Thyrasec Blog / Guide

Building BlueZ – For Defense and Offense

What’s BlueZ

BlueZ is an open-source Bluetooth stack implementation for Linux-based operating systems. The stack implementation has been available since around 1999. A Bluetooth stack is a set of software components that provides the necessary protocols and functionality for Bluetooth communication. BlueZ is widely used on Linux systems to enable Bluetooth connectivity, allowing devices to communicate wirelessly. Originally a Qualcomm project, it’s now supported and developed by the Linux community, with major contributions from other chipset vendors such as Intel.

Key features of BlueZ include support for Bluetooth profiles, such as the Audio/Video Remote Control Profile (AVRCP), Hands-Free Profile (HFP), Advanced Audio Distribution Profile (A2DP), and many others. BlueZ also includes utilities and tools for managing Bluetooth devices, configuring Bluetooth settings, and handling Bluetooth connections. It supports most features of the Bluetooth Specification.

It’s critical to note that BlueZ provides the upper part of the Bluetooth stack called the Host component. To have a fully functioning system, a Bluetooth controller is needed. This is usually done in a dongle or as part of the motherboard or some communication card (like combo Bluetooth – Wi-Fi).

Developed by the Linux community, BlueZ is integrated into various Linux distributions and serves as the default Bluetooth stack for many Linux-based devices. It provides an API for developers to interact with Bluetooth functionality in their applications. The project is actively maintained and evolves to support new Bluetooth standards and features.

Using BlueZ for Offsense and Defense

As Linux’s open source Bluetooth stack, BlueZ is used by countless machines and products. Using the latest BlueZ stack is critical in securing devices. It has had numerous vulnerabilities patched including Bluetooth HID issues we covered in Bluetooth Vulnerabilities in Android, MacOS, iOS, Linux let attackers inject data.

The version of BlueZ that’s available from packages sometimes lags behind the official release, or there are patches that can take time to apply and make their way. During that time a system can be vulnerable. It’s also possible you’re running an OS or distro that’s out of date or not supported anymore and is getting patched manually.

On the other hand, BlueZ is also offensive in nature and can be used to do penetration testing. Running Bluetooth attacks on your product can help you find problems with those products. Running the latest version of BlueZ helps you test the latest Bluetooth features.

Build System

Being Linux’s go to Bluetooth stack, building BlueZ is best done on a Linux machine. You can also do this on a VM. For this tutorial, we’re going to use Ubuntu 22.04.2 LTS that’s running Linux 6.2.0-39-generic. These instructions will work in other Debian based systems.

Required Packages

BlueZ requires quite a few packages. We can use apt to install all of them

$ sudo apt-get install build-essential libglib2.0-dev libdbus-1-dev libudev-dev libical-dev libreadline-dev python3-docutils libelf-dev elfutils libdw-dev libalsa-ocaml-dev libsbc-dev libspeexdsp-dev libjson-c-dev git

With these packages in place, we can then fetch the latest BlueZ. There’s two ways to do this. You can download the latest BlueZ release from https://www.bluez.org/download/. That will typically be behind the latest. To get the latest we can use the BlueZ github repo:

$ git clone https://github.com/bluez/bluez.git

This will clone the bluez git repository and put us in master which will have the latest set of changes. You will have a new folder called bluez.

Another dependency we need is the Embedded Linux Library for mesh support. Simply clone ell:

$ git clone git://git.kernel.org/pub/scm/libs/ell/ell.git

Configuring BlueZ

Now that both bluez and ell are in place (they need to be at the same level in the top directory), we can configure BlueZ. First we need to run a few scripts:

$ cd bluez
$./bootstrap

We can now run configure to get the compilation ready:

$ ./configure --prefix=/usr --mandir=/usr/share/man \
				--sysconfdir=/etc --localstatedir=/var

Now we can finally make and install:

$ make
$ .
$ .
$ make install

Once the build is complete, you can run make install in order to install BlueZ binaries in your system.