search

omriiluz / NRF24-BTLE-Decoder

Sniff and decode NRF24L01+ and Bluetooth Low Energy using RTL-SDR
MIT License
308 stars 72 forks source link

Trying to decode BLE paquet with HackRF, btle not decoding? #6

Open cloatre opened 8 years ago

cloatre commented 8 years ago

Hello,

I have a veraPlus controller with a Revogi bulb using bluetooth low energy. -->I try your tool, when I use defautl paquet-type which is nrf I get some data but nothing with btle: strange!

Here my outputs:

root@kali:~/BLE/NRF24-BTLE-Decoder/bin# cat /tmp/fifo | ./nrf24-btle-decoder -d 1 nrf24-btle-decoder, decode NRF24L01+ and Bluetooth Low Energy packets using RTL-SDR v0.4

1472563865.775252 NRF24 Packet start sample 27195205, Threshold:-15274, Address: 0x57555555D5 length:29, pid:1, no_ack:1, CRC:0xBBAA data:AA AA AB AA EA AA AA AA AB AA AA EA AE AA AB BA EA AE AE AA AE AA AA AA AA AA AA EB EA 1472563867.722470 NRF24 Packet start sample 31085810, Threshold:14985, Address: 0x559F5D555C length:21, pid:1, no_ack:1, CRC:0xA91A data:FA AA AB BA 8B AA 8A A2 A2 BB AA A8 BA 2F E2 AA EE BA 1A BA 82 1472563871.720254 NRF24 Packet start sample 39072723, Threshold:-13347, Address: 0x51555D5D55 length:23, pid:1, no_ack:0, CRC:0xAAAE data:AA AA AE BA AA AA EA BA EA BA AE AA AE EA B8 8A AA AA AA AA 2A AE A2 1472563879.503014 NRF24 Packet start sample 54637700, Threshold:14913, Address: 0x5154DFDF35 length:23, pid:3, no_ack:0, CRC:0x28A0 data:A2 AA BA AE BA E7 AA AA 4E AA AE BA 6A BA A2 BA BA 91 AB AA 2E EB 3A 1472563880.014774 NRF24 Packet start sample 55663872, Threshold:-14646, Address: 0xAABAFABE9E length:26, pid:2, no_ack:1, CRC:0x0600 data:55 55 57 D5 56 55 75 D5 57 51 DF DD FF D5 7F 55 55 52 00 08 00 01 20 00 90 00 1472563884.516805 NRF24 Packet start sample 64671686, Threshold:8823, Address: 0x65F475F357 length:23, pid:3, no_ack:0, CRC:0x8EAE data:AB AB AA 2E A3 AE BB FF AF AB EA BF BF AB 3E BA 86 6B A2 AE 4E BA BA 1472563885.546017 NRF24 Packet start sample 66719235, Threshold:-11940, Address: 0x7155555555 length:21, pid:1, no_ack:0, CRC:0xEA82 data:AA 1A AA 98 AA AA AA AE AA AA AA BA AB 83 BA AA 8A BA AB A8 AA 1472563898.244801 NRF24 Packet start sample 92117150, Threshold:-5501, Address: 0x5717FF545D length:19, pid:3, no_ack:0, CRC:0xBEEE data:FA AB FF EA AF BF EA AE AA EA AA AA AF AA AF AA EB AA BE 1472563912.780128 NRF24 Packet start sample 121199994, Threshold:-5783, Address: 0x7F55155555 length:21, pid:1, no_ack:0, CRC:0x8AFA data:E2 BF E3 AA AB 2A BE 42 AA F9 2A A2 A2 AE BA AA E2 BA AA F1 AA 124779838 samples received in 70 seconds root@kali:~/BLE/NRF24-BTLE-Decoder/bin# root@kali:~/BLE/NRF24-BTLE-Decoder/bin# cat /tmp/fifo | ./nrf24-btle-decoder -t btle -d 2 nrf24-btle-decoder, decode NRF24L01+ and Bluetooth Low Energy packets using RTL-SDR v0.4

154959257 samples received in 84 seconds

I change the grc fie to set center_freq to 2.405e9 and I use a HackRf:

screenshot from 2016-08-30 14 41 17

nickoe commented 8 years ago

Works fine with my HackRF One when I just tune to the proper frequency, but only one one of the advertising channels.

For example 2426 MHz channel index 38. Just edit the nrf_channel variable and set it to 26, becasue of the way the center_freq is calculated. You might also note the down sampling rate, I get stuff with both -b 1 or 2. I have not confirmed the data to be of known origin, but I get a lot of it in my environment compared to the two other advertising channels are also very silent for me. But it could still be noise from wifi and what not.