search

h2zero / esp-nimble-cpp

C++ library for the esp32 NimBLE stack based on and mostly compatible with @nkolban cpp_utils BLE library.
https://h2zero.github.io/esp-nimble-cpp/
Apache License 2.0
177 stars 61 forks source link

replay BLE advertisements from a Wireshark pcap #206

Open mhaberler opened 3 weeks ago

mhaberler commented 3 weeks ago

I am looking into replaying BLE packets (specifically advertisements) previously recorded with Wireshark and nRF sniffer

I wonder if such a "raw transmit" can be done with this library

this is how a BLE advertisement looks once recorded and exported as JSON from Wireshark (just the btle ad - full log attached):

  "btle": {
          "btle.access_address": "0x8e89bed6",
          "btle.advertising_header": "0x2560",
          "btle.advertising_header_tree": {
            "btle.advertising_header.pdu_type": "0x00",
            "btle.advertising_header.rfu.1": "0",
            "btle.advertising_header.ch_sel": "1",
            "btle.advertising_header.randomized_tx": "1",
            "btle.advertising_header.rfu.4": "0",
            "btle.advertising_header.length": "37"
          },
          "btle.length": "37",
          "btle.advertising_address": "d4:15:5c:77:56:68",
          "btcommon.eir_ad.advertising_data": {
            "btcommon.eir_ad.entry": {
              "btcommon.eir_ad.entry.length": "2",
              "btcommon.eir_ad.entry.type": "0x01",
              "btcommon.eir_ad.entry.flags.reserved": "0x00",
              "btcommon.eir_ad.entry.flags.le_bredr_support_host": "0x00",
              "btcommon.eir_ad.entry.flags.le_bredr_support_controller": "0x00",
              "btcommon.eir_ad.entry.flags.bredr_not_supported": "0x01",
              "btcommon.eir_ad.entry.flags.le_general_discoverable_mode": "0x01",
              "btcommon.eir_ad.entry.flags.le_limited_discoverable_mode": "0x00"
            },
            "btcommon.eir_ad.entry": {
              "btcommon.eir_ad.entry.length": "27",
              "btcommon.eir_ad.entry.type": "0xff",
              "btcommon.eir_ad.entry.company_id": "0x0499",
              "btcommon.eir_ad.entry.data": "05:10:ac:50:f7:bc:4a:00:48:00:28:03:fc:ad:96:68:31:19:d4:15:5c:77:56:68",
              "btcommon.eir_ad.entry.data_tree": {
                "_ws.expert": {
                  "btcommon.eir_ad.undecoded": "",
                  "_ws.expert.message": "Undecoded",
                  "_ws.expert.severity": "4194304",
                  "_ws.expert.group": "83886080"
                }
              }
            }
          },
          "btle.crc": "0xa96974"
        }

My idea would be to dump the JSON at an esp32 application, parse it and use esp-nimble-cpp to (re) transmit the capture

any suggestions how to go about it?

I could craft an NimBLEAdvertisementData from the above and transmit, but I wonder if there is a lower-level API which I could use in a more straightforward manner

thanks in advance for any suggestions

Michael

full JSON: ruuvi5668.json same as pcapng

h2zero commented 3 weeks ago

Yes, you could do this with NimBLEAdvertisementData and just add the raw bytes to it. You could use NimBLE directly for this but would require you to implement the calls to start advertising etc as well.