Bluetooth LE / Bluetooth Smart / BLE etc
See also: Notes: Web Bluetooth
- "Ultimate Guide to Debugging Bluetooth Smart / BLE Products" -- a comprehensive overview of debugging tools/process from hardware layer through to mobile layer.
Bluetooth LE Sniffing / RE links
Nordic nRF51 developer board/dongle sniffer tool:
nrf-ble-sniffer-osx-- "An OS X client for the Nordic BTLE sniffer dongle" (wiki)
- Nordic nRF51 Dongle (on mbed.org)
- https://devzone.nordicsemi.com/question/47434/bad-mic-when-sniffing/ ("Overview and Evaluation of Bluetooth Low Energy: An Emerging Low-Power Wireless Technology" has description of MIC as "When encryption and authentication are used in a connection, a 4-byte Message Integrity Check (MIC) is appended to the payload of the data channel PDU (see Figure 1(b)). Encryption is then applied to the PDU payload and MIC fields." )
BTLE Encryption cracking:
- https://devzone.nordicsemi.com/question/36746/why-sniffer-shows-connect_req-from-slave-to-master/ (bug in certain versions of Wireshark causes wrong direction to be displayed)
http://blog.lacklustre.net -- Variety of Bluetooth/BLE research (including "Blackbox Reversing an Electric Skateboard Wireless Protocol")
BLE Reverse Engineering related projects
- http://stackoverflow.com/questions/26171647/zengge-ble-bulb-protocol (includes
- "got the codes by turning on the Bluetooth HCI-snoop-log in Android wile using the Magic Light app and analysing it with Wireshark"
- Further comment on using Android logging: http://stackoverflow.com/questions/19502853/android-4-3-ble-filtering-behaviour-of-startlescan#23290220