I have been playing around with some of the bluetooth tools within Backtrack recently and btscanner is one of the main tools I have bene using. The btscanner application in Backtrack Linux provides two bluetooth scanning functions it calls inquiry scanning and brute force scanning. Unfortunately the package installed with Backtrack 5 release 3 will crash when attempting to use it for brute force scanning however I was able to create a fix that isn’t too messy to accomplish. Below we describe the btscanner crash in more detail and provide a way to get btscanner bluetooth brute forcing operating properly.
btscanner Brute Force Scan Crashes On Backtrack:
btscanner Brute Force Scan Crash Text Summary:
7f240f68a000-7f240f804000 r-xp 00000000 08:01 392498 /lib/libc-2.11.1.so 7f240fa0d000-7f240fa4b000 r-xp 00000000 08:01 392560 /lib/libncurses.so.5.7 7f240fc50000-7f240fc57000 r-xp 00000000 08:01 152164 /usr/lib/libmenu.so.5.7 7f2410067000-7f2410080000 r-xp 00000000 08:01 151535 /usr/lib/libbluetooth.so.3.11.5 7f2410283000-7f241029b000 r-xp 00000000 08:01 392622 /lib/libpthread-2.11.1.so 7f24104a0000-7f24105e6000 r-xp 00000000 08:01 152697 /usr/lib/libxml2.so.2.7.6 7fff22c4e000-7fff22c6f000 rw-p 00000000 00:00 0 [stack] 7fff22c74000-7fff22c75000 r-xp 00000000 00:00 0 [vdso] ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 [vsyscall] Aborted
I didn’t include all of the output from the error above as it would have take a bunch more space in the article. I only wanted to provide an idea of the error shown in the image in text as well just in case someone happens to search for that data later they hopefully be able to find a resolution easier than I did. The btscanner version that comes installed on Backtrack 5 R3 is btscanner 2.0 and can be launched via the Backtrack menu ( Backtrack > Information Gathering > Wireless Analysis > BlueTooth Analysis btscanner ). Everything works fine except for the brute force scan which is initiated once the btscanner interface is running. I assumed that brute force scan attempted to brute force the default bluetooth passkey for all devices located in a inquiry scan or something like that but in reality the brute force scan will scan a range of bluetooth devices and query information from devices that it locates. It is a great function that I had not thought a bunch about but since you can enter a range of bluetooth MAC addresses you could scan an entire vendors bluetooth MAC address range if you were looking for a specific type of bluetooth device at a client location. Anyhow as previously noted the brute force scan does not work in btscanner v2.0 installed on Backtrack however if you continue reading the directions below you will have it working in no time.
Fix btscanner Brute Force Scan On Backtrack Linux:
Before we begin working on unpacking, compiling, and installing the new btscanner make sure to remove the older version first which can easily be done using apt . The default btscanner package installed on Backtrack Linux does not have any dependencies so it should be a snap to remove it as shown below.
Remove btscanner v2.0 From Backtrack Linux:
root@bt:~# apt-get remove btscanner Reading package lists... Done Building dependency tree Reading state information... Done The following packages will be REMOVED: btscanner 0 upgraded, 0 newly installed, 1 to remove and 0 not upgraded. After this operation, 0B of additional disk space will be used. Do you want to continue [Y/n]? Y (Reading database ... 263908 files and directories currently installed.) Removing btscanner ... Processing triggers for desktop-file-utils ... Processing triggers for python-gmenu ... Rebuilding /usr/share/applications/desktop.en_US.utf8.cache... Processing triggers for python-support ... root@bt:~#
First you will need to download my updated package that should work on any version of Backtrack Linux 5 (r1, r2, r3, etc.). Before you download the below btscanner v2.1 patched package for Backtrack 5 R3 create a directory where we can compile the source in /usr/local/src as shown in the below example.
Create btscanner Directory:
root@bt:~# mkdir /usr/local/src/btscanner root@bt:~#
Now click the download link located at the end of the section title below and save the file to /usr/local/sec/btscanner. I also made some .deb packages but in the end its better to just compile from source and since its easy to do follow the instructions below and you will be using btscanner brute force scan before you know it.
Download btscanner Version 2.1 Patched Source For Backtrack Linux: click here
The btscanner v2.1 source that you are downloading has had numerous patches installed and they are in the root directory of the package if you are curious what they accomplish. Once the file downloads, which should be pretty quick as it is only 3.8MB, we need to unpack the gzip compressed tar file using the command that is displayed in the example output below.
