BlueRanger
BlueRanger is a simple Bash script that uses Bluetooth Link Quality to locate devices by sending L2CAP pings. It determines proximity based on the strength of the connection without requiring authentication.
Description
BlueRanger locates Bluetooth device radios by measuring Link Quality through L2CAP pings, which most devices accept without authentication or authorization. The higher the link quality value, the closer the device in theory. It is useful for finding the physical location of Bluetooth-enabled devices in wireless attack scenarios.
Use a Bluetooth Class 1 adapter for long-range detection and switch to a Class 3 adapter for precise short-range locating. Precision depends on adapter build quality, interference levels, and remote device response. Fluctuations in readings can occur even without device motion.
The tool is a lightweight Bash script, 13 KB in size, dependent on bluez, and authored by JP Dunning.
How It Works
BlueRanger sends L2CAP (Bluetooth) pings to establish a connection between local and remote Bluetooth interfaces. It measures the Link Quality value from these pings, where higher values indicate closer proximity. No authentication or authorization is needed as most devices allow these pings. The script reports proximity changes and link quality, such as FOUND 255/255, and visualizes range with asterisks.
Installation
sudo apt install bluerangerFlags
Examples
blueranger hci1 20:C9:D0:43:4B:D8blueranger -hblueranger hci0 20:C9:D0:43:4B:D8blueranger hci1 AA:BB:CC:DD:EE:FFblueranger hci2 11:22:33:44:55:66/usr/bin/blueranger hci1 20:C9:D0:43:4B:D8