12

I have the bluetooth mac-id of the target device. The bluetooth however is in hidden/not visible mode.

Both phones are android. (Non-root).

I did my research and I * know * that I can CONNECT to a device (in most cases) if I know the mac-id, however I want to just scan for proximity and NOT connect i.e. if the target device is in bluetooth range and I know its mac-id, can I * just * know if its in proximity (or in loose terms, scan for it?)

Fresh Prince
  • 169
  • 1
  • 1
  • 12

1 Answers1

18

The short answer is no, you cannot discover undiscoverable Bluetooth devices.

Having a device in undiscoverable mode is a security measure implemented by manufacturers to prevent abuses such as device tracking. This make a standard bluetooth adapter (such as yours) completely unable to state whether an invisible/undiscoverable device is close or not.

However, it turns out this kind of security is not optimum and has been broken recently. You can find here Michael Ossmann's work on Ubertooth, a small Bluetooth adapter able to detect undiscoverable devices. You can find here a great presentation of what this is, build this dongle using open source plans and even buy his dongle.

EDIT :

It is possible to know whether a bluetooth device is around, even if he is in an undiscoverable mode, by knowing his full MAC address in the first place.

The technique is to try a PAGE request, sending all the 6 bytes that are composing the seeked Bluetooth host MAC identifier. A PAGE request allows one to connect with a Bluetooth slave when knowing his BT ADDR. Devices that are in undiscoverable mode does not respond to inquiry scan (device discovery intent), but they do respond to page scan which is used by a device wanting to connect to an another previously known device.

You might be able to do what you intend by using Bluesniff, a security proof of concept allowing you to discover hidden devices. It might support page scanning.

Note that this is to be taken as an educational resource, and I do not encourage this kind of practice in a commercial application.

Halim Qarroum
  • 13,985
  • 4
  • 46
  • 71
  • I understand that. Hence my question, IF given the mac-id i.e. the user has in a way consented earlier (or knows from the permission of android list) that he is willingly giving his mac-id which could possibly then have been used. – Fresh Prince Apr 05 '13 at 00:08
  • Thank you for the edit! This seems like something I was looking for..:) – Fresh Prince Apr 05 '13 at 13:12
  • Is there any help, how to initiate a PAGE scan with the MAC address I have? Is there any Android API to do so? Is there any hidden API? – Reaz Murshed Feb 21 '16 at 06:44
  • 2
    No, I really don't believe so. Bluetooth APIs in Android are pretty high level from the developer perspective, plus, Google and Apple tends to go in a model which makes device tracking via Bluetooth difficult for someone developing an app. While reading the Bluetooth specification on HCI (Host Controller Interface) I stumbled upon a section saying that the Bluetooth module may handle Inquiries and filter Page requests without involving the host device. So the Bluetooth chip in your phone may have its own logic to respond to PAGE requests without relying on Android at all. – Halim Qarroum Feb 21 '16 at 12:19