If you use btscanner, which is a Bluetooth scanner found in Backtrack Linux, a lot like I do then you will notice that the Public OUI list included is pretty far out of date. The OUI or Organizationally Unique Identifier list is what matches MAC addresses to manufacturers or vendors. This is how you can determine who produced a specific product that is talking on a network for instance a Bluetooth device that is attempting to communicate with your phone or your computer.
Organizationally Unique Identifier: What Is OUI Anyway?
A MAC address is made up of twelve hexadecimal characters with the first six being vendor specific. So if you had a MAC address of 00:00:00:1a:2b:3c the first six characters specify the vendor. In the example of 00:00:00:1a:2b:3c we would know that IBM manufactured this product by looking up 00:00:00 in the Organizationally Unique Identifier list. The second part or the last six hexadecimal characters of the MAC address is specific to each device. The OUI list included with btscanner has 7,773 registered MAC address entries while the current OUI list has more than double the entries with 17, 416 vendor specific combinations. This means that most of the time you are having to lookup which vendor created the device you have discovered with btscanner which can become a pain if you are constantly scanning for Bluetooth devices like I am.
Update btscanner’s OUI Information: oui.txt Update
Updating the list is easy using the directions below. The list is called oui.txt and on my current Backtrack server is located in the /usr/local/share directory though I have manually updated btscanner using these directions. I believe the /usr/local/share directory is not the default directory so use locate to find your btscanner oui.txt file. Before we begin make sure to backup your oui.txt file so it can be restored if anything goes wrong. I cannot say enough how important it is to backup any file you modify on Linux before you modify it because if you get into the habit you will always do this and it will save mistakes in the future! Proceed to the instructions below to update the oui.txt.
- Download Latest OUI Information: Use the command below from a Terminal window on Backtrack or whatever Linux version you are using to download the latest OUI information from the IEEE Standards Association web site. If the URL below happens to change look here or search the standards.ieee.org web site.
- root@bt:~/oui# wget http://standards.ieee.org/develop/regauth/oui/oui.txt
- --2013-02-02 21:58:07-- http://standards.ieee.org/develop/regauth/oui/oui.txt
- Resolving standards.ieee.org... 140.98.193.16
- Connecting to standards.ieee.org|140.98.193.16|:80... connected.
- HTTP request sent, awaiting response... 200 OK
- Length: 2808420 (2.7M) [text/plain]
- Saving to: `oui.txt'
- 100%[=====================================================================================================================================================>] 2,808,420 988K/s in 2.8s
- 2013-02-02 21:58:09 (988 KB/s) - `oui.txt' saved [2808420/2808420]
- root@bt:~/oui#
By default the oui.txt file includes lots of information that is not needed for this scenario as btscanner only matches the first six of the MAC address to the name of the manufacturer. There are three examples of entries in the oui.txt file downloaded from the IEEE Standards Association located below. I also included the format description located at the top of the oui.txt file.
- OUI Organization
- company_id Organization
- Address
- 00-00-00 (hex) XEROX CORPORATION
- 000000 (base 16) XEROX CORPORATION
- M/S 105-50C
- 800 PHILLIPS ROAD
- WEBSTER NY 14580
- UNITED STATES
- B8-C6-8E (hex) Samsung Electronics Co.,Ltd
- B8C68E (base 16) Samsung Electronics Co.,Ltd
- #94-1, Imsoo-Dong
- Gumi Gyeongbuk 730-350
- KOREA, REPUBLIC OF
- E0-CB-4E (hex) ASUSTek COMPUTER INC.
- E0CB4E (base 16) ASUSTek COMPUTER INC.
- 15,Li-Te Rd.,Peitou,
- Taipei 112
- TAIWAN, PROVINCE OF CHINA
Notice above that the MAC address is included in hexadecimal or HEX and base 16 and that the manufacturer’s registered address is included. Keep in mind that just because Samsung for instance developed the Bluetooth chip that is being used by a device it does not mean that they manufactured the device as many companies purchase parts for electronics from third party devices.
- Format oui.txt For btscanner: Now run the below command from the same directory where you downloaded the oui.txt file
- root@bt:~/oui# cat oui.txt | grep "(base 16)" > oui-new.txt && /bin/sed -ie "s/ (base 16)\\t\\t/ /g" oui-new.txt
- root@bt:~/oui#
The above command first uses grep to only include the the lines of information that are needed in this instance which is the “base 16” lines of the file where the MAC address is displayed in base 16 format and the manufacturers name is also listed. Next we format the lines so btscanner can read the file properly. Using the same examples from above each vendor OUI will look like the below once the above command has completed.
- 000000 XEROX CORPORATION
- B8C68E Samsung Electronics Co.,Ltd
- E0CB4E ASUSTek COMPUTER INC.
Take a moment to look through the file as its pretty interesting how many manufacturers are listed that you have likely never heard of!
- Move New oui.txt Into Place: Now simply copy the oui-new.txt file to the location of the original oui.txt that btscanner uses. In my case I would be copying oui-new.txt to the /usr/local/share directory as shown below.
- root@bt:~/oui# cp -p oui-new.txt /usr/local/share/oui.txt
- root@bt:~/oui#
Next time you start up btscanner it will read the new oui.txt file and almost all of the devices located via btscanner inquiry scans will display the Manufacturer properly!
Hacking Exposed Wireless: Wireless Security Secrets & Colutions (Paperback)
|
||||||||
Network Forensics: Tracking Hackers through Cyberspace (Hardcover)
|
||||||||
