greatscottgadgets / ubertooth

Software, firmware, and hardware designs for Ubertooth
https://greatscottgadgets.com/ubertoothone/
GNU General Public License v2.0
1.94k stars 433 forks source link

Wireshark doesn't work appropriate with ubertooth one #325

Closed EricESM closed 5 years ago

EricESM commented 6 years ago

This is my first time to use ubertooth one. Trying to capture the data transmission between the smartphone and smartwatch in wireshark. It doesn't matter the data are encrypted. What I need is the timestamp and each transmission's length.

  1. I did: Build Guide
  2. I did: Capturing BLE in Wireshark
  3. I'm able to see all the ADV_*** , SCAN_REQ and SCE_RSP.
  4. First, we unpair the watch and phone. and paired two devices. I am able to observe the pairing process between the watch and cellphone. The only flaw that having is the source and destination address is not showing.
  5. Am I able to follow one connection(master -> salve, salve->master)?

Expected behaviour

I: I'm expecting to able to have the source and destination address between watch and cellphone. II: Also, I'm expecting to oberve the data transmission during app usage. (using smartphone to open album from cellphone.)

Actual behaviour

I: source and destination address are empty. II: after the pairing process, I reviced few empty PDU actions. but nothing else follow up. Eventhough, I open few pictures at the watch from the cellphone's album.

Version information

Operating system: Ubuntu 14.04

**Ubertooth tools version (ubertooth-rx -V): ubertooth 2017-03-R2 (dominicgs@hydrogen) Mon Mar 13 16:03:02 MDT 2017

**libbtbb version: libbtbb-2017-03-R2

**Ubertooth firmware version (ubertooth-util -v): 2017-03-R2 (API :1.02)

Wireshark: 1.12.1

Output

screenshot from 2018-07-21 15_07_38 1 1

EricESM commented 6 years ago

do I have to switch to the older firmware? it seems like the Wireshark using the wrong plugin/decoding format.

update: I used pyshark to open PCAP, I found the advertising address.

screenshot from 2018-07-30 19_06_27 2

The above image shows that info contains "Unknown". I would like to know if this is the transmission between the smartwatch and smartphone while using the APP. @mikeryan

mikeryan commented 5 years ago

The first screenshot shows expected behavior. The source and destination addresses are not in the data packet and are not displayed. To see the addresses, you have to refer to the CONNECT_REQ advertising packet at the beginning of the connection.

Also please update to the latest firmware and host tools, there have been many improvements in both since the versions in your screenshots.