Bluelog - A Highly Configurable Linux Bluetooth Scanner

Bluelog is a portable Linux Bluetooth scanner with optional daemon mode and web front-end, designed for site surveys and traffic monitoring.

It is capable of running for long periods of time in a static location, which is very helpful to determine how many discoverable Bluetooth devices are there in the area.

Since Bluelog is meant to be run unattended, it doesn't have a user interface or require any interaction once started. It features a fully configurable log file format, as well as the ability to log to Syslog for centralized logging over the network.

Note: Bluelog is included in Kali Linux and on the Pwn Pad and Pwn Plug penetration testing devices from Pwnie Express.

Basic Options:

  • -i  - This option tells Bluelog which Bluetooth device you want to scan with. You can use either the HCI device name (like hci2) or the MAC of the local adapter. If you give a device which doesn't exist, Bluelog will fall back on autodetection to find a working device.
  • -o - This is the (optional) filename of the log file to write. The default filename has the format of "bluelog-YYYY-MM-DD-HHMM.log", located in the current directory.
  • -v - Use this option to toggle displaying found devices on the console. Verbose output will also contain device class information and timestamps. Default is disabled.
  • -q - Turn off nonessential terminal output. In normal mode, this means you will only see the start time of the scan and the message indicating proper shutdown. When used with daemon mode (-d), there will be no terminal output at all. The only exception to this option is critical errors, for obvious reasons.
  • -d - This option will daemonize Bluelog so that it runs in the background. You will still see the boilerplate and startup messages, but after that, you will no longer see any info from Bluelog in the terminal.
  • -k - When running an instance of Bluelog in daemon mode, the -k option can be used to kill it.

Logging Options:

  • -n - Use this option to toggle displaying device names for discovered devices. Finding the device name takes extra time during scanning, and occasionally fails. Therefore by not resolving device names, Bluelog can scan faster and more accurately. Default is disabled.
  • -m - This option, if enabled in the build, performs hardware manufacturer lookups of discovered devices via the MAC OUI. The hardware manufacturer will be logged in the standard log file, as well as Bluelog Live. The manufacturer database needs to be installed for this function to work, which makes it prohibitively large for some platforms (such as OpenWRT).
  • -c - This option toggles writing the raw device class to the log file. Enabling this option disables the -f option. Default is disabled.
  • -f - This option takes the device class and interprets it into a more human-friendly format. It will tell you what class the device is and also what it's core capabilities are. For example, the class "0x7a020c" would appear as: "Smart Phone,(Net Capture Obex Audio Phone)". Enabling this option disables the -c option. Default is disabled.
  • -t - Use this option to toggle displaying timestamps for both the start and end of the scan and each new device found in the log file. Default is disabled.
  • -x - Use this option to toggle MAC address obfuscation. With this option enabled, Bluelog will display the manufacturer portion of each discovered MAC, but block out the device specific identifier. Default is disabled.
  • -e - Use this option to toggle CRC32 MAC address encoding. With this option enabled, the discovered MAC addresses will never be logged to disk, rather, each device will have a unique ID generated for it. This prevents privacy concerns during activities such as Bluetooth traffic monitoring. Default is disabled.
  • -a - This option enables "amnesia mode", which causes Bluelog to forget it has seen a particular device after a set amount of time, given here as minutes. When Bluelog encounters a device it has forgotten through this option, it will print it to the logs again as if it was the first time it has been seen, and the time found will be updated.

Output Options:

  • -l - This option switches Bluelog over to Live mode, which uses an automatically updated web page to show results rather than the console and regular log files.
  • -b - This option will set the log format so that the resulting data is suitable for upload to ronin's Bluetooth Profiling Project (BlueProPro). This overrides most other logging options, and disables Bluelog Live.
  • -s - Use this option to toggle Syslog only mode. In this mode, Bluelog will not write its normal log file, and instead, write only to the system log file (/var/log/Syslog). This mode is especially useful when combined with a network aware Syslog daemon, which can be used to add rudimentary central logging to multiple Bluelog nodes.

Bluelog performing a simple scan:
bash:~# bluelog -vtn -o ./example.log
Bluelog (v0.9.9) by MS3FGX
Autodetecting device...OK
Opening output file: ./example.log...OK
Writing PID file: /tmp/
Scan started at [06/20/10 16:58:13] on 00:16:41:B4:9E:1C.
Hit Ctrl+C to end scan.
[05/12/10 16:58:27] 00:1C:62:9E:5D:B8,LG CU575a,0x5a0204
[05/12/10 16:58:27] 00:21:FE:7C:B5:33,Nokia 2600,0x5a0204
[05/12/10 16:58:30] 00:1B:AF:DB:CB:9E,Nokia 6555b,0x5a0204
Closing files and freeing memory...OK

Bluelog Live Themes:

Bluelog Live is fully skinnable through CSS, so you can make your own layout for whatever application or event you wish. Themes currently included with Bluelog are:

  • DigiFAIL
Bluelog Live DigiFAIL Theme

  • BackTrack Linux
Bluelog Live BackTrack Linux Theme

  • Pwnie Express Pwn Plug
Bluelog Live Pwnie Express Pwn Plug Theme

  • OpenWRT
Bluelog Live OpenWRT Theme

No comments

Powered by Blogger.