Sniffing/Logging Your Own Android Bluetooth Traffic

Sniffing/logging your own Android Bluetooth traffic

Android 4.4 (Kit Kat) does have a new sniffing capability for Bluetooth. You should give it a try.

If you don’t own a sniffing device however, you aren’t necessarily out
of luck. In many cases we can obtain positive results with a new
feature introduced in Android 4.4: the ability to capture all
Bluetooth HCI packets and save them to a file.

When the Analyst has finished populating the capture file by running
the application being tested, he can pull the file generated by
Android into the external storage of the device and analyze it (with
Wireshark, for example).

Once this setting is activated, Android will save the packet capture
to /sdcard/btsnoop_hci.log to be pulled by the analyst and inspected.

Type the following in case /sdcard/ is not the right path on your particular device:

adb shell echo \$EXTERNAL_STORAGE

We can then open a shell and pull the file: $adb pull
/sdcard/btsnoop_hci.log and inspect it with Wireshark, just like a PCAP
collected by sniffing WiFi traffic for example, so it is very simple
and well supported:

screenshot of wireshark capture using Android HCI Snoop

[source]

You can enable this by going to Settings->Developer Options, then checking the box next to "Bluetooth HCI Snoop Log."

Sniffing/logging your own Android Bluetooth traffic

Android 4.4 (Kit Kat) does have a new sniffing capability for Bluetooth. You should give it a try.

If you don’t own a sniffing device however, you aren’t necessarily out
of luck. In many cases we can obtain positive results with a new
feature introduced in Android 4.4: the ability to capture all
Bluetooth HCI packets and save them to a file.

When the Analyst has finished populating the capture file by running
the application being tested, he can pull the file generated by
Android into the external storage of the device and analyze it (with
Wireshark, for example).

Once this setting is activated, Android will save the packet capture
to /sdcard/btsnoop_hci.log to be pulled by the analyst and inspected.

Type the following in case /sdcard/ is not the right path on your particular device:

adb shell echo \$EXTERNAL_STORAGE

We can then open a shell and pull the file: $adb pull
/sdcard/btsnoop_hci.log and inspect it with Wireshark, just like a PCAP
collected by sniffing WiFi traffic for example, so it is very simple
and well supported:

screenshot of wireshark capture using Android HCI Snoop

[source]

You can enable this by going to Settings->Developer Options, then checking the box next to "Bluetooth HCI Snoop Log."

sniffing bluetooth low energy in Android

Yes it will pick up everything on the HCI link, including BLE advertisements. But you must have at least one app that has told the system to perform a BLE scan of course.

Why don't you just use a BLE scan app like nRF Connect?

How to sniff Bluetooth traffic in Android?

I found out that traces from hcidump tools are not truncated, and I think this is a perfect solution. However, I have to copy the trace from android to the pc evry time (e.g. sending by e-mail) and therefore it is a cumbersome work. Would be great if there was a tool to get access to the terminal emulator of android. Btw, BusyBox provides also some other very useful tools from Linux.



Related Topics



Leave a reply



Submit