diff -ruN btscanner-2.1/Makefile.am btscanner-2.1-lapsearch/Makefile.am --- btscanner-2.1/Makefile.am 2004-11-01 06:55:33.000000000 -0500 +++ btscanner-2.1-lapsearch/Makefile.am 2007-05-21 20:31:14.000000000 -0400 @@ -31,6 +31,7 @@ store.c store.h \ misc.c misc.h \ oui.c oui.h \ + ouicommon.c ouicommon.h \ screen.c screen.h \ ll.c ll.h \ sdp.c sdp.h \ @@ -40,5 +41,8 @@ oui.txt: $(srcdir)/mk_oui_list.pl $(PERL) mk_oui_list.pl -data_DATA = oui.txt +commonoui.txt: + @$(NORMAL_INSTALL) + +data_DATA = oui.txt commonoui.txt sysconf_DATA = btscanner.xml btscanner.dtd diff -ruN btscanner-2.1/btscanner.dtd btscanner-2.1-lapsearch/btscanner.dtd --- btscanner-2.1/btscanner.dtd 2004-11-01 06:56:57.000000000 -0500 +++ btscanner-2.1-lapsearch/btscanner.dtd 2007-05-17 08:12:42.000000000 -0400 @@ -7,7 +7,7 @@ - + + + + diff -ruN btscanner-2.1/cfg.c btscanner-2.1-lapsearch/cfg.c --- btscanner-2.1/cfg.c 2005-08-17 17:12:56.000000000 -0400 +++ btscanner-2.1-lapsearch/cfg.c 2007-05-18 08:28:14.000000000 -0400 @@ -85,6 +85,7 @@ /* globals */ static char *cfg_log = NULL; static char *cfg_oui = NULL; +static char *cfg_ouicmn = NULL; static char *cfg_store = NULL; static char *cfg_file = CFG_FILE; @@ -153,6 +154,8 @@ cfg_log = cfg_copy_content(n); } else if (!xmlStrncmp((const xmlChar*)"oui", n->name, 3)) { cfg_oui = cfg_copy_content(n); + } else if (!xmlStrncmp((const xmlChar*)"commonoui", n->name, 9)) { + cfg_ouicmn = cfg_copy_content(n); } else if (!xmlStrncmp((const xmlChar*)"store", n->name, 5)) { cfg_store = cfg_copy_content(n); } @@ -428,6 +431,10 @@ { return cfg_store; } +const char *cfg_ouicmn_filename(void) +{ + return cfg_ouicmn; +} /* get a rangedef for a particular address */ diff -ruN btscanner-2.1/cfg.h btscanner-2.1-lapsearch/cfg.h --- btscanner-2.1/cfg.h 2004-11-01 06:57:42.000000000 -0500 +++ btscanner-2.1-lapsearch/cfg.h 2007-05-18 08:26:50.000000000 -0400 @@ -52,6 +52,7 @@ const char *cfg_log_filename(void); const char *cfg_summary_filename(void); const char *cfg_oui_filename(void); +const char *cfg_ouicmn_filename(void); const char *cfg_store_filename(void); rangedef_t *cfg_get_range(uint64_t); diff -ruN btscanner-2.1/commonoui.txt btscanner-2.1-lapsearch/commonoui.txt --- btscanner-2.1/commonoui.txt 1969-12-31 19:00:00.000000000 -0500 +++ btscanner-2.1-lapsearch/commonoui.txt 2007-05-21 21:22:17.000000000 -0400 @@ -0,0 +1,72 @@ +prefix,partnum,manufacturer,function,ouivendor +00:07:CF,,,,Anoto AB +00:01:E3,,,,Siemens AG +00:08:2A,,,,Powerwallz Network Security +00:12:1C,,,,PARROT S.A. +00:14:A4,,,,Hon Hai Precision Ind. Co. Ltd. +00:0F:3D,,,,D-Link Corporation +00:16:CE,,,,Hon Hai Precision Ind. Co. Ltd. +00:12:56,,,,LG INFORMATION & COMM. +00:16:75,,,,Motorola MDb +00:15:A0,,,,Nokia Danmark A/S +00:12:EE,,,,Sony Ericsson Mobile Communications AB +00:17:84,,,,Motorola Mobile Devices +00:10:C6,,,,USI +00:17:E2,,,,Motorola Mobile Devices +08:00:28,,,Computer/Palm