Open sibero80 opened 3 years ago
sibero80
commented
3 years ago Thanks Guillaume! I have been doing longer capture sessions with no success. It might also be on how I'm doing the capture, as I'm using TI's sniffing tool for windows, and then converting the capture file to pcap, so there could be some data loss in the translation. From you experience with Garmin devices, do they still send advertisement packets once paired?
gcelosia
commented
3 years ago Greetings from Colombia! I'm currently trying to sniff BLE traffic for my Garmin smartwatch to determine presence detection for HomeAssistant. I have a both a TI CC2540 and a NRF24 USB dongle, but I've been having a hard time on how to make heads and tails of the ouputs I'm getting.
I've had some success capturing traffig on CC2540 using https://github.com/bergeraaron/SnifferTICC sample:
2#-"uBfO channel:37 ret:0 xfer:56 00 35 00 ED 0D 88 24 30 D6 BE 89 8E 42 25 F7 FB 5D 27 55 58 1E FF 06 00 01 09 20 02 18 08 9F D3 C8 81 F9 BE 64 41 6E 09 AB 1C EC 77 6A 40 52 D2 2D 03 49 76 EE 56 0C 25 channel:37 ret:0 xfer:43 00 28 00 85 00 18 25 23 D6 BE 89 8E 40 18 E6 B1 5B FA CB 45 02 01 1A 02 0A 07 0B FF 4C 00 10 06 06 1D 2F E4 DA 38 D0 F3 34 12 A5 pkt validand with the NRF24 using https://github.com/bettercap/nrf24: sample:
found device AA:2A:A6:82:90 on channel 2 (payload:59488022850554050008d54a920ad4aa27)I'm not a programmer, but I can hack my way around pre-built scritpts. Any pointers if your code could help?
Thanks!
Hi sibero80 !
From my side, I always used a CSR v4.0 Bluetooth USB dongle along with hcitool (using the lescan option) to sniff BLE traffic. Anyway, from your CC2540 trace, I can understand that those advertisement packets are not coming from Garmin but from Microsoft (FF 06 00) and Apple (FF 4C 00). From the NRF24 trace, the payload seems not to be formatted as regular advertisement data are...
To be brief, my code is a Wireshark dissector for advertisement packets coming from Microsoft, Apple and Garmin protocols. What I suggest is: while sniffing BLE traffic with hcitool, open your capture in Wireshark and investigate the received advertisement packets. This way, it'll be easier for you to understand what you receive as the advertisement data are natively parsed by Wireshark.
Thanks Guillaume! I have been doing longer capture sessions with no success. It might also be on how I'm doing the capture, as I'm using TI's sniffing tool for windows, and then converting the capture file to pcap, so there could be some data loss in the translation. From you experience with Garmin devices, do they still send advertisement packets once paired?
No problems sibero80 !
As I mentioned before, the easier way to capture BLE advertisement packets is to get a Linux distro like Ubuntu in which hcitool is natively installed along with a CSR v4.0 Bluetooth USB dongle. Then, while sniffing BLE traffic with the hcitool lescan command, you could open the capture in Wireshark to further investigate parsed advertisement data !
I'll talk about my experience with BLE in general: to me, BLE devices leverage advertisement packets to advertise their presence to nearby devices in order to be paired/connected. As a consequence, once paired, there is no reason for a device to still advertise. Moreover, you should know that most BLE devices are mobile devices. Therefore, to save batteries, it makes sense that devices stop to advertise after being paired.
Greetings from Colombia! I'm currently trying to sniff BLE traffic for my Garmin smartwatch to determine presence detection for HomeAssistant. I have a both a TI CC2540 and a NRF24 USB dongle, but I've been having a hard time on how to make heads and tails of the ouputs I'm getting.
I've had some success capturing traffig on CC2540 using https://github.com/bergeraaron/SnifferTICC sample:
and with the NRF24 using https://github.com/bettercap/nrf24: sample:
found device AA:2A:A6:82:90 on channel 2 (payload:59488022850554050008d54a920ad4aa27)I'm not a programmer, but I can hack my way around pre-built scritpts. Any pointers if your code could help?
Thanks!