search

greatscottgadgets / ubertooth

Software, firmware, and hardware designs for Ubertooth
https://greatscottgadgets.com/ubertoothone/
GNU General Public License v2.0
1.94k stars 433 forks source link

ubertooth-btle seems to freeze after a session (~30-40mins) of btle scanning #326

Closed gcelosia closed 5 years ago

gcelosia commented 6 years ago

Steps to reproduce

  1. Flashing the Ubertooth One with the 2018-06-R1 firmware
  2. sudo ubertooth-btle -f

Expected behaviour

Scan for nearby BLE advertisements until a CONNECT_REQ is received (after the reception of the CONNECT_REQ, the Ubertooth will follow the connection between the two devices)

Actual behaviour

Crash during the BLE advertisements scanning although any CONNECT_REQ was received

Version information

Operating system: Linux 4.15.0-24-generic #26~16.04.1-Ubuntu SMP x86_64 x86_64 x86_64 GNU/Linux

Ubertooth tools version (ubertooth-rx -V): libubertooth 1.0 (2018-06-R1), libbtbb 1.0 (2018-06-R1)

libbtbb version: 1.0

Ubertooth firmware version (ubertooth-util -v): Firmware version: 2018-06-R1 (API:1.03)

If you are reporting a problem that involves third party software (Wireshark/Kismet/etc), please report the version here.

Output

systime=1532944003 freq=2402 addr=8e89bed6 delta_t=2.086 ms rssi=-92
42 25 e1 c7 79 a4 42 1b 62 79 86 36 4e 94 8c 96 60 0b a2 5f bc e2 38 62 88 eb 51 ba 34 ae 3a 6b 23 94 5a 5d b9 5e 15 de 42 40 
Advertising / AA 8e89bed6 (valid)/ 37 bytes
    Channel Index: 37
    Type:  ADV_NONCONN_IND
    AdvA:  1b:42:a4:79:c7:e1 (random)
    AdvData: 62 79 86 36 4e 94 8c 96 60 0b a2 5f bc e2 38 62 88 eb 51 ba 34 ae 3a 6b 23 94 5a 5d b9 5e 15
Error: attempt to read past end of buffer (1 + 98 > 31)

    Data:  e1 c7 79 a4 42 1b 62 79 86 36 4e 94 8c 96 60 0b a2 5f bc e2 38 62 88 eb 51 ba 34 ae 3a 6b 23 94 5a 5d b9 5e 15
    CRC:   de 42 40

libUSB Error: Pipe error:  (-9)
USB error
mikeryan commented 6 years ago

Try the latest master firmware and host tools, this bug has been fixed there.

gcelosia commented 6 years ago

It's what I do and now the error is different. Instead of having the "libUSB Error: Pipe error: (-9)", I have no error but the output of ubertooth-btle seems to freeze after a session (~30-40mins) of btle scanning.

New version information

Operating system: Linux 4.15.0-24-generic #26~16.04.1-Ubuntu SMP x86_64 x86_64 x86_64 GNU/Linux

Ubertooth tools version (ubertooth-rx -V): libubertooth 1.1 (git-54109a7), libbtbb 1.0 (git-d615b97)

libbtbb version: 1.0

Ubertooth firmware version (ubertooth-util -v): Firmware version: git-54109a7* (API:1.04)

Output

systime=1533030880 freq=2402 addr=8e89bed6 delta_t=0.397 ms rssi=-34
00 24 11 00 11 00 11 00 02 01 06 1a ff 4c 00 02 15 b9 40 7f 30 f5 f8 46 6e af f9 25 55 6b 57 fe 6d 00 01 00 02 b6 f5 8f e3 
Advertising / AA 8e89bed6 (valid)/ 36 bytes
    Channel Index: 37
    Type:  ADV_IND
    AdvA:  65:d1:10:41:3e:fb (random)
    AdvData: 02 01 06 1a ff 4c 00 02 15 b9 40 7f 30 f5 f8 46 6e af f9 25 55 6b 57 fe 6d 00 01 00 02 b6
        Type 01 (Flags)
           00000110
               LE General Discoverable Mode
               BR/EDR Not Supported

        Type ff (Manufacturer Specific Data)
           Company: Apple, Inc.
           Data: 02 15 b9 40 7f 30 f5 f8 46 6e af f9 25 55 6b 57 fe 6d 00 01 00 02 b6

    Data:  11 00 11 00 11 00 02 01 06 1a ff 4c 00 02 15 b9 40 7f 30 f5 f8 46 6e af f9 25 55 6b 57 fe 6d 00 01 00 02 b6
    CRC:   f5 8f e3
ChenYenTing commented 6 years ago

Excuse me do you know what does this "Error : attempt to read past end of buffer" mean ? Is this error a big trouble ?

I try the latest firmware (2018-08) ,it can sniff only broadcast packages but it can't sniff any data.

AliredDevils commented 6 years ago

The same problem for me,whether the bug has been fixed or not? Firmware version: 2018-08-R1 (API:1.05)

gcelosia commented 6 years ago

@ChenYenTing : (1) I don't know what this error means but you can find it in this libbtbb C file (at line 408). In the past, I had the same error but flashing the Ubertooth One with the already compiled 2018-08-R1 firmware (in ubertooth-one-firmware-bin/ directory) solved it. (2) To sniff BLE data with ubertooth-btle, you have to use this tool with the -f (follow) argument in order to firstly capture a CONNECT_REQ between two devices. After capturing this CONNECT_REQ, the Ubertooth will follow the connection between the two devices and sniff the exchanged data. Otherwise, as you noticed, it only sniff "broadcast packages" (called "BLE advertisements").

@davidHisense : To me, the "bug" is always here. I've tried to code from scratch different related ubertooth-btle tools (with a selfmade FIFO queue for BLE packet management, for instance) but I never managed to fix this bug... If you have any tracks on this bug's origin, I'm interested to test other implementations and give you feedback :).

nick990 commented 5 years ago

Same bug for me. Firmware version: 2018-08-R1 (API:1.05) Running ubertooh-btle -n to scan BLE advertisements, it seems to freeze (with no error message) after a session of variable length. During my last tests I've obtained several sessions duration before freezing: 6 min, 15 min, 28 min, 1.10h.

nick990 commented 5 years ago

@mikeryan

Try the latest master firmware and host tools, this bug has been fixed there.

I've followed the build guide which refers to the latest release 2018-08-R1 and the bug is still present. Is there a new release?

confile commented 5 years ago

I have the same problem. Firmware version: 2018-08-R1 (API:1.05) but I get only broadcast packages.

mostafau commented 5 years ago

It seems after certain time/or for certain cause ubertooth firmware packet queue gets empty. Therefore ubertooth-btle doesn't get any packet from the ubertooth one. I was wondering can there be a issue of handling unexpected size packet in DMA handler at 'le_DMA_IRQHandler' ??

sogewasp commented 4 years ago

Same problem here with 2018-12-R1. After less than 5min capture the output freezes, I get nothing else and I have to stop and restart.

Ubertooth tools were installed from Kali Linux packages:

$ apt show ubertooth
Package: ubertooth
Version: 2018.12.R1-3
Priority: optional
Section: science
Maintainer: Ruben Undheim <ruben.undheim@gmail.com>
Installed-Size: 311 kB
Depends: libubertooth1 (= 2018.12.R1-3), libbluetooth3 (>= 4.91), libbtbb1 (>= 2015.10.R1+20161027git1eecca5), libc6 (>= 2.7), libusb-1.0-0 (>= 2:1.0.8)
Recommends: ubertooth-firmware
Suggests: ubertooth-firmware-source
Homepage: http://ubertooth.sourceforge.net/
Download-Size: 66.3 
...
$ uname -a
Linux kali 5.3.0-kali2-amd64 #1 SMP Debian 5.3.9-3kali1 (2019-11-20) x86_64 GNU/Linux
attila123 commented 2 years ago

Hello, I had the same issue all the time in an environment where I measured about 750 BTLE packets / second (on channel 37 alone, did not check the others). The capturing stopped in minutes. Sometimes it could run for several minutes, but I did not try to see the max time etc as I was busy. I had the Ubertooth One firmware upgraded to the latest one. The ubertooth package is installed from AUR (https://aur.archlinux.org/packages/ubertooth) pkgbuild script: https://aur.archlinux.org/cgit/aur.git/tree/PKGBUILD?h=ubertooth (latest change from 2021-01-13), and it's 2020.12.R1-1.