sized PC-PDA,Texas Instruments +00:16:41,,,Computer/Laptop,USI +00:1A:8A,,,Phone/Mobile,Samsung Electronics Co. Ltd. +00:50:F2,"",Microsoft Keyboard,Keyboard,MICROSOFT CORP. +00:1A:89,,,Phone/Mobile,Nokia Danmark A/S +00:19:A1,,,Phone/Mobile,LG INFORMATION & COMM. +00:19:2D,,,Phone/Mobile,Nokia Corporation +00:18:AF,,,Phone/Smart phone,Samsung Electronics Co. Ltd. +00:12:D1,"",Dell,Laptop,Texas Instruments Inc +00:18:13,,,Phone/Mobile,Sony Ericsson Mobile Communications +00:0C:A7,,,Imaging/Scanner,Metro (Suzhou) Technologies Co. Ltd. +00:13:70,"",Nokia,Phone,Nokia Danmark A/S +00:16:20,,,Phone/Mobile,Sony Ericsson Mobile Communications AB +00:0A:D9,,,Phone/Mobile,Sony Ericsson Mobile Communications AB +00:13:71,H9,Motorola,Headset,Motorola CHS +00:16:FE,,,Computer/Laptop,Alps Electric Co. Ltd +00:0A:94,,,Miscellaneous,ShangHai cellink CO. LTD +00:17:F2,,,Computer/Laptop,Apple Computer +00:0E:07,,,Phone/Mobile,Sony Ericsson Mobile Communications AB +00:07:E0,,,Phone/Smart phone,Palm Inc. +00:07:A4,,,Audio-Video/Headset,GN Netcom Ltd. +00:1A:DC,,,Phone/Mobile,Nokia Danmark A/S +00:0E:6D,,,,Murata Manufacturing Co. Ltd. +00:20:E0,T40,IBM T40,Laptop,Actiontec Electronics Inc. +00:05:4F,,,Audio-Video/Hands free,PRIVATE +00:11:9F,,,,Nokia Danmark A/S +00:19:1F,"",Broadcom,Laptop,Microlink communications Inc. +00:17:D5,,,Phone/Mobile,Samsung Electronics Co. Ltd. +00:02:72,,,Network Device,CC&C Technologies Inc. +00:17:4B,,,Phone/Mobile,Nokia Danmark A/S +00:0F:86,,,Phone/Smart phone,Research In Motion Limited +00:07:61,,,Computer/Desktop,Logitech SA +00:12:47,,,Computer/Palm sized PC-PDA,Samsung Electronics Co. Ltd. +00:14:51,,,Computer/Desktop,Apple Computer Inc. +00:09:2D,,,,High Tech Computer Corp. +00:0F:B3,,,,Actiontec Electronics Inc +00:18:C5,,,Phone/Smart phone,Nokia Danmark A/S +00:12:62,,,,Nokia Danmark A/S +00:15:B9,,,Phone/Mobile,Samsung Electronics Co. Ltd. +00:16:B8,,,Phone/Mobile,Sony Ericsson Mobile Communications +00:0E:9B,,,,Ambit Microsystems Corporation +00:16:CB,,,Computer/Desktop,Apple Computer +00:16:DB,,,Phone/Mobile,Samsung Electronics Co. Ltd. +00:12:D2,CINGULAR 8125,"",Palm sized PC,Texas Instruments +00:17:00,,,,Motorola MDb +00:02:C7,"",Alps Electric Co Ltd,Laptop,ALPS ELECTRIC Co. Ltd. +00:14:A7,,,Phone/Mobile,Nokia Danmark A/S +00:13:10,USBT100,Linksys,USB Dongle,Cisco-Linksys LLC +00:11:24,"","",Laptop,Apple Computer +00:0A:95,"","",Laptop,Apple Computer Inc. +00:0D:93,"","",Laptop,Apple Computer +00:15:2A,,,,Nokia GmbH +00:12:37,"","",Unknown,Texas Instruments +00:E0:03,"","",Phone,NOKIA WIRELESS BUSINESS COMMUN +00:18:A4,"","",Smart phone,Motorola Mobile Devices +00:17:5C,,,,SHARP CORPORATION +00:02:5B,,,,Cambridge Silicon Radio diff -ruN btscanner-2.1/main.c btscanner-2.1-lapsearch/main.c --- btscanner-2.1/main.c 2005-11-21 09:08:34.000000000 -0500 +++ btscanner-2.1-lapsearch/main.c 2007-05-19 20:24:40.000000000 -0400 @@ -77,6 +77,7 @@ #include #include #include +#include /* globals */ hcicfg_t *hcihead = NULL; @@ -223,11 +224,10 @@ struct sigaction act; sigset_t sset; char *cfg_filename = NULL; - -/* + /* printf("gdb ./btscanner %d\n", getpid()); - sleep(5); -*/ + sleep(10); + */ /* get the args */ opterr = 0; @@ -305,6 +305,10 @@ if (ouidb_init(cfg_oui_filename())) exit(0); + /* initialise the common oui db */ + if (ouicmndb_init(cfg_ouicmn_filename())) + exit(0); + /* initialise the linked list functions */ ll_init(); @@ -339,6 +343,7 @@ } /* tidy up */ ouidb_close(); + ouicmndb_close(); ll_free(); log_close(); cfg_cleanup(); diff -ruN btscanner-2.1/oui.h btscanner-2.1-lapsearch/oui.h --- btscanner-2.1/oui.h 2004-08-03 10:34:12.000000000 -0400 +++ btscanner-2.1-lapsearch/oui.h 2007-05-17 08:35:56.000000000 -0400 @@ -32,5 +32,6 @@ int ouidb_init (const char *); char *ouidb_query(bdaddr_t *); int ouidb_close (void); +uint32_t ba2int(bdaddr_t *ba); #endif /* OUI_H */ diff -ruN btscanner-2.1/ouicommon.c btscanner-2.1-lapsearch/ouicommon.c --- btscanner-2.1/ouicommon.c 1969-12-31 19:00:00.000000000 -0500 +++ btscanner-2.1-lapsearch/ouicommon.c 2007-05-18 15:57:18.000000000 -0400 @@ -0,0 +1,188 @@ +/* + * btscanner - Displays the output of Bluetooth scans + * Copyright (C) 2003 Pentest Limited + * + * Written 2003 by Tim Hurman + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation; + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY + * RIGHTS. IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE + * FOR ANY CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY + * DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN + * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + * + * ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, + * COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS SOFTWARE + * IS DISCLAIMED. + */ + +/* + * ouidb.c: Reads in an oui database and stores it in memory + */ +#ifdef HAVE_CONFIG_H +#include +#endif + +#ifdef HAVE_SYS_TYPES_H +#include +#endif + +#ifdef HAVE_STDLIB_H +#include +#endif + +#ifdef HAVE_SYS_SOCKET_H +#include +#endif +#ifdef HAVE_NETINET_IN_H +#include +#endif + +#ifdef HAVE_STRING_H +#include +#endif + +#include +#include +#include +#include + +#ifdef HAVE_SYS_STAT_H +#include +#endif + +#ifdef HAVE_SYS_SOCKET_H +#include +#endif +#ifdef HAVE_NETINET_IN_H +#include +#endif + +#include +#include +#include + +#include "ouicommon.h" + +#define OUICMN_RE "^([0-9a-zA-Z][0-9a-zA-Z]:){2}([0-9a-zA-Z][0-9a-zA-Z],)" + +unsigned int *ouicmn = NULL; +unsigned int ouicmntotal = 0; + +/* Initial size of array for elements, will grow in this increment as well */ +#define OUICMN_SZ 64 + +#define OUICMNDB_SZ 128 +int ouicmndb_init (const char *filename) +{ + FILE *f; + char buf[OUICMNDB_SZ]; + regex_t preg; + regmatch_t pmatch[4]; + int i; + unsigned int allocsize, oui, ouibytes[3]; + + ouicmn = (unsigned int *)malloc(OUICMN_SZ * sizeof(unsigned