Unpack The Patched btscanner Version 2.1-5.1 For Backtrack And Change Directory:
root@bt:/usr/local/src/btscanner# tar -zxvf btscanner-2.1-bt5.tgz btscanner-2.1/ btscanner-2.1/description-pak btscanner-2.1/oui.c btscanner-2.1/btscanner-2.1/ btscanner-2.1/btscanner-2.1/configure.rej btscanner-2.1/btscanner-2.1/Makefile.in.orig btscanner-2.1/btscanner-2.1/Makefile.in.rej btscanner-2.1/btscanner-2.1/configure.orig btscanner-2.1/btscanner-2.1/aclocal.m4.orig btscanner-2.1/btscanner-2.1/configure.in.orig btscanner-2.1/btscanner-2.1/configure.in.rej btscanner-2.1/btscanner-2.1/aclocal.m4.rej ***** MORE OUTPUT CUT ***** root@bt:/usr/local/src/btscanner# root@bt:/usr/local/src/btscanner# cd btscanner-2.1/ root@bt:/usr/local/src/btscanner#
After issuing the two commands in the example above you are not in the btscanner source directory where we will configure, compile, and install btscanner version 2.1. If you run into any issues accomplishing any of the three steps just leave a comment below and we will do our best to help you resolve. Once “make install” is run the btscanner configuration file, which is named btscanner.xml, will be locate in /usr/local/etc/. There are two other supporting files that also get installed including the btscanner.dtd, which is a document type definition file, and the btscanner oui.txt, which stands for Organizational Unique Identifier, which is installed in /usr/local/share/. OUI assignments allow companies to own MAC address space to which they can assign unique MAC addressing to their products and have those MAC addresses identified easily.
Run btscanner Configure Script On Backtrack Linux:
root@bt:/usr/local/src/btscanner/btscanner-2.1# make clean test -z "btscanner" || rm -f btscanner rm -f *.o root@bt:/usr/local/src/btscanner/btscanner-2.1# root@bt:/usr/local/src/btscanner/btscanner-2.1# ./configure checking for a BSD-compatible install... /usr/bin/install -c checking whether build environment is sane... yes checking for gawk... gawk checking whether make sets $(MAKE)... yes checking for gcc... gcc checking whether the C compiler works... yes checking for C compiler default output file name... a.out checking for suffix of executables... checking whether we are cross compiling... no checking for suffix of object files... o checking whether we are using the GNU C compiler... ***** MORE OUTPUT CUT *****
Don’t forget to run make clean before you run the configure scitp. After the configuration script has completed all of its checks proceed below to compile btscanner v2.1 for Backtrack Linux.
Compile btscanner v2.1 On Backtrack 5R3:
root@bt:/usr/local/src/btscanner/btscanner-2.1# make make all-am make: Entering directory `/usr/local/src/btscanner/btscanner-2.1' if gcc -DHAVE_CONFIG_H -I. -I. -I. -I. -I/usr/include/libxml2 -g -O2 -I/usr/include/libxml2 -Wall -pthread -Wshadow -Wbad-function-cast -Wformat -Wparentheses -Wsign-compare -Wstrict-prototypes -Wtrigraphs -Wundef -Wuninitialized -W -Wunused -Wformat-security -Wmissing-braces -Wbad-function-cast -Wcast-qual -falign-functions -falign-labels -falign-loops -pedantic -fstrict-aliasing -D_GNU_SOURCE -std=gnu99 -DCFG_FILE="/usr/local/etc/btscanner.xml" -DCFG_DTD="file:///usr/local/etc/btscanner.dtd" -MT main.o -MD -MP -MF ".deps/main.Tpo" -c -o main.o main.c; then mv -f ".deps/main.Tpo" ".deps/main.Po"; else rm -f ".deps/main.Tpo"; exit 1; fi ***** MORE OUTPUT CUT *****
The application should have compiled without error and you should now be able to install btscanner without issue as shown in the below example output. Notice what files are installed and their locations so if you have to troubleshoot later you can find the three files mentioned above easily.
Install btscanner Version 2.1 On Backtrack:
root@bt:/usr/local/src/btscanner/btscanner-2.1# make install make: Entering directory `/usr/local/src/btscanner/btscanner-2.1' test -z "/usr/local/bin" || mkdir -p -- "/usr/local/bin" /usr/bin/install -c 'btscanner' '/usr/local/bin/btscanner' test -z "/usr/local/etc" || mkdir -p -- "/usr/local/etc" /usr/bin/install -c -m 644 'btscanner.xml' '/usr/local/etc/btscanner.xml' /usr/bin/install -c -m 644 'btscanner.dtd' '/usr/local/etc/btscanner.dtd' test -z "/usr/local/share" || mkdir -p -- "/usr/local/share" /usr/bin/install -c -m 644 'oui.txt' '/usr/local/share/oui.txt' make: Leaving directory `/usr/local/src/btscanner/btscanner-2.1' root@bt:/usr/local/src/btscanner/btscanner-2.1#
W00t… btscanner v2.1 is now installed. I noticed that not only does btscanner v2.1 with the 01 patch fix the brute force scan but it is definitely more stable overall. You should now be able to launch btscanner from any location. If all goes well when you launch btscanner it should display similar to the example image below.
**NOTE** You can now run btscanner from the command line in Backtrack by typing “btscanner” however you prefer a menu item similar to what was there before then read this article about creating a new menu item.
btscanner V2.1 On Backtrack 5 R3: