Searching hidden bluetooth devices with software called redfang.
This little tool will find hidden bluetooth devices but it will take a lots of time because it scan through every address from given range.
Example range 00803789EE76-00803789EEff (138 address(es)) take about 50 minutes to scan.
You can download redfang here: redfang.2.5.tar.gz
On this post I will search device:
- 0001e364dd9b Siemens Gigaset SL2 Professional
Which should be really easy to find because I know it’s address.
So I use command fang and give it range 0001e364dd9a to 0001e364dd9d (I know that it’s just four address):
Redfang
and it found my GigaSet phone called ScriptKiddie =)
When I turn on bluetooth on my Nokia Communicator E90 results will be little different:
Getting Device Information.. Connected.
LMP Version: 2.0 (0x3) LMP Subversion: 0x6cc
Manufacturer: Cambridge Silicon Radio (10)
Features: 0xbf 0xee 0x0f 0x46
<3-slot packets>
<5-slot packets>
<encryption>
<slot offset="">
<timing accuracy="">
<role switch="">
<sniff mode="">
<rssi>
<channel quality="">
<sco link="">
<hv3 packets="">
<u-law log="">
<a-law log="">
<cvsd>
<paging scheme="">
<power control="">
<transparent sco="">
<edr acl="" 2="" mbps="">
<edr acl="" 3="" mbps="">
<inquiry with="" rssi="">
<afh cap.="" slave="">
<afh class.="" slave="">
<3-slot EDR ACL>
<5-slot EDR ACL>
<afh cap.="" master="">
<afh class.="" master="">
If you just want to find example Nokia phones and your have too much time you can scan through everything under 00-02-EE which will take a lots of time but…
You can find whole list of manufactures and mac-address here: http://standards.ieee.org/regauth/oui/oui.txt.
November 4th, 2009 | 
Category: 
504 