int)); + if (ouicmn == NULL) { + fprintf(stderr, "%s:malloc(): %s\n", + __FUNCTION__, strerror(errno)); + return 1; + } + allocsize = (OUICMN_SZ * sizeof(unsigned int)); + + i = regcomp(&preg, OUICMN_RE, REG_EXTENDED); + if (i != 0) { + fprintf(stderr, "Unable to compile re: \"%s\"\n", OUICMN_RE); + return 1; + } + + fprintf(stdout, "Opening the Common OUI database\n"); + f = fopen(filename, "r"); + if (NULL == f) { + fprintf(stdout, "Error opening the Common OUI database: %s\n", + strerror(errno)); + return 1; + } + fprintf(stdout, "Reading the Common OUI database\n"); + + while (NULL != fgets(buf, OUICMNDB_SZ, f)) { + if(regexec(&preg, buf, 4, pmatch, 0)) + continue; + + /* allocate more memory if the initial block is full */ + if (allocsize < (ouicmntotal * sizeof(unsigned int))) { + ouicmn = realloc(ouicmn, allocsize + + (OUICMN_SZ * sizeof(unsigned int))); + if (ouicmn == NULL) { + fprintf(stderr, "%s:malloc(): %s\n", + __FUNCTION__, strerror(errno)); + return 1; + } + allocsize += (OUICMN_SZ * sizeof(unsigned int)); + } + + buf[pmatch[0].rm_so+2] = 0; + buf[pmatch[0].rm_so+5] = 0; + buf[pmatch[0].rm_so+8] = 0; + if(sscanf(buf, "%x", &ouibytes[0]) != 1) { + fprintf(stderr, "Error parsing common oui byte " + "records from %s\n", filename); + continue; + } + if(sscanf(buf+3, "%x", &ouibytes[1]) != 1) { + fprintf(stderr, "Error parsing common oui byte " + "records from %s\n", filename); + continue; + } + if(sscanf(buf+6, "%x", &ouibytes[2]) != 1) { + fprintf(stderr, "Error parsing common oui byte " + "records from %s\n", filename); + continue; + } + + /* Pack the OUI bytes into a uint */ + oui = ouibytes[2]; + oui <<= 8; + oui |= ouibytes[1]; + oui <<= 8; + oui |= ouibytes[0]; + + ouicmn[ouicmntotal] = oui; + + ouicmntotal++; + } + + fprintf(stdout, "Finished reading the Common OUI database, %d " + "entries\n", ouicmntotal+1); + fclose(f); + regfree(&preg); + + return 0; +} + +unsigned int ouicmndb_getoui(unsigned int ouiindex) +{ + extern unsigned int *ouicmn; + return ouicmn[ouiindex]; +} + +unsigned int ouicmndb_gettotal(void) +{ + extern unsigned int ouicmntotal; + return ouicmntotal; +} + + +/* close down and cleanup */ +int ouicmndb_close (void) +{ + free(ouicmn); + return 0; +} + diff -ruN btscanner-2.1/ouicommon.h btscanner-2.1-lapsearch/ouicommon.h --- btscanner-2.1/ouicommon.h 1969-12-31 19:00:00.000000000 -0500 +++ btscanner-2.1-lapsearch/ouicommon.h 2007-05-21 21:32:22.000000000 -0400 @@ -0,0 +1,38 @@ +/* + * btscanner - Displays the output of Bluetooth scans + * Copyright (C) 2003 Pentest Limited + * + * Written 2003 by Tim Hurman + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation; + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY + * RIGHTS. IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE + * FOR ANY CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY + * DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN + * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + * + * ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, + * COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS SOFTWARE + * IS DISCLAIMED. + */ + +/* + * ouicommon.h: Reads in a list of common oui's and stores it in memory + */ + +#ifndef OUICOMMON_H +#define OUICOMMON_H + +int ouicmndb_init (const char *); +char *ouicmndb_query(bdaddr_t *); +int ouicmndb_close (void); +unsigned int ouicmndb_getoui(unsigned int ouiindex); +unsigned int ouicmndb_gettotal(void); + +#endif /* OUICOMMON_H */ diff -ruN btscanner-2.1/scan.c btscanner-2.1-lapsearch/scan.c --- btscanner-2.1/scan.c 2005-05-16 05:15:21.000000000 -0400 +++ btscanner-2.1-lapsearch/scan.c 2007-05-19 20:58:26.000000000 -0400 @@ -76,6 +76,7 @@ #include #include #include +#include #include #include #include @@ -672,7 +673,6 @@ return 0; } - /* run the scanning loop */ void *scan_run(void *arg) { @@ -807,3 +807,306 @@ } +bdaddr_t bflap; +int bflap_curr; +pthread_mutex_t scan_bflap_mutex = PTHREAD_MUTEX_INITIALIZER; + +int scan_bflap_getpercentage(void) +{ + int percentage; + int current; + + pthread_mutex_lock(&scan_bflap_mutex); + current = bflap_curr; + pthread_mutex_unlock(&scan_bflap_mutex); + + percentage = (float)(current+1)/ouicmndb_gettotal() * 100; + return ((percentage < 100) ? percentage : 100); +} + +int scan_bflap_init(char *lapstr) +{ + extern bdaddr_t bflap; + extern int bflap_curr; + char locallapstr[12]; + + strncpy(locallapstr, lapstr, sizeof(locallapstr)-1); + + bflap_curr = -1; + + /* Replace ":" with NULL bytes and following 3rd byte for sscanf */ + locallapstr[2] = 0; + locallapstr[5] = 0; + locallapstr[8] = 0; + + /* Faster then memset */ + bflap.b[5] = 0; + bflap.b[4] = 0; + bflap.b[3] = 0; + + if(sscanf(locallapstr+6, "%x", (unsigned int *)&bflap.b[0]) != 1) { + screen_log("Error parsing LAP byte\n"); + return 1; + } + if(sscanf(locallapstr+3, "%x", (unsigned int *)&bflap.b[1]) != 1) { + screen_log("Error parsing LAP byte\n"); + return 1; + } + if(sscanf(locallapstr, "%x", (unsigned int *)&bflap.b[2]) != 1) { + screen_log("Error parsing LAP byte\n"); + return 1; + } + + return 0; +} + +/* run the LAP brute force loop */ +void *bflap_run(void *arg) +{ + sigset_t sset; + hcicfg_t *hci = (hcicfg_t*)arg; + + /* block SIGWINCH, dont give a crap about it */ + memset (&sset, 0, sizeof(sset)); + sigfillset(&sset); + sigdelset(&sset, SIGKILL); + sigdelset(&sset, SIGSTOP); + sigdelset(&sset, SIGTERM); + sigdelset(&sset, SIGINT); + sigdelset(&sset, SIGSEGV); + sigdelset(&sset, SIGUSR1); + if (0 != pthread_sigmask(SIG_SETMASK, &sset, NULL)) + goto bflap_run_leave; + /* signal actions already defined */ + + /* reset the device before we begin */ + if (scan_reset_device(hci->id)) + goto bflap_run_leave; + + /* run loop */ + scan_probe_bflap(hci); + + /* leave */ + bflap_run_leave: + hci->died = 1; + pthread_exit(0); +} + +/* get the next