Crash_Override/esp32_bluetooth_classic_sniffer
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

update toc

Browse source
This commit is contained in:
Matheus Eduardo Garbelini 2021-09-08 19:18:21 +08:00
parent 0de8d3fa91
commit e6b337732c
2 changed files with 31 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

29
README.md
View file

@ -6,6 +6,25 @@ This is a reverse engineered <u>**active**</u> BR/EDR sniffer and ESP32 patching
Differently than <u>**passive**</u> sniffers, which do not interact with the BT network (piconet), the **<u>active</u>** sniffer connects itself to the remote BT device (BR/EDR target) and allows testing the BT protocol down to the Baseband layer while guided by a BT host stack such as **[blue-kitchen](https://github.com/bluekitchen/btstack)**. The *BrakTooth* sniffer supports cheap boards such as [ESP32-DOIT](https://www.aliexpress.com/item/1005001757645011.html?spm=a2g0o.productlist.0.0.364151a11nkQYT&algo_pvid=d71a7474-8721-44b8-ac22-2e7de1ebedcb&algo_exp_id=d71a7474-8721-44b8-ac22-2e7de1ebedcb-0&pdp_ext_f=%7B%22sku_id%22%3A%2212000017777037101%22%7D) ($4) or [ESP32-DevKitC](https://www.mouser.com/ProductDetail/Espressif-Systems/ESP32-DevKitC-32U?qs=%252BEew9%252B0nqrCEVvpkdH%2FG5Q%3D%3D) ($10). Differently than <u>**passive**</u> sniffers, which do not interact with the BT network (piconet), the **<u>active</u>** sniffer connects itself to the remote BT device (BR/EDR target) and allows testing the BT protocol down to the Baseband layer while guided by a BT host stack such as **[blue-kitchen](https://github.com/bluekitchen/btstack)**. The *BrakTooth* sniffer supports cheap boards such as [ESP32-DOIT](https://www.aliexpress.com/item/1005001757645011.html?spm=a2g0o.productlist.0.0.364151a11nkQYT&algo_pvid=d71a7474-8721-44b8-ac22-2e7de1ebedcb&algo_exp_id=d71a7474-8721-44b8-ac22-2e7de1ebedcb-0&pdp_ext_f=%7B%22sku_id%22%3A%2212000017777037101%22%7D) ($4) or [ESP32-DevKitC](https://www.mouser.com/ProductDetail/Espressif-Systems/ESP32-DevKitC-32U?qs=%252BEew9%252B0nqrCEVvpkdH%2FG5Q%3D%3D) ($10).
<!-- START doctoc generated TOC please keep comment here to allow auto update -->
<!-- DON'T EDIT THIS SECTION, INSTEAD RE-RUN doctoc TO UPDATE -->
<h5>Table of Contents</h5>
- [Simplified Setup Overview](#simplified-setup-overview)
- [1) Installation](#1-installation)
- [A. Install Linux requirements (Ubuntu 18.04 / 20.04)](#a-install-linux-requirements-ubuntu-1804--2004)
- [B. Flash custom firmware to ESP32](#b-flash-custom-firmware-to-esp32)
- [2) Usage Instructions](#2-usage-instructions)
- [Example 1 - Connect to remote target (Master Role)](#example-1---connect-to-remote-target-master-role)
- [Example 2 - Wait for BT connection (Slave Role)](#example-2---wait-for-bt-connection-slave-role)
- [Example 3 - HCI Bridge Mode (connect with other BT Host stack)](#example-3---hci-bridge-mode-connect-with-other-bt-host-stack)
- [3) Customising BT Host programs (Profiles)](#3-customising-bt-host-programs-profiles)
- [Software Architecture of BrakTooth Sniffer](#software-architecture-of-braktooth-sniffer)
- [Features Overview](#features-overview)
- [Acknowledgements](#acknowledgements)
<!-- END doctoc generated TOC please keep comment here to allow auto update -->
### Simplified Setup Overview ### Simplified Setup Overview
![poc_setup](docs/setup.svg) ![poc_setup](docs/setup.svg)
@ -14,7 +33,7 @@ Differently than <u>**passive**</u> sniffers, which do not interact with the BT
### 1) Installation ### 1) Installation
###### A. Install Linux requirements (Ubuntu 18.04 / 20.04) ##### A. Install Linux requirements (Ubuntu 18.04 / 20.04)
```bash ```bash
git clone https://github.com/Matheus-Garbelini/esp32_bluetooth_classic_sniffer git clone https://github.com/Matheus-Garbelini/esp32_bluetooth_classic_sniffer
@ -23,7 +42,7 @@ cd esp32_bluetooth_classic_sniffer
./build.sh # Build BT Host programs and Wireshark h4bcm dissector ./build.sh # Build BT Host programs and Wireshark h4bcm dissector
``` ```
###### B. Flash custom firmware to ESP32 ##### B. Flash custom firmware to ESP32
Before starting to use *BrakTooth* Sniffer, you need to upload a custom firmware to your ESP32 board: Before starting to use *BrakTooth* Sniffer, you need to upload a custom firmware to your ESP32 board:
@ -49,7 +68,7 @@ You can start the sniffer in as either master or slave role. If you use add `--t
Lastly, the `--bridge-only` only creates the HCI pseudo terminal (/dev/pts/x) so ESP32 can operate as a standard HCI BT controller. You can use this feature to connect any other BT host stack to ESP32. Lastly, the `--bridge-only` only creates the HCI pseudo terminal (/dev/pts/x) so ESP32 can operate as a standard HCI BT controller. You can use this feature to connect any other BT host stack to ESP32.
##### Example 1 - **<u>Connect</u>** to remote target and start both Wireshark live capture and packets summary ##### Example 1 - Connect to remote target (Master Role)
```bash ```bash
./BTSnifferBREDR.py --port=/dev/ttyUSB0 --target=E0:D4:E8:19:C7:69 --live-terminal --live-wireshark ./BTSnifferBREDR.py --port=/dev/ttyUSB0 --target=E0:D4:E8:19:C7:69 --live-terminal --live-wireshark
@ -58,13 +77,13 @@ Lastly, the `--bridge-only` only creates the HCI pseudo terminal (/dev/pts/x) s
<img src="docs/mode_master.png" alt="mode_master" width="600" height="auto" /> <img src="docs/mode_master.png" alt="mode_master" width="600" height="auto" />
</p> </p>
##### Example 2 - **<u>Wait</u>** for BT connections and start both Wireshark live capture and terminal output ##### Example 2 - Wait for BT connection (Slave Role)
```bash ```bash
./BTSnifferBREDR.py --port=/dev/ttyUSB0 --live-terminal --live-wireshark ./BTSnifferBREDR.py --port=/dev/ttyUSB0 --live-terminal --live-wireshark
``` ```
##### Example 3 - Start sniffer in <u>HCI</u> mode (bridge-only) and start both Wireshark live capture and packets summary ##### Example 3 - HCI Bridge Mode (connect with other BT Host stack)
```bash ```bash
./BTSnifferBREDR.py --port=/dev/ttyUSB0 --bridge-only --live-terminal --live-wireshark ./BTSnifferBREDR.py --port=/dev/ttyUSB0 --bridge-only --live-terminal --live-wireshark

7
docs/docs_update.sh Executable file
View file

@ -0,0 +1,7 @@
#!/usr/bin/env bash
# Go to script directory path
cd "$(dirname "$(readlink -f "${BASH_SOURCE}")")"
cd ../
doctoc README.md --github --title "<h5>Table of Contents</h5>"