[WinMo] btCrawler

A Bluetooth Diagnostic Tool


In short btCrawler is a simple bluetooth scanner for Windows Mobile based devices. It scans for other visible devices in range and can perform a service query. You can also query for services of your own device and do some selfdiagnostic stuff. In the device list: COD means “Class of Device” (see bluetooth specification for more info). In the output window, when the sdp services are listed, “ChId” means Channel ID, which is the RFCOMM Channel the service is listening on. It supports both, landscape and portrait screens. As of version 1.0 bluejacking and bluesnarfing is supported.

It *should* run on Windows Mobile based devices which meet the following criterias:

– MS Bluetooth Stack (WIDCOMM / Broadcom ist NOT supported)
– Works on: Windows Mobile 5, PPC2003, PPC2003SE, Smartphone 2003, Smartphone 2003SE and Smartphone with WM5




Send bugs and comments to: c0rnholio(*at*)netcologne(*dot*)de

If you like this little program feel free to donate…


Start the .exe and simply press the Scan button to detect devices in range which are in “visible mode”. After devices have been found just press the SDP button to query for services. You can query for own bluetooth profiles by pressing the SelfDiag button. That’s it…

To activate bluesnarfing (Version >= 1.0 PPC only) create the following registry key:

If you don’t know how to create a registry key under CE, then please use your favorite search engine. I will NOT answer any more mails about this.


Then create a new DWORD under this key:

ISC with the value of 1

After that start btCrawler and click on the “Transfer” button. You will then see a new button called “Bluesnarf”.
If you have successfully bluesnarfed a phone the results are saved in a file in vCard format.
You can find a new file called “Bluesnarf.txt” in your root folder.

Phones I know to be vulnerable to bluesnarfing are:

Nokia 6310, 6310i (up to FW Vers. 5.51)
Nokia 8910, 8910i
SE T610 FW:R1A081
SE T630 FW:R4C003
SE T68i FW:R2B025
SE Z600 FW:R2E004
SE Z1010

NOTE: If you have Bluesnarfing enabled, be responsible. Use it for educational purposes only!
I can not be held responsible for anything you do with this code!!!.

Usage for Smartphones

– Start with Menu->Scan
– Press the ACTION Key to get a List of detected devices and choose one
– Select Menu->SDP
– Use the joystick buttons to scroll the results and get back to the device list


(click to enlarge)

Portrait Screenshot    Portrait Screenshot    Portrait Screenshot    Landscape Screenshot    Landscape Screenshot    Landscape Screenshot    Landscape Screenshot    Landscape Screenshot    Landscape Screenshot    Smartphone Screenshot

Planned Features / TODO

– Write documentation
– Configure some BT related stuff in GUI
– Learn how the Broadcom-SDK works and implement support for it


Version History

Changes in v1.1.0 beta – Release Date: 09.02.2007

– Added Bluesnarfing for Smartphones…
– Added Logging (Logfile goes to \My Documents\btc-devicelog.txt)
– Added File Open Dialog to the Transfer Page
– Added an options dialog (in main screen press menu->options)
– Added bluetab exploit (to activate create a dword with the name “ISC-Sploits” and a value of “1” under HKCU\Software\Microsoft\Bluetooth\Mode) Then you will have a new Button in the main screen. There you can active the bluetab sploit. (Reference: Google for Qnix and bluetab) BE RESPONSIBLE!!!
– This is a beta release. Some things may work, others not…If you find a bug, please send me an email.

Changes in v1.0.3 – Release Date: 23.08.2006

– Fixed a bug in the bluesnarfing code…

Changes in v1.0.2 – Release Date: 11.08.2006

– Fixed a bug with the sdp query screen not properly sized – thx to beakmyn

Changes in v1.0.1 – Release Date: 31.07.2006

– Fixed a bug with the program icon not shown
– Fixed a bug in the cab file (shortcut creation)

Changes in v1.0 – Release Date: 27.07.2006

– Redesigned the Smartphone UI. Handling should be better now.
– Added Bluejacking for both PPC and SP
– Added file transfer over BT and IRDA (PPC only)
– Added Bluesnarfing code (PPC only)
– Created CAB installer

Changes in v0.3.2

– Only stuff for PPC users, Smartphone people should stick with v0.3.1
– Made a few GUI changes
– Added some more selfdiag stuff:
– Read own CoD
– Read BT AutoSuspend state
– Read Obex state, enabled protocols and authentication settings
– Read Partners and their trust states

Changes in v0.3.1 (bugfix-release, mainly for SP)
– Fixed a problem in the GUI for devices with WM5 and screensize of 320×240
– Fixed a problem on Smartphone with “Action”-button exits the program.
– Changed button order in Smartphone GUI
– Fixed a sizing problem with the status field in smartphone (these Smartphone-things are so damned tiny…)
– Changed Smartphone GUI. Handling *should* be better. (tested only on emulator since I dont own a SP)

Known Limitations / Bugs in this release:
– Horizontal Scrolling on Smartphone does not work.
– It *may* be that the code is no longer 100% compatible to Smartphone devices with OS < WM5 (e.g. SP2003,SP2003SE)

– Added some service classes in the scan engine (A2DP, A2Sink, A2SRC, SAP)
– Added “SelfDiag” button to check what services the own device provides
– Added support for Smartphone with Windows Mobile 5, SP2003, SP2003SE
– Added a menu to better support navigation in Smartphones

– One program for PPC2003/SE/WM5
– Support for portrait AND landscape mode
– Detection of screen orientation at startup
– GUI changes
– Class of Device (CoD) is now “human readable”

Initial release.

Known Limitations / Bugs:
– Rezising of the GUI due to display orientation change is not working. You have to change to your preferred display orientation before starting btCrawler.


btcrawler-v1.1.0-beta cab file