Hackerific

last update:

In the last year or so there’s been a fair amount of coverage of the excellent Ubertooth project. Ubertooth One is an open source 2.4 GHz experimentation device, designed for messing with bluetooth, but with a lot of flexibility which gives rise some other very cool features, like spectrum monitoring. I installed the Kismet Spectrum-Tools on a Backtrack Linux box to play with, and thought I’d share a brief howto, along with some images.

The TinyAlarm came about because my brother needed a simple alarm for his drum practice garage - something which will scare someone away, but not go off all night, as he doesn’t live near it. I decided to use an ATTiny45 chip as I had some spare, and thought it was high time I wrote some proper (non-arduino) microcontroller code. Naturally, I decided to use avr-gcc (and friends!). Programming microcontrollers is mostly a matter of manipulating registers; having the correct datasheet for the device you’re using is absolutely essential, and knowing a little about bitwise arithmetic is very useful.

Last year (in my last post!), I had fun scanning for bluetooth devices on a busy road in Bath, UK (where I happen to live), so this year I decided to repeat the experiment. This year, instead of running btscanner, which logs results as a directory per device, I decided to go with running hcitool inq on my debian server, and catting the results into a text file. This unsophisticated approach has the advantages that I get timestamps along with my data, and generate less radio chatter (which was interfering with my wireless network :().

During the middle of January 2010, I (inadvertently) left a bluetooth inquiry scanner running for about four days. I live on a fairly busy street in Bath, so during that time I collected information on almost 1500 bluetooth gadgets, ranging from headsets and car handsfree kits, to phones, PDAs and computers. This article is about some of the patterns I’ve found in the data. But first, some background. Bluetooth enquiry scans can provide a huge amount of information about discoverable bluetooth devices.

The OUI Database

Most networking hardware uses some kind of hardware address. Typically comprised of 6 hexadecimal octets. The first three octets comprise the OUI, or organisationally unique identifier, which identifies the manufacturer. On my MacBook, for example, the MAC address of the ethernet adapter starts with 00:19:E3, and VMWare’s virtual interface starts with 00:50:56. The mappings between code and company are managed by the IEEE, and the OUI database is available for download from the IEEE.