Sniffing/logging your own Android Bluetooth traffic

AndroidBluetoothReverse Engineering

Android Problem Overview

I recently bought chinesse device that connects via bluetooth with android phone / tablet. Since there is no application availible for windows / linux I want to create one for personal usage.

Usually phone connects to the device and exchanges some data. I connected PC to the device and looked into serial debugger and menaged to discover the protocol (one way only). Phone sends only one command to the device. But this time I'm not able to find out what it containts.

Is there any software that will allow me to look into data sent via bluetooth? I tried decompiling the app, but it looks really unfriendly.

Thanks.

Android Solutions

Solution 1 - Android

Android 4.4 (Kit Kat) does have a new sniffing capability for Bluetooth. You should give it a try.

> If you don’t own a sniffing device however, you aren’t necessarily out > of luck. In many cases we can obtain positive results with a new > feature introduced in Android 4.4: the ability to capture all > Bluetooth HCI packets and save them to a file. > > When the Analyst has finished populating the capture file by running > the application being tested, he can pull the file generated by > Android into the external storage of the device and analyze it (with > Wireshark, for example). > > Once this setting is activated, Android will save the packet capture > to /sdcard/btsnoop_hci.log to be pulled by the analyst and inspected.

Type the following in case /sdcard/ is not the right path on your particular device:

adb shell echo \$EXTERNAL_STORAGE

> We can then open a shell and pull the file: $adb pull > /sdcard/btsnoop_hci.log and inspect it with Wireshark, just like a PCAP > collected by sniffing WiFi traffic for example, so it is very simple > and well supported: > > screenshot of wireshark capture using Android HCI Snoop > > [source]

You can enable this by going to Settings->Developer Options, then checking the box next to "Bluetooth HCI Snoop Log."

Solution 2 - Android

Also, this might help finding the actual location the btsnoop_hci.log is being saved:

adb shell "cat /etc/bluetooth/bt_stack.conf | grep FileName"

Solution 3 - Android

On Xiaomi Redmi Note 9s This configuration file can also be found /storage/emulated/0/MIUI/debug_log/common named as hci_snoop20210210214303.cfa hci_snoop20210211095126.cfa

With enabled 'Settings->Developer Options, then checking the box next to "Bluetooth HCI Snoop Log." '

I was used Total Commander for taking file from Internal storage

Solution 4 - Android

On a Xiaomi phone with Android 11, after enabling "Bluetooth HCI Snoop log" in developer settings the file seems to be written to

/data/misc/bluetooth/logs/btsnoop_hci.log (only accessible with root)

/sdcard/MIUI/debug_log/common/com.android.bluetooth/btsnoop_hci.log

In addition, it's possible to get the log by running adb bugreport zipname from the computer, as written here.

Note that the logging only turned on after a reboot for me.

Categories
Recommended Android Solutions
Recommended Bluetooth Solutions
Recommended Reverse Engineering Solutions

Previous Solution:

How to write CSV output to stdout?

PythonPython 3.xStdout

Next Solution:

Can't endBackgroundTask: no background task exists with identifier, or it may have already been ended

Objective CIos7Xcode5

Attributions

All content for this solution is sourced from the original question on Stackoverflow.

The content on this page is licensed under the Attribution-ShareAlike 4.0 International (CC BY-SA 4.0) license.

Content TypeOriginal AuthorOriginal Content on Stackoverflow
Questionpeku33View Question on Stackoverflow
Solution 1 - AndroidStephan BranczykView Answer on Stackoverflow
Solution 2 - AndroidmaximevinceView Answer on Stackoverflow
Solution 3 - AndroidramkinView Answer on Stackoverflow
Solution 4 - AndroidphireskyView Answer on Stackoverflow