Scribd Logo
Upload

Welcome to Scribd!

  • 326 views

    Diy BT Sniffer

    Uploaded by

    Shu Yang Quek
    This document provides instructions for turning a Bluetooth dongle into a Bluetooth sniffer by modifying its firmware and settings. It describes downloading software, checking that the dongle supports firmware updates, backing up the original firmware, flashing updated firmware that will allow sniffing, modifying the vendor and product IDs so the sniffer software can recognize the dongle, testing that everything was updated correctly, and then using the sniffer software to capture Bluetooth traffic. Modifying the firmware and settings requires tools like dfutool and bccmd.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content

    You might also like

    Diy BT Sniffer

    Uploaded by

    Shu Yang Quek
    326 views12 pages
    This document provides instructions for turning a Bluetooth dongle into a Bluetooth sniffer by modifying its firmware and settings. It describes downloading software, checking that the dongle supports firmware updates, backing up the original firmware, flashing updated firmware that will allow sniffing, modifying the vendor and product IDs so the sniffer software can recognize the dongle, testing that everything was updated correctly, and then using the sniffer software to capture Bluetooth traffic. Modifying the firmware and settings requires tools like dfutool and bccmd.

    Original Description:

    Original Title

    Diy Bt Sniffer

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document provides instructions for turning a Bluetooth dongle into a Bluetooth sniffer by modifying its firmware and settings. It describes downloading software, checking that the dongle supports firmware updates, backing up the original firmware, flashing updated firmware that will allow sniffing, modifying the vendor and product IDs so the sniffer software can recognize the dongle, testing that everything was updated correctly, and then using the sniffer software to capture Bluetooth traffic. Modifying the firmware and settings requires tools like dfutool and bccmd.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    326 views12 pages

    Diy BT Sniffer

    Uploaded by

    Shu Yang Quek
    This document provides instructions for turning a Bluetooth dongle into a Bluetooth sniffer by modifying its firmware and settings. It describes downloading software, checking that the dongle supports firmware updates, backing up the original firmware, flashing updated firmware that will allow sniffing, modifying the vendor and product IDs so the sniffer software can recognize the dongle, testing that everything was updated correctly, and then using the sniffer software to capture Bluetooth traffic. Modifying the firmware and settings requires tools like dfutool and bccmd.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 12

    Do It Yourself Bluetooth Sniffer

    a 20 min walkthrough

    Kaept’n Karacho

    May 16, 2007

    Kaept’n Karacho DIY BT Sniffer


    WARNING!

    (This can totally brick your hardware.)

    Kaept’n Karacho DIY BT Sniffer


    Software

    • Frontline Test Equipment FTS4BT


    • Free Download: http://www.fte.com
    • Serial Number (depends on BDADDR)
    • Install!

    Kaept’n Karacho DIY BT Sniffer


    Supported BT-Dongle

    Needed

    • BT-Dongle: CSR BC4 EXT or FLASH


    • Chipset needs flash memory: internal or external
    • BC4 for EDR sniffing

    Should work

    • Fujitsu Siemens - Amazon ASIN: B000CNF1CM


    • Cellink BTA-6030 - Amazon ASIN: B000C6K070

    Kaept’n Karacho DIY BT Sniffer


    Supported?

    # hciconfig hciX revision


    hciX: Type: USB
    BD Address: 00:13:DE:AD:BE:AF ACL MTU: 0:0
    SCO MTU: 0:0
    Build 3683
    Chip version: BlueCore4-External
    Max key size: 56 bit
    SCO mapping: HCI

    Kaept’n Karacho DIY BT Sniffer


    Firmware exchange
    Tools

    • dfutool - update firmware


    • bccmd - modify firmware settings

    both available via bluez-cvs

    CVS checkout

    • modules: libs, utils

    # cvs -d:pserver:anonymous:cvs.bluez.org:/cvsroot\\
    /bluez login
    # cvs -d:pserver:anonymous:cvs.bluez.org:/cvsroot\\
    /bluez co -P $module

    Kaept’n Karacho DIY BT Sniffer


    Compile & install

    # ./bootstrap
    # ./configure --enable-all
    # make
    # make install

    Kaept’n Karacho DIY BT Sniffer


    Backup your firmware

    # dfutool -d hciX archive backup.dfu

    Upgrade your firmware

    • firmware (only for BC4): $InstallDirWindows/Bluetooth


    ComProbe Firmware/airsniffer52b4.dfu

    # dfutool -d hciX update airsniffer52b4.dfu

    Kaept’n Karacho DIY BT Sniffer


    Frontline software checks for vendor id and product id!
    Backup settings

    # bccmd -d hciX pslist -s 0x000f > pskey_backup

    Where is PSI?

    # bccmd -d hciX memtypes


    psi (0x0001) = EEPROM (1)
    psf (0x0002) = EEPROM (1)
    psram (0x0008) = RAM (transient) (2)

    Kaept’n Karacho DIY BT Sniffer


    Change product id

    # bccmd -d hciX psget -s 0x000f 0x02bf


    USB product identifier: 0x0001 (1)
    # bccmd -d hciX psset -s 0x0002 0x02bf 0x0002
    # bccmd -d hciX psget -s 0x000f 0x02bf
    USB product identifier: 0x0002 (2)

    Change vendor id (often optional)

    # bccmd -d hciX psget -s 0x000f 0x02be


    USB vendor identifier: 0x0bf8 (3064)
    # bccmd -d hciX psset -s 0x0002 0x02be 0x0a12
    # bccmd -d hciX psget -s 0x000f 0x02be
    USB vendor identifier: 0x0a12 (2578)

    Kaept’n Karacho DIY BT Sniffer


    Did everything work?

    # bccmd -d hciX coldreset


    # lsusb
    Bus 002 Device 010: ID 0a12:0002 Cambridge
    Silicon Radio, Ltd Bluetooth Dongle (HCI mode)

    Now reboot (Windows). BTW, you could have done everything


    using Windows and the Casira tools.

    Kaept’n Karacho DIY BT Sniffer


    Run the Sniffer

    • run ”Bluetooth ComProbe Maintenance Utility” and press


    ”Check Configuration” button
    • you are now READY TO SNIFF!!!11
    • run ”Air (Basic)”

    Kaept’n Karacho DIY BT Sniffer

    You might also like