sultanqasim
commented
4 months ago The old legacy pairing process was insecure, so it could be cracked if you sniffed the pairing process. You can use Mike Ryan's "crackle" for this purpose: https://github.com/mikeryan/crackle
Modern devices should be using LE Secure Connections, which uses a different Elliptic Curve Diffie-Hellman based pairing process that can't be cracked easily unless one of the sides is using known (debug) keys. You could still extract the derived LTK from a rooted Android phone, and then use crackle to decrypt.
Regarding LE audio, be aware that Sniffle does not yet support Connected or Broadcast Isochronous Groups (CIG and BIG). Thus, you won't be able to capture the actual audio data at the moment with Sniffle. I do plan to implement this in the future, though I can't give any timelines.
mafaneh
Hi, I purchased TI CC26x2R Launchpad Board, followed instructions and flashed version 1.9.1. I want to sniff packets of le audio protocol. I can see using sniffle data being transferred but since the connection is secured (Secure connection) I can't see the real data.
I saw that some snifferes support decoding the data if pairing is made during the sniffing and ltk is being exchanged. I tried to find a way if wireshark could receive the ltk and then decode it, but did not find a way.
any suggestions how can I get the real data? thanks