brute force address */ +int scan_bflap_getnext(bdaddr_t *bd) +{ + unsigned int oui; + extern bdaddr_t bflap; + extern int bflap_curr; + extern pthread_mutex_t scan_bflap_mutex; + + pthread_mutex_lock(&scan_bflap_mutex); + bflap_curr++; + pthread_mutex_unlock(&scan_bflap_mutex); + + if (bflap_curr >= (int)ouicmndb_gettotal()) { + return -1; + } + + oui = ouicmndb_getoui(bflap_curr); + bd->b[5] = oui & 0x000000ff; + bd->b[4] = (oui & 0x0000ff00) >> 8; + bd->b[3] = (oui & 0x00ff0000) >> 16; + return 0; +} + +/* brute force probe with LAP information */ +int scan_probe_bflap(hcicfg_t *hci) +{ + int dd, sr, cc=0, rv; + device_t *dev; + char buf[BUFN_SZ], tmp[32]; + uint16_t handle; + struct search_context context; + rangedef_t *range; + uint8_t do_store = 0, uval; + int8_t val; + bdaddr_t ba; + extern bdaddr_t bflap; + + /* populate "ba" with the last 3 bytes of BD_ADDR/LAP */ + memcpy(&ba, &bflap, sizeof(bdaddr_t)); + + /* open the bluetooth device to enquiries */ + dd = hci_open_dev(hci->id); + if (dd < 0) + return -1; + + do_store=cc=0; + while (bts_run_scan && 0 == scan_bflap_getnext(&ba)) { + /* get the rangedef for this particular device */ + range = cfg_get_range(bd2int(&ba)); + if (!range) continue; + + /* read the remote name, see if the device is there */ + sr = hci_read_remote_name(dd, &ba, BUFN_SZ*sizeof(char), buf, 100000); + + /* show the user what we are up to */ + ba2str(&ba, tmp); + screen_log("%s device %s (%d%%)", sr?"Scanned":"Found", + tmp, scan_bflap_getpercentage()); + + if (sr) continue; /* not found */ + + /* get the rest of the info */ + dev = ll_lock_device(&ba); + if (!dev) continue; /* malloc failed or locked */ + + /* state of play */ + ll_lock_list(); + dev->updated = 1; + time(&(dev->last_scanned)); + bacpy(&(dev->bd_scan), &(hci->bdaddr)); + dev->scan_count++; + ll_unlock_list(); + + + /* the name */ + if (!ll_check_got_name(dev)) { + ll_lock_list(); + ll_copy_name(dev, buf); + dev->got_name = 1; + do_store = 1; + ll_unlock_list(); + } + + /* the oui */ + if (!ll_check_got_oui(dev)) { + ll_lock_list(); + dev->oui = ouidb_query(&dev->bdaddr); + dev->got_oui = 1; + ll_unlock_list(); + } + + /* do we need to do any of this */ + if (0 == (range->sf & ~(SF_HCI|SF_RSSI|SF_LQ|SF_TXPWR|SF_SDP))) + goto scan_inquiry_nextdev; + + + /* get a connection */ + handle = find_conn(hci->id, &dev->bdaddr); + if ((uint16_t)-1 == handle) { + if (0 != errno) break; + + cc=1; + if (hci_create_connection(dd, &dev->bdaddr, HCI_DM1 | HCI_DH1, + 0, 0, &handle, 25000) < 0) { + applog(LOG_WARNING, + "%s::hci_create_connection(): Cant create: %s", + __FUNCTION__, strerror(errno)); + goto scan_inquiry_nextdev; + } + + } + + /* the hci info */ + if ((range->sf & SF_HCI) && !ll_check_got_version(dev)) { + if (hci_read_remote_version(dd,handle, &dev->version,20000) == 0) { + ll_lock_list(); + dev->got_version = 1; + do_store = 1; + ll_unlock_list(); + } + } + + if ((range->sf & SF_HCI) && !ll_check_got_features(dev)) { + if (hci_read_remote_features(dd,handle,dev->features,20000) == 0) { + ll_lock_list(); + dev->got_features = 1; + do_store = 1; + ll_unlock_list(); + } + } + + /* TODO: using the new hci API, get the clock off */ + + /* read the RSSI/LQ/TXPWR */ + /* RSSI */ + if (range->sf & SF_RSSI) { + rv = hci_read_rssi(dd, handle, &val, 100); + if (rv < 0) { + applog(LOG_WARNING, + "%s::hci_send_req(): rssi read failed: ", + __FUNCTION__, strerror(errno)); + } + + ll_lock_list(); + dev->rssi_status = rv; + dev->rssi = val; + ll_unlock_list(); + } + + /* LQ */ + if (range->sf & SF_LQ) { + rv = hci_read_link_quality(dd, handle, &uval, 100); + if (rv < 0) { + applog(LOG_WARNING, + "%s::hci_send_req(): lq read failed: ", + __FUNCTION__, strerror(errno)); + } + + ll_lock_list(); + dev->lq_status = rv; + dev->lq = uval; + ll_unlock_list(); + } + + /* TXPWR */ + if (range->sf & SF_TXPWR) { + rv = hci_read_transmit_power_level(dd, handle, 0, &val, 100); + if (rv < 0) { + applog(LOG_WARNING, + "%s::hci_send_req(): tpl read failed: ", + __FUNCTION__, strerror(errno)); + } + + ll_lock_list(); + dev->txpwr_status = rv; + dev->txpwr_type = 0; + dev->txpwr_level = val; + ll_unlock_list(); + } + + + /* read the SDP info */ + if ((range->sf & SF_SDP) && !ll_check_got_sdp(dev)) { + cbuf_t sdpstr; + memset(&sdpstr, 0, sizeof(cbuf_t)); + memset(&context, 0, sizeof(struct search_context)); + sdp_uuid16_create(&(context.group), PUBLIC_BROWSE_GROUP); + scan_sdp(hci, dev, &sdpstr, &context); + + ll_lock_list(); + if(sdpstr.buf) sdpstr.buf[sdpstr.len] = 0; + dev->sdp = sdpstr.buf; + do_store = 1; + ll_unlock_list(); + } + + /* all done */ + scan_inquiry_nextdev: + + /* store the device if needed */ + if (do_store) { + store_device(dev); + do_store = 0; + } + /* unlock */ + ll_unlock_device(dev); + + /* disconnect */ + if (cc) + hci_disconnect(dd, handle, HCI_OE_USER_ENDED_CONNECTION, 10000); + + } + + /* tidy up */ + hci_close_dev(dd); + return 0; +} + diff -ruN btscanner-2.1/scan.h btscanner-2.1-lapsearch/scan.h --- btscanner-2.1/scan.h 2004-08-04 06:05:48.000000000 -0400 +++ btscanner-2.1-lapsearch/scan.h 2007-05-18 15:11:21.000000000 -0400 @@ -32,10 +32,13 @@ /* the private info for the scan thread */ void *scan_run(void *); void *bf_run(void *); +void *bflap_run(void *); int scan_bf_init(bdaddr_t *, bdaddr_t *); int scan_bf_getnext(bdaddr_t *); int scan_bf_getcurr(bdaddr_t *bd); int scan_bf_getpercentage(void); +int scan_probe_bflap(hcicfg_t *hci); +int scan_bflap_init(char *lapstr); #endif /* SCAN_H */ diff -ruN btscanner-2.1/screen.c btscanner-2.1-lapsearch/screen.c --- btscanner-2.1/screen.c 2005-08-17 17:15:59.000000000 -0400 +++ btscanner-2.1-lapsearch/screen.c 2007-05-19 20:33:05.000000000 -0400 @@ -81,6 +81,10 @@ #define BD_RE "^[0-9a-fA-F]{2}:[0-9a-fA-F]{2}:[0-9a-fA-F]{2}:[0-9a-fA-F]{2}:[0-9a-fA-F]{2}:[0-9a-fA-F]{2} *$" #endif +#ifndef LAP_RE +#define LAP_RE "^([0-9a-zA-Z][0-9a-zA-Z]:){2}([0-9a-zA-Z]{2})" +#endif + #ifndef FN_RE #define FN_RE "^[a-zA-Z0-9/.]* *$" #endif @@ -977,6 +981,39 @@ } +/* get the LAP information to brute-force the OUI */ +int screen_init_ouibf(void) +{ + cbuf_t cb; + int dl, ret; + + //screen_init_ouibf_retry: + memset(&cb, 0, sizeof(cbuf_t)); + ret = 0; + for (dl = 1; dl && bts_run; ) { + switch(screen_textbox("Enter LAP bytes", LAP_RE, &cb)) { + case 0: + if (cb.len > 0) { + scan_bflap_init(cb.buf); + screen_log("Starting OUI bruteforce scan with " + "LAP %s", cb.buf); + } else { + ret = 1; + } + + free(cb.buf); + dl = 0; + break; + case -1: + dl = 0; + ret = 1; + break; + } + } + + return ret; +} + /* get the brute force values */ int screen_init_bf(void) { @@ -1184,7 +1221,8 @@ screen_log("%s %s", PACKAGE, VERSION); screen_log("keys: h=help, i=inquiry scan, b=brute force scan," - " a=abort scan, s=save summary, o=select sort, enter=select, Q=quit"); + " l=LAP brute force scan, a=abort scan, s=save summary, " + "o=select sort, enter=select, Q=quit"); /* main screen loop */ do_resize = do_update = ret = 0; @@ -1250,6 +1288,8 @@ switch(ch) { case KEY_EXIT: case 'Q': + screen_log("Stopping all processed for exit." + "\n"); bts_run = 0; break; case KEY_RESIZE: @@ -1276,6 +1316,14 @@ } do_update = 1; break; + case 'l': + if(SCAN_NONE == threader_running() && + 0 == screen_init_ouibf()) { + if (0 == threader_start(SCAN_LAP)) + screen_log("error: no threads started, check the log"); + } + do_update = 1; + break; case 'a': if (SCAN_NONE != threader_running()) { screen_log("aborting scan"); @@ -1285,6 +1333,7 @@ break; case 'h': screen_log("keys: h=help, i=inquiry scan, b=brute force scan," + " l=LAP brute force scan, " " a=abort scan, s=save summary, o=select sort, enter=select," " Q=quit"); break; @@ -1306,6 +1355,12 @@ case 'o': do_update = 1; screen_get_sort(); + break; + default: + /* What causes the -1 input? */ + if (ch != -1) + screen_log("Unrecognized option " + "\"%c\"", ch); } } /* done key setup */ diff -ruN btscanner-2.1/threader.c btscanner-2.1-lapsearch/threader.c --- btscanner-2.1/threader.c 2005-05-16 05:12:27.000000000 -0400 +++ btscanner-2.1-lapsearch/threader.c 2007-05-18 16:41:48.000000000 -0400 @@ -88,6 +88,7 @@ } thread_starter[] = { {SCAN_INQ, "inquiry scan", scan_run}, {SCAN_BF, "brute force scan", bf_run}, + {SCAN_LAP, "LAP brute force scan", bflap_run}, {SCAN_NONE, NULL, NULL}, }; diff -ruN btscanner-2.1/threader.h btscanner-2.1-lapsearch/threader.h --- btscanner-2.1/threader.h 2004-08-03 09:16:00.000000000 -0400 +++ btscanner-2.1-lapsearch/threader.h 2007-05-18 12:55:15.000000000 -0400 @@ -29,7 +29,7 @@ #ifndef THREADER_H #define THREADER_H -enum threader_scan_types { SCAN_NONE=0, SCAN_INQ, SCAN_BF }; +enum threader_scan_types { SCAN_NONE=0, SCAN_INQ, SCAN_BF, SCAN_LAP }; int threader_start(enum threader_scan_types); int threader_stop(void);