This is console application allowing listening and intercepting Bluetooth GATT/LE protocol of certain service. Typical use case is listening messages between some Bluetooth device and client application when communication protocol is unknown.
When started, application registers the same Bluetooth services as target device and waits for client to connect. Then the application mediates in communication allowing to reveal the protocol.
Typical setup consists of BLE server (some third party device), BLE client (e.g. smartphone app) and this interceptor application. To connect all parts perform following steps:
Execute example:
./btgattmitm/main.py --connect=AA:BB:CC:DD:EE:FF
where AA:BB:CC:DD:EE:FF is address of GATT service, then connect within client application to created MITM service.
Some devices require pairing to be performed during first connection.
Program options:
usage: main.py [-h] [--connect CONNECT] [--bt-name BT_NAME]
[--bt-service-uuids [BT_SERVICE_UUIDS [BT_SERVICE_UUIDS ...]]]
[--listen] [--dumpdevice DUMPDEVICE]
[--devicefromcfg DEVICEFROMCFG]
Bluetooth GATT MITM
optional arguments:
-h, --help show this help message and exit
--connect CONNECT BT address to connect to
--bt-name BT_NAME Device name to advertise (override device)
--bt-service-uuids [BT_SERVICE_UUIDS [BT_SERVICE_UUIDS ...]]
List of service UUIDs to advertise (override device)
--listen Automatically subscribe for all notifications from
service
--dumpdevice DUMPDEVICE
Store device configuration to file
--devicefromcfg DEVICEFROMCFG
Load device configuration from file ('connect' not
needed)There are several Android applications allowing writing custom messages and reading data from Bluetooth services. Two among them: