Guardian 1.1

   ______                     ___                ___         ___
  / ____/_  ______ __________/ (_)___ _____     <  /        <  /
 / / __/ / / / __ `/ ___/ __  / / __ `/ __ \    / /         / /
/ /_/ / /_/ / /_/ / /  / /_/ / / /_/ / / / /   / /   _     / /
\____/\__,_/\__,_/_/   \__,_/_/\__,_/_/ /_/   /_/   (_)   /_/

Automated bluetooth scanning and pairing tool

This tool requires a bluetooth dongle, and was tested on kali linux

Dependencies – sudo apt install expect bluez* toilet figlet screen

Put all of these scripts in the same folder on linux, chmod ALL of the scripts to 755 (example: sudo chmod 755 master.sh). Once that has been done run ./master.sh to start the program

master.sh

#!/bin/bash
echo
toilet -f slant --metal -t Guardian 1 . 1
echo
echo The purpose of this program is to automatically scan an area continously and automatically pair and connect with available bluetooth devices. In pair.sh, in the expect script, attacks could be loaded against connected devices automatically. This program is a demonstration on the vulnerabilities of bluetooth devices and the importance of bluetooth security. It should not be used for malicious purposes.
echo
echo Starting pairmaster.sh to try and connect with new mac addresses identified by macchecker.sh...
if pidof -x "pairmaster.sh" >/dev/null; then
        toilet --gay -t -f term  pairmaster.sh is already running, restarting pairmaster.sh
        screen -X -S pairmaster kill
else
        toilet --gay -t -f term pairmaster.sh is running
fi
screen -dmS pairmaster ./pairmaster.sh
sleep .25
echo
echo Starting macchecker.sh to organize new data from the bluetooth scanner script scan.sh...
if pidof -x "macchecker.sh" >/dev/null; then
        toilet --gay -t -f term  macchecker.sh is already running, restarting macchecker.sh
        screen -X -S macchecker kill
else
        toilet --gay -t -f term macchecker.sh is running
fi
screen -dmS macchecker ./macchecker.sh
sleep .25
echo
echo Starting scan.sh, a continous bluetoothctl scanner...
if pidof -x "scan.sh" >/dev/null; then
        toilet --gay -t -f term scan.sh is already running, restarting scan.sh
        screen -X -S scan kill
else
        toilet --gay -t -f term scan.sh is running
fi
screen -dmS scan ./scan.sh
sleep .25
echo
echo Displaying screen script information...
sleep .25
screen -r |  toilet --gay -t -f term
echo
echo After connecting to a screen you can detach from it again via ctrl+a and then pressing d.
echo
echo Commands can be run manually from bluetoothctl while this program is running, if desired.
echo They can be entered in terminal via echo '"command" | bluetoothctl'
echo bluetoothctl can also be started and then commands entered directly. \'scan on\', \'pair\', and \'connect\' commands don\'t work with echo.
echo
echo If you accidentally kill a screen, you can restart them all with ./master
echo
echo Also, you can run ./restartmaster.sh to clear bluetoothctl of all devices found from scanning and start scanning from scratch. pairsuccess.txt and connectsuccess.txt will keep data of successful connections regardless of clearing the devices.
echo
echo pairsuccess.txt is a record of all MAC addresses that bluetoothctl was able to successfully pair with. pairsuccess.txt is the same but in regards to connecting after the pairing.
echo
echo pair.sh has the expect script that responds to requests from bluetooth devices. screen -r pairmaster can be monitored and if something responds with a request that is not in pair.sh it can be manually added and then ./restartmaster.sh can be run to try connecting again with the new information in the expect script to now automatically pair with the device. Some devices require user interaction, so you can rename the device this program is running on via bluetoothctl to sound like a device that is trustworthy to be requesting a pairing such as \'Wilmington University Bluetooth Security\' or \'Comcast Bluetooth Security\'
echo
echo And remember, frogs are people too.
echo

restartmaster.sh

#!/bin/bash
echo
echo removing all devices from bluetoothctl scanning logs
sleep .25
echo "remove *" | bluetoothctl
sleep .25
echo
echo Starting...
sleep .25
./master.sh

scan.sh

#!/usr/bin/expect -f
set timeout -1
spawn bluetoothctl
send "scan on \r"
expect eof

macchecker.sh

#!/bin/bash

#The purpose of this script is to analyze mac addresses found by bluetoothctl scanning and when new mac addresses come in, to pass them to a text file for pairing, connecting, analyzing, etc. for scripts that are only interested in doing that to newly found addresses. The idea is that if they are newly found, they are discoverable. If they are discoverable, now is the time to act on them. If a pair can be made, then typically from that point onward, they can be paired with without being discoverable, without the owner of the device knowing.

#creating initial copies of macchecker.txt and macchecker2.txt as they need to be equal as macchecker1.txt will grow larger in comparison, indicating newly found mac address information, and then the while loop will see that it is larger and add that info to newmacs.txt. macchecker txt files are made to be equal to the currently known devices in bluetoothctl.
rm -f macchecker.txt
rm -f macchecker2.txt
bt-device -l >> macchecker2.txt
bt-device -l >> macchecker.txt

echo Monitoring for new MAC information...

#infinite while loop
i="0"
while [ $i -lt 1 ]
do

        #delete macchecker.txt to ensure nothing except what is currently on 'bt-device -l' will show up on the current macchecker.txt file
        rm macchecker.txt -f

        #update alldevicesfound.txt to show all macs that have ever been seen by bt-device -l. This file won't be used by any script and is just for record-keeping
        rm alldevicesfound.txt
        bt-device -l >> alldevicesfound.txt
        #pull mac addresses found from bluetoothctl scans and add them to a new macchecker.txt file
        bt-device -l >> macchecker.txt

        #set variables to equal the file size of current bluetooth mac scan vs the old, to see if anything new has been found. When macchecker.txt is bigger, then that means new MAC(s) have been found
        CURRENT="$(wc -c macchecker.txt | awk '{print $1}')"
        OLD="$(wc -c macchecker2.txt | awk '{print $1}')"

        #for debug when viewing 'screen -r macchecker'
        #echo current scan file size is $CURRENT
        #echo old scan file size is $OLD

        #if the file size on the newer bluetooth scan is larger, then new information has been found
        #The difference, which is the new information, is sent to a file called newmacs.txt which is used by a pairmaster.sh to immediately try to connect to newly found, discoverable bluetooth devices while they are discoverable, which may be a limited window. newmacs.txt is deleted and created from scratch each time so that it only has the newest information, so that old devices aren't tested for connectability multiple times.

        if ((CURRENT > OLD))
        then
                echo New MAC information found!
                #removes newmacs.txt so that only newly found information is placed onto newmacs.txt
                rm newmacs.txt -f
                diff macchecker.txt macchecker2.txt >> newmacs.txt
                cat newmacs.txt | grep -o -E "([[:xdigit:]]{1,2}:){5}[[:xdigit:]]{1,2}"
                echo making a record so I don\'t report it as new again...
                #removing macchecker2.txt so that a new macchecker2.txt can be created that is equal to macchecker.txt
                rm macchecker2.txt
                #creating macchecker2.txt which is now equal to macchecker.txt
                cp macchecker.txt macchecker2.txt
                echo done.
                echo Going back to Monitoring for new MAC information...
                echo
        else
                #to converve system resources while there is no difference to be found, a brief pause between program script runs is put in place.
                sleep .25

        fi
done

pairmaster.sh

#!/bin/bash

#i variable for infinite while loop
i="0"

#master.sh starts pairmaster.sh first, so while macchecker.txt creates newmacs.txt when it needs to, identical newmacs.txt and newmacs2.txt files are created so as not to trigger the if statement with a false positive.

rm newmacs.txt -f
rm newmacs2.txt -f
echo "" >> newmacs.txt
echo "" >> newmacs2.txt

echo Waiting for new MAC addresses to be discovered...

#infinite while loop
while [ $i -lt 1 ]
do

        if diff newmacs.txt newmacs2.txt >/dev/null
        then
                sleep .25
        else
                #make newmacs2.txt match newmacs.txt
                rm newmacs2.txt
                cp newmacs.txt newmacs2.txt

                #make an array from the newmacs2.txt information. We don't want to change newmacs.txt information or use that information directly because macchecker.sh could be updating that file while this script is running. So to be as accurate as possible, we'll use newmacs2.txt to make the array.
                arr=($(grep -o -E "([[:xdigit:]]{1,2}:){5}[[:xdigit:]]{1,2}" newmacs2.txt | sort -u))

                #For loop exports each element of the array to pair.sh to be connected to automatically, one mac address at a time. It waits for pair.sh to finish and then sends the next element until there are no elements (new MACs) left.
                for MAC in "${arr[@]}"
                do
                        export MAC
                        ./pair.sh
                done

                echo
                echo Waiting for new MAC addresses to be discovered...
                echo
        fi
done

pair.sh

#!/usr/bin/expect -f

#timeout set to 60 so the first expect script runs for 60 seconds and if no conditions are met, it moves on to the next, which closes pair.sh. This is necessary to continue in spite of not having the proper response (which you can later manually add). This time could also be increased or decreased for personal preference.
set timeout 60

#opens bluetoothctl
spawn bluetoothctl

#sends the inital pair command to pair with the discoverable mac address
send "pair $env(MAC) \r"

#establishing the i variable for the if statement below
set i 0

#The following code waits for one of the following quoted conditions to be met. exp_continue means to go back to the top of the expect conditions and go through them again. exit means to exit this script and it will be reopened again if pairmaster sends it additional mac addresses.
#The if statement is there to limit the amount of total pairings to 10 (including the initial pairing attempt)
#This is so pairing isn't attempted indefinitely. bluetooth scans can't find anything while pairing is taking place. So, eventually bluetoothctl needs to return back to scanning mode which means this script has to end. Otherwise, the automatic scanning of bluetooth devices will stop.
expect {

                #If the user of the bluetooth device does not accept, or if the pairing is rejected automatically or manually, or if connecting doesn't work this error 'Connected: no' will be thrown. This if statement is set so that the total tries to pair and connect are limited to 1 (the initial pairing request above) + 9 (number required to be greater than 8) attempts. This is so the program only tries to connect to bluetooth devices 10 times per MAC. With only one bluetooth dongle on the raspberry pi I've tested with, it can't scan and pair at the same time. So it's important to stop trying to pair and connect after a time.
                "Connected: no" {
                        if { $i > 8 } {
                                send "exit \r"
                                exp_continue
                        } else {
                                incr i
                                send "pair $env(MAC) \r"
                                exp_continue
                        }
                }

                "Pairing successful" {
                        exec echo $env(MAC) >> pairsuccess.txt
                        send "connect $env(MAC) \r"
                        exp_continue
                }

                "Connection successful" {
                        exec echo $env(MAC) >> connectsuccess.txt
                        send "exit \r"
                        exp_continue
                }
                "Agent unregistered" {
                        expect eof
                        exit 0
                }

                "Confirm passkey" {
                        send "yes\r"
                        exp_continue
                }

                #Typically this error is thrown if the device is not reachable over bluetooth anymore
                "Failed to pair: org.bluez.Error.ConnectionAttemptFailed" {
                        send "exit \r"
                        exp_continue
                }

                "not available" {
                        send "exit \r"
                        exp_continue
                }

                #The device has already been successfully paired with
                "Failed to pair: org.bluez.Error.AlreadyExists" {
                        send "connect $env(MAC) \r"
                        exp_continue
                }

}

#Creates a record of mac addresses that did not have an expect script found and need to have one created.
exec echo $env(MAC) >> expectnotfound.txt
#Ends the program when no expect condition is met (no response was able to be provided by this script using the above conditions).
send "exit \r"
expect eof              
exit 0