Bluetooth Basics

Class 1 External Bluetooth adapter. Provides ~100 yard range.
https://www.antaira.com/PARANI-UD100-G03

Basics of Interaction

hciconfig command is to bluetooth adapters as ifconfig is to linux networking interfaces.
View your device

hciconfig
hci0:	Type: Primary  Bus: USB
	BD Address: 00:01:95:79:EF:89  ACL MTU: 310:10  SCO MTU: 64:8
	UP RUNNING 
	RX bytes:1252 acl:0 sco:0 events:76 errors:0
	TX bytes:2862 acl:0 sco:0 commands:75 errors:0

Can see Bus: USB
Interface name hci0
BD Address (our address) 00:01:95:79:EF:89
Status of our adapter UP RUNNING
ACL MTU: 310:10
- The MTU size for ACL connections. 310 bytes. An ACL buffer size uses 10 packets.
SCO MTU: 64:8
- The MTU size for SCO connection. 64 bytes. An SCO buffer size uses 8 packets.
UP - The interface is in the UP state.
RUNNING - The interface is currently operational.
PSCAN - The interface will respond to page scan messages.

Change the name of Adapter

hciconfig hci0 name 
sudo hciconfig hci0 name SECRET
hciconfig hci0 name

Names cannot be blank and names cannot be in excess of 248 bytes in length
BlueZ stack limits devices to 247 byte name length

Bring Adapter Up/Down

hciconfig 
hci0:	Type: Primary  Bus: USB
	BD Address: 00:01:95:79:EF:89  ACL MTU: 310:10  SCO MTU: 64:8
	UP RUNNING 
	RX bytes:1252 acl:0 sco:0 events:76 errors:0
	TX bytes:2862 acl:0 sco:0 commands:75 errors:0

hciconfig hci0 down
hciconfig hci0 up

Central v Peripheral Mode

See if your adapter is running in central or peripheral mode

hciconfig hci0 lm
hci0:	Type: Primary  Bus: USB
	BD Address: 00:01:95:79:EF:89  ACL MTU: 310:10  SCO MTU: 64:8
	Link mode: PERIPHERAL ACCEPT

Can see we are in peripheral mode
ACCEPT means that the interface will accept new baseband connections from a central device

View Version

hciconfig hci0 version
hci0:	Type: Primary  Bus: USB
	BD Address: 00:01:95:79:EF:89  ACL MTU: 310:10  SCO MTU: 64:8
	HCI Version: 4.0 (0x6)  Revision: 0x2031
	LMP Version: 4.0 (0x6)  Subversion: 0x2031
	Manufacturer: Cambridge Silicon Radio (10)

Enable Discoverable Mode

configure device to be in discoverable mode and allow connections to the interface

sudo hciconfig hci0 piscan
hciconfig hci0 
hci0:	Type: Primary  Bus: USB
	BD Address: 00:01:95:79:EF:89  ACL MTU: 310:10  SCO MTU: 64:8
	UP RUNNING PSCAN ISCAN 
	RX bytes:1278 acl:0 sco:0 events:79 errors:0
	TX bytes:2904 acl:0 sco:0 commands:78 errors:0

If successful you will see PSCAN ISCAN

Disable Discoverable Mode

sudo hciconfig hci0 noscan 
hciconfig 
hci0:	Type: Primary  Bus: USB
	BD Address: 00:01:95:79:EF:89  ACL MTU: 310:10  SCO MTU: 64:8
	UP RUNNING 
	RX bytes:1290 acl:0 sco:0 events:81 errors:0
	TX bytes:2943 acl:0 sco:0 commands:80 errors:0

PSCAN V ISCAN

PSCAN enabled allows connections to the interface
ISCAN places the device in discoverable mode

Place device in discoverable mode but dont accept new connections

sudo hciconfig hci0 noscan 
sudo hciconfig hci0 pscan 
hciconfig hci0 
sudo hciconfig hci0 noscan 
sudo hciconfig hci0 iscan 
hciconfig hci0

Should see UP RUNNING ISCAN in the output of the second hciconfig hci0 command

Restore ability to accept new connections

sudo hciconfig hci0 piscan
hciconfig hci0

should see UP RUNNING PSCAN ISCAN

Spoofing Device Class

There are three types of Bluetooth device classes 1-3.
It is important to have the ability to spoof a device in a different class
Some devices might simply ignore your device if it is of the wrong class.
- i.e. a headset for phone calls might ignore your device if you are not a phone
- case by case basis per manufacturer
change the class for a device
useful site for attaining the codes to act like other devices
https://bluetooth-pentest.narod.ru/software/bluetooth_class_of_device-service_generator.html

hciconfig hci0 class
sudo hciconfig hci0 class 0x3e0100
hciconfig hci0 class
sudo hciconfig hci0 class 0x84010c
hciconfig hci0 class
sudo hciconfig hci0 class 0x050204
hciconfig hci0 class

Scanning for Devices

Basic Scan

hcitool -i hci0 scan
Scanning ...
	98:2C:BC:0E:06:8B	BALTIMORE

Detailed Scan

hcitool -i hci0 scan --info --class
Scanning ...
BD Address:	98:2C:BC:0E:06:8B [mode 1, clkoffset 0x717b]
Device name:	BALTIMORE
Device class:	Computer, Laptop (0x2a410c)

A better example

hcitool -i hci1 scan
Scanning ...
	00:1F:FF:7C:8A:F2	PR BT 9747
	E0:D8:C4:3F:DF:F7	Living Room TV 2
	E0:D4:64:55:20:61	dev #1
	E0:03:6B:60:9B:4D	Samsung CU7000 50 1
	E0:03:6B:5E:34:C4	Samsung CU7000 50

hcitool -i hci1 scan --info --class
Scanning ...

BD Address:	E0:D4:64:55:20:61 [mode 1, clkoffset 0x16c2]
Device name:	dev #1
Device class:	Computer, Laptop (0x7c010c)

BD Address:	E0:03:6B:5E:34:C4 [mode 1, clkoffset 0x6703]
Device name:	Samsung CU7000 50
Device class:	Audio/Video, Video Display and Loudspeaker (0x08043c)

BD Address:	E0:D8:C4:3F:DF:F7 [mode 1, clkoffset 0x6245]
Device name:	Living Room TV 2
Device class:	Audio/Video, Video Display and Loudspeaker (0x28043c)

BD Address:	E0:03:6B:60:9B:4D [mode 1, clkoffset 0x188f]
Device name:	Samsung CU7000 50 1
Device class:	Audio/Video, Video Display and Loudspeaker (0x08043c)

PreviousWifi Capture Filters NextWifi Overview

Last updated 1 year ago