See also: Notes: Web Bluetooth

Debugging

• "Ultimate Guide to Debugging Bluetooