turn on bluetooth on my Nokia Communicator E90 results will be little different:
[cc lang=”bash”]
Found: PIN1234 [00:1a:89:xx:xx:xx]
Getting Device Information.. Connected.
LMP Version: 2.0 (0x3) LMP Subversion: 0x6cc
Manufacturer: Cambridge Silicon Radio (10)
Features: 0xbf 0xee 0x0f 0x46
<3-slot packets>
<5-slot packets>
<3-slot EDR ACL>
<5-slot EDR ACL>
[/cc]
If you just want to find example Nokia phones and your have too much time you can scan through everything under 00-02-EE which will take a lots of time but…
You can find whole list of manufactures and mac-address here: http://standards.ieee.org/regauth/oui/oui.txt.
November 4th, 2009 | 
Category: 
It’s difficult to obtain knowledgeable folks on this topic, but you sound like you know what you’re talking about! Thanks
138 address takes 50 mins…
My question then is what real-world uses would this tool have? Even if I target a phone of a specific vendor, that doesn’t look all too promising in finding a valid MAC address in any decent amount of time…
That’s true. We just have to remember that this is just a proof-of-concept application.