RedFang is a small proof-of-concept application to find non discoverable Bluetooth devices. This is done by brute forcing the last six (6) bytes of the Bluetooth address of the device and doing a read_remote_name().
RedFang is a Linux-based tool made to find Bluetooth devices in undiscoverable mode. The technology is attributed to Ollie Whitehouse and a small tech enterprise called @stake. It was originally developed as a “proof-of-concept” research resource, and is now a common part of many Bluetooth tutorials on security.RedFang uses a method called brute force to discover previously unknown Bluetooth locations.
-r range i.e. 00803789EE76-00803789EEff -o filename Output Scan to Text Logfile An address can also be manf+nnnnnn, where manf is listed with the -l option and nnnnnn is the tail of the address. All addresses must be 12 characters long -t timeout The connect timeout, this is 10000 by default Which is quick and yields results, increase for reliability -n num The number of dongles -d Show debug information -s Perform Bluetooth Discovery -l Show device manufacturer codes -h Display help
cyborg@cyborg:~$ sudo fang -r D83C6976315E-D83C6976317E -s redfang - the bluetooth hunter ver 2.5 (c)2003 @stake Inc author: Ollie Whitehouse <[email protected]> enhanced: threads by Simon Halsall <[email protected]> enhanced: device info discovery by Stephen Kapp <[email protected]> Scanning 33 address(es) Address range d8:3c:69:76:31:5e -> d8:3c:69:76:31:7e Performing Bluetooth Discovery... Completed. Discovered: ztrelian's phone [D8:3C:69:76:31:6E]