Bluetooth Hacks

Connect to the Internet, work with your files, lock your workspace, listen to music and do so much more with the help of Bluetooth technology.

In an effort to bring more comfort and security to listening to music via headphones while cycling, Swedish telecom vendor Ericsson invented Bluetooth—a wireless connectivity technology, which dates back to 1994. Since then, the standards behind Bluetooth have greatly evolved, but it still remains a niche technology, not widely used outside traditional business applications.

How can you benefit from using Linux on a Bluetooth-equipped PC? There are many use cases, some of which are unconventional and even mind-blowing.

Friendly Recon

Bluetooth in Linux is powered by the BlueZ software stack. It includes basic tools for remote device discovery and setup. Using it, you can collect some helpful information about the devices and people around you.

To start, let's see what devices are reachable for local discovery:

hcitool scan

You'll get a list of devices with their BD_ADDR values (similar to MAC) and possibly text descriptions. These descriptions are optional, and some users advisedly leave them blank. But still there's a way to find some information on such devices. You can find the class code of a device if you run the hcitool inq command. After that, you can analyze it with the Bclassify utility, which accepts class code as an input parameter and gives back class disentanglement. Here is the example 0x5a020c code:

atolstoy@linux:~/Downloads/btclassify-master> ./ 
0x5a020c: Phone (Smartphone): Telephony, Object Transfer, 
 ↪Capturing, Networking

Then you can find what services are supported by the device. Here is the sample output:

atolstoy@linux:~> sdptool browse 11:22:33:44:55:66 | 
 ↪grep Service\ Name
Service Name: Headset Gateway
Service Name: Handsfree Gateway
Service Name: Sim Access Server
Service Name: AV Remote Control Target
Service Name: Advanced Audio
Service Name: Android Network Access Point
Service Name: Android Network User
Service Name: OBEX Phonebook Access Server
Service Name: SMS Message Access
Service Name: OBEX Object Push

Note that sdptool works even when the device is not discoverable, but is somewhere nearby. Using that technique, you can discover smartphones, headsets, printers, wearable gadgets and, of course, desktops and laptops. On many Mac OS X systems, Bluetooth is set in discoverable mode silently and forever, plus it carries the owner's name in the device's description, which is perfect for amateur social engineering.

Handle and Browse Your Files

Although a Bluetooth connection is not very speedy when it comes to transferring files, it still is a viable option. In Linux, there are several ways to access your device's memory via Bluetooth, and all of them play with the OBEX protocol.

Figure 1. If your neighborhood is densely populated, you'll see an abundance of ready-to-connect Bluetooth devices.

To make use of it, you'll need a phone or a smartphone that supports ObexFTP service. Most legacy devices do, but some modern Android smartphones don't include ObexFS support by default. Luckily, you easily can fix it by installing a third-party Obex server from Google Play (like this: and re-connecting your device with the Linux PC. After that, both GNOME Bluetooth and Bluedevil will show you an option for browsing the device, and if you click it, a Nautilus/Nemo/Dolphin window will appear with your device's contents.

However, let's go a little further this time and mount a Bluetooth device as a regular filesystem.

Assuming that you know its BD address and created a directory for mounting, do the following:

obexfs -b 11:22:33:44:55:66 /path/to/directory

To unmount it, use the fusermount command:

fusermount -u /path/to/directory

You even can do an auto-mounting of your Bluetooth filesystem in the traditional UNIX-style way. Just add the following line to your /etc/fstab:

obexfs#-b11-22-33-44-55-66 /path/to/directory 
 ↪fuse allow_other 0 0 

By default, only the current user will see the mounted filesystem. That's why the allow_other option is needed. Keep in mind that it might be a security risk to allow everybody to see remote filesystems.

The obexftp command is used for sending and receiving files without mounting a filesystem. You can send any file to your device by issuing a command like this:

obexftp -b 11:22:33:44:55:66 -p /some/file/to.put

The file will land in the default "Received files" directory on your device. To retrieve a file from the phone, just change the command a little:

obexftp -b 11:22:33:44:55:66 -g to.get

where the "to.get" file must reside in the phone's shared folder.


Alexander Tolstoy is a desktop Linux power user and experienced sysadmin, and has been devoted to the Open Source community for years. He installed his first distro from a floppy disk and hasn't seen the Start button ever since.