search

greatscottgadgets / ubertooth

Software, firmware, and hardware designs for Ubertooth
https://greatscottgadgets.com/ubertoothone/
GNU General Public License v2.0
1.92k stars 430 forks source link

Help with ubertooth jamming #364

Closed ghost closed 5 years ago

ghost commented 5 years ago

I'm trying to establish a 'classic' bluetooth jamming function on the ubertooth. I looked at the ubertooth-btle jamming implementation an wrote a similar code addition for the bluetooth jamming.

I want to follow a connection and after the hopping sequence is found, i want to jam this connection. My bt_jam function is:

void bt_jam(void)
{
#ifdef TX_ENABLE

    cc2400_set(MANAND, 0x7fff);
    cc2400_set(LMTST, 0x2b22);
    cc2400_set(MDMTST0, 0x334b); // with PRNG
    cc2400_set(GRMDM, 0x0df1); // default value
    cc2400_set(MDMCTRL, 0x0029);

    while (!(cc2400_status() & XOSC16M_STABLE));
    cc2400_strobe(SFSON);
    while (!(cc2400_status() & FS_LOCK));
    TXLED_SET;
    while ((cc2400_get(FSMSTATE) & 0x1f) != STATE_STROBE_FS_ON);
    cc2400_strobe(STX);
#ifdef UBERTOOTH_ONE
    PAEN_SET;
#endif
#endif
}

I called the jamming function in the bt_stream_rx() right before handle_usb(clkn); when the jamming mode is !=JAM_NONE. Unfortunately the ubertooth seems to freeze when calling the jamming function. What is different here from the BLE jamming implementation which seem to work right? Is there also any way to wait with the jamming until the complete hopping sequence is found?

Version information

Operating system: kali linux, raspbian and windows

Ubertooth tools version (ubertooth-rx -V): libubertooth 1.1 (2018-08-R1), libbtbb 1.0 (2018-06-R1)

libbtbb version:

Ubertooth firmware version (ubertooth-util -v): Firmware version: 2018-08-R1 (API:1.05)

mossmann commented 5 years ago

Hopping sequence detection is unreliable for classic Bluetooth, so I don't believe what you are trying to do is possible.