Simple Bluetooth Discovery with Bluelog

Bluelog is a simple Bluetooth scanner that is designed to essentially do just one thing, log all the discoverable devices in the area. It is intended to be used as a site survey tool, identifying the number of possible Bluetooth targets there are in the surrounding environment. This tool only shows visible devices like PCs, phones printers etc. This doesn’t show devices whose visibility is OFF.

Note: Make sure you are not testing this tool on a VM, or if you are, you need to plugin in a USB bluetooth device and attach it to your VM. Also make sure that the device is turned on. Read on for further guidelines.

Options

Syntax: bluelog -i <interface> <options>

Basic Options:

-i <interface>     Sets scanning device, default is “hci0”

-o <filename>     Sets output filename, default is “devices.log”

-v                 Verbose, prints discovered devices to the terminal

-q                 Quiet, turns off nonessential terminal outout

-d                 Enables daemon mode, Bluelog will run in background

-k                 Kill an already running Bluelog process

-l                 Start “Bluelog Live”, default is disabled

 

Logging Options:

-n                 Write device names to log, default is disabled

-m                Write device manufacturer to log, default is disabled

-c                 Write device class to log, default is disabled

-f                 Use “friendly” device class, default is disabled

-t                 Write timestamps to log, default is disabled

-x                 Obfuscate discovered MACs, default is disabled

-e                 Encode discovered MACs with CRC32, default disabled

-b                 Enable BlueProPro log format, see README

 

Advanced Options:

-r <retries>       Name resolution retries, default is 3

-a <minutes>       Amnesia, Bluelog will forget device after given time

-w <seconds>       Scanning window in seconds, see README

-s                 Syslog only mode, no log file. Default is disabled

 

Bluelog Homepage: http://www.digifail.com/software/bluelog.shtml


Lab1 : Scan all Bluetooth Devices and log them to a file.

In this lab we simply scan for all Bluetooth devices around and log them into a file. First we need to check our Bluetooth interfaces. As I said earlier, make sure to be on a physical machine with bluetooth device turned ON. In some laptops, the hotkeys for turning ON/OFF devices doesn’t work well if you are running kali linux. Then you might have to add additional kernel modules to solve the issue. For the following 2 labs, I have used a Lenovo Notebook, which had some issues in the begining running kali linux. Anyway lets proceed.

 

Step 1: Ensure your bluetooth device is working and get it’s MAC.

Command:hciconfig
Bluetooth interface details

From this we can see the Bluetooth device present in our system/machine. Here we have an interface which is hci0.

 

Step 2: Start scanning

Command: bluelog -i hci0 -o /root/Desktop/btdevices.log –v
Blog scanning, devices appearing

Check the file after btdevices.log after a 10 minutes. You can see all the devices which are nearby you/your working machine.

Output file

 


Lab 2 : Logging Additional Information

In this lab, we log additional information l manufacturer, broadcast names and device class.

Command: bluelog -i hci0 -mnc -o /root/Desktop/btdevices2.log –v
Advanced options

Then Check the file btdevices2.log

Output File

Note: Remember scanning is a time consuming process. The more patience you have the better are the results. Also this procedure resembles the process of wardriving. If you have a portable device and can get it around, add up some of your social engineering skills, you get great results.

Ravi Sankar

Recent Posts

Flyphish : Mastering Cloud-Based Phishing Simulations For Security Assessments

Flyphish is an Ansible playbook allowing cyber security consultants to deploy a phishing server in…

10 hours ago

DeLink : Decrypting D-Link Firmware Across Devices With A Rust-Based Library

A crypto library to decrypt various encrypted D-Link firmware images. Confirmed to work on the…

10 hours ago

LLM Lies : Hallucinations Are Not Bugs, But Features As Adversarial Examples

LLMs (e.g., GPT-3.5, LLaMA, and PaLM) suffer from hallucination—fabricating non-existent facts to cheat users without…

10 hours ago

Kali Linux 2024.4 Released, What’s New?

Kali Linux 2024.4, the final release of 2024, brings a wide range of updates and…

5 days ago

Lifetime-Amsi-EtwPatch : Disabling PowerShell’s AMSI And ETW Protections

This Go program applies a lifetime patch to PowerShell to disable ETW (Event Tracing for…

5 days ago

GPOHunter – Active Directory Group Policy Security Analyzer

GPOHunter is a comprehensive tool designed to analyze and identify security misconfigurations in Active Directory…

1 week ago