Classic/BR sniffing #504
Comments
straithe
added
the
question
|
Can you tell me more about what you mean by "sniff"? |
|
I wanted to be able to capture signals transmitted between a device and a USB BT dongle. Preferably I wanted the ability to act as a man in the middle, but at the very least I wanted to capture and then replay a transmission. Initially I wanted this for Blue Tooth Classic, but later learned the device I was testing actually used only 5 or 6 BT channels and was possibly 2Mbps, but still seemed to be based on BT Classic hardware and not BLE. I attempted to use a HackRF, but the channels are far apart thus I can only capture 2 or maybe 3 at a time with aliasing on the HackRF. There seemed to be a lot of options for BLE pen tests, but not BT Classic. |
|
Did you make any progress on this? I'm in a similar situation |
|
The HackRF only wants to tune 1 of the 79 channels. You can use aliasing to trick it into receiving several channels. I don't recall the exact number, but I think it was 20 or less under ideal conditions, so you'd still miss at least 75% of the data. The dongle I was sniffing only used a few channels but spaced them far apart so it might as well have been 79. I would have needed new hardware to sniff it, but instead I got a new job ;) |
|
Understandable lol. It's very slightly possible with the Just out of interest, since you mentioned other hardware, did you have anything in mind? Been looking around at quite a few research papers, and even they seem to be using the ubertooth. |
|
Yeah, I think I was looking at ubertooth as well. There were lots of cheaper options for sniffing only the advertising channels of BLE, and for 2 or 3 orders of magnitude more money you can sniff all of them. For my application it seemed like ubertooth could capture my handful of fixed channels, but probably only after a lot of low-level hacking. I should poke around with that again... someday... when free time is a thing that exists again... |
2 questions:
The docs say this cannot sniff BR, then they say it can sniff BR, then it can sniff some, then ubertooth-btbr can, but not really. Can it?
More specifically: say I know 5 channels are used by the system under test, can I use an ubertooth to sniff and receive all data from those 5 channels? The channels used are very spread out, so I can't use a HackRF and aliasing.
The text was updated successfully, but these errors were encountered: