Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add Bluetooth sniffing #3

Open
schollz opened this issue Dec 31, 2016 · 1 comment
Open

Add Bluetooth sniffing #3

schollz opened this issue Dec 31, 2016 · 1 comment
Labels
enhancement hacktoberfest help wanted

Comments

@schollz
Copy link
Owner

schollz commented Dec 31, 2016
edited
Loading

Sniffing

Using a Raspberry Pi 3, compile BlueZ.

Then make sure Bluetooth adapter is up: sudo hciconfig hci0 up.

Then run btmon in the background: sudo btmon &

Then make a scan using: sudo hcitool lescan or sudo hcitool scan

(Source)

Problem

The RSSI and Phone MAC address is only seen when the phone is on the Bluetooth screen. I.e., when any other process is running, it doesn't seem to allow the phone to be discoverable.

When I scan from the Pi3, sudo hcitool scan it gives me the following if I'm not on the Bluetooth screen:

$ sudo hcitool scan
Scanning ...
< HCI Command: Inquiry (0x01|0x0001) plen 5                                            [hci0] 97.534966
        Access code: 0x9e8b33 (General Inquiry)
        Length: 10.24s (0x08)
        Num responses: 0
> HCI Event: Command Status (0x0f) plen 4                                              [hci0] 97.535425
      Inquiry (0x01|0x0001) ncmd 1
        Status: Success (0x00)
> HCI Event: Inquiry Complete (0x01) plen 1                                           [hci0] 107.777731
        Status: Success (0x00)

However, if I goto the Bluetooth screen on my phone, then the scan sees the following:

$ sudo hcitool scan
Scanning ...
< HCI Command: Inquiry (0x01|0x0001) plen 5                                           [hci0] 120.701658
        Access code: 0x9e8b33 (General Inquiry)
        Length: 10.24s (0x08)
        Num responses: 0
> HCI Event: Command Status (0x0f) plen 4                                             [hci0] 120.702118
      Inquiry (0x01|0x0001) ncmd 1
        Status: Success (0x00)
> HCI Event: Extended Inquiry Result (0x2f) plen 255                                  [hci0] 127.292361
        Num responses: 1
        Address: 34:FC:EF:41:E6:F7 (OUI 34-FC-EF)
        Page scan repetition mode: R1 (0x01)
        Page period mode: P0 (0x00)
        Class: 0x5a020c
          Major class: Phone (cellular, cordless, payphone, modem)
          Minor class: Smart phone
          Networking (LAN, Ad hoc)
          Capturing (Scanner, Microphone)
          Object Transfer (v-Inbox, v-Folder)
          Telephony (Cordless telephony, Modem, Headset)
        Clock offset: 0x32cb
        RSSI: -73 dBm (0xb7)
        Name (complete): VS985 4G LTE
        16-bit Service UUIDs (complete): 11 entries
          OBEX Object Push (0x1105)
          OBEX File Transfer (0x1106)
          Audio Source (0x110a)
          A/V Remote Control Target (0x110c)
          Headset AG (0x1112)
          PANU (0x1115)
          NAP (0x1116)
          Handsfree Audio Gateway (0x111f)
          Phonebook Access Server (0x112f)
          PnP Information (0x1200)
          Message Access Server (0x1132)
> HCI Event: Inquiry Complete (0x01) plen 1                                           [hci0] 130.945272
        Status: Success (0x00)
< HCI Command: Remote Name Request (0x01|0x0019) plen 10                              [hci0] 130.945509
        Address: 34:FC:EF:41:E6:F7 (OUI 34-FC-EF)
        Page scan repetition mode: R1 (0x01)
        Page scan mode: Mandatory (0x00)
        Clock offset: 0xb2cb
> HCI Event: Command Status (0x0f) plen 4                                             [hci0] 130.946235
      Remote Name Request (0x01|0x0019) ncmd 1
        Status: Success (0x00)
> HCI Event: Remote Host Supported Features (0x3d) plen 14                            [hci0] 133.437920
        Address: 34:FC:EF:41:E6:F7 (OUI 34-FC-EF)
        Features: 0x0f 0x00 0x00 0x00 0x00 0x00 0x00 0x00
          Secure Simple Pairing (Host Support)
          LE Supported (Host)
          Simultaneous LE and BR/EDR (Host)
          Secure Connections (Host Support)
> HCI Event: Remote Name Req Complete (0x07) plen 255                                 [hci0] 133.440673
        34:FC:EF:41:E6:F7       VS985 4G LTE
        Status: Success (0x00)
        Address: 34:FC:EF:41:E6:F7 (OUI 34-FC-EF)
        Name: VS985 4G LTE

Another way for discovering, but it doesn't get around the above problem:

sudo apt-get install python-gi python-dbus
git clone https://github.com/pauloborges/bluez.git
cd bluez/test
sudo ./test-discovery
@mukowman
Copy link

mukowman commented Jan 3, 2018

You could use the following app on Android to simulate a BLE beacon. Has the option for running in background
https://play.google.com/store/apps/details?id=net.alea.beaconsimulator

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement hacktoberfest help wanted
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mukowman @schollz