More on Blue Hydra.

Earlier, I wrote “It runs! It works! Mostly. Kind of.”

I’ve been banging on Blue Hydra in my spare time since Thursday, and I stand by that statement. Here’s what I’ve run into so far.

The README is pretty clear, and I didn’t have any problems installing the required packages. (I don’t have an Ubertooth, so I skipped that one. We’ll come back to the Ubertooth later.)

First problem, which was actually very tiny: I know next to nothing about Ruby, other than that cartoon foxes are somehow involved, so the phrase “With ruby installed add the bundler gem” was more like “I don’t speak your crazy moon language”. Google cleared that up pretty quickly: the magic words are gem install bundler.

Next problem: running bundle install resulted in an error stating that it couldn’t find the Ruby header files. It turns out that, while my Ubuntu installation had Ruby 2.1 installed, it didn’t have the ruby-dev package installed. sudo apt-get install ruby-dev fixed that issue.

Next problem: the SQLIte Ruby gem failed to install when I ran bundle install. It turns out that I also needed the sqlite3-dev package as well. And with that installed, the bundle built, and I could do ./bin/blue_hydra.

Which gave an error stating that it didn’t have permissions to open a handle for write. Okay, let’s try sudo ./bin/blue_hydra (because I always run code from strangers as root on my machine; everyone knows strangers have the best candy). And that actually worked: Blue Hydra launched and ran just fine. In fairness, this may be a configuration issue on my machine, and not an issue with the software itself.

In playing with it, I’ve found that it does what it claims to do. Sort of. It’s been able to detect devices in my small lab environment with Bluetooth discovery turned off, which is impressive. I also like the fact that it stores data into an SQLite database; other Bluetooth scanning tools I’ve played with didn’t do that.

However, it seems to take a while to detect my iPhone; in some instances, it doesn’t detect it at all until I go into Settings->Bluetooth. Once I’m in the Bluetooth settings, even if I don’t make a change, Blue Hydra seems to pick up the iPhone. Blue Hydra also has totally failed to detect another smart phone in my small lab environment (and I have verified that Bluetooth was both on and set to discoverable.)

Now, to be fair, there may be some other things going on:

  • I’ve also observed previously that Bluetooth under Ubuntu 15.10 didn’t work very well. At all. So at one point on Saturday, just for giggles, I upgraded Project e to Ubuntu 16.01.1 LTS. And shockingly (at least for me) Bluetooth works much much better. As in, I can actually pair my phone with Ubuntu and do other Bluetooth related stuff that didn’t work with 15.10. That seems to have mitigated the discovery issues I was seeing with Blue Hydra a little, but not as much as I would have liked. (Edited to add 8/8: Forgot to mention: after I upgraded, I did have to rerun bundle install to get Blue Hydra working again. But the second time, it ran without incident or error, and Blue Hydra worked immediately aftewards (though it still required root).)
  • I was using the Asus built-in Bluetooth adapter in my testing. Also just for giggles, I switched Blue Hydra to use an external USB adapter as well. That didn’t seem to make a difference.
  • In fairness, Blue Hydra may be designed to work best with an Ubertooth One. The temptation is great to pick one of those up. It is also tempting to pick up a BCM20702A0 based external adapter (like this one) partly to see if that works better, partly because I don’t have a Bluetooth LE compatible adapter (and this one is cheap) and partly because the Bluetooth lock stuff is based on that adapter. (Edited to add 8/8: I’m also tempted by this Sena UD100 adapter. It is a little more expensive, but also high power and has a SMA antenna connector. That could be useful.)
  • It may also be that I have an unreasonable expectation. Project e is seven years old at this point, and, while it still runs Ubuntu reasonably well, I do feel some slowness. Also, I think the battery life is slipping, and I’m not sure if replacements are available. I’ve been thinking off and on about replacing it with something gently used from Discount Electronics: something like a Core i5 or Core i7 machine with USB3 and a GPU that will work with hashcat. Maybe. We’ll see. Point is, some of my issues may just be “limits of old hardware” rather than bugs.
  • And who knows? There may very well be some bugs that get fixed after DEFCON.

tl, dr: Blue Hydra is nice, but I’m not yet convinced it is the second coming of Christ that I’ve been waiting for.

4 Responses to “More on Blue Hydra.”

  1. Dan says:

    I’ve recently been through the exact same steps as yourself and struggled to get blue hydra working, but after similar but different steps its finally working, i use a CSR BT Dongle, which doesn’t produce any different results from the internal BT adapter, i also get similar slow to detect devices.

    I’m not complaining i think its amazing tool and BT is proving to be – IF done right very secure, but low power devices seem to be ruining the security!

    My next problem is i DO have an ubertooth but blue hydra does not detect it. My ubertooth is running the most recent firmware as well and i use it for scanning with standard tools. Excited to try and get it working now with my ubertooth!

  2. stainles says:

    Dan:

    Thanks for the comment. It is greatly appreciated, and I’m glad to know I’m not the only one experiencing that behavior.

    As a side note/update, I did purchase this external BlueTooth adapter (as seen in a previous post): it doesn’t seem to have made any difference in terms of iPhone or other device detection with Blue Hydra. I’m still seeing the same issues.

    (Note: I haven’t had a chance to try it with the BlueTooth lock stuff, yet. I also haven’t had a chance to test Blue Hydra with it and something like a FitBit.)

    I wish I could help with the Ubertooth, but I still haven’t bought one to play with yet.

    I’ve been kind of hoping that once things settle down some, the Pwnie/Blue Hydra team will release a code update. If I see or hear anything, I’ll post an update.

  3. Spiralux says:

    Hi there,
    I also don’t speak Ruby and your guide helped me greatly in setting up blueHydra, thanks. I was just tripped up by one other thing and that was forgetting to clone the repository…
    So if anyone else was suffering from late Friday afternoon stupidness

    git clone https://github.com/pwnieexpress/blue_hydra.git

    Thanks again.

  4. stainles says:

    Thanks for the kind words, Spiralux.

    I apologize that I didn’t mention cloning the repo, but I actually just downloaded the ZIP file and extracted it on my machine instead of doing a clone.

    This is the point where someone puts up a photo of a guy with a funny look on his face and the caption, “Bro, do you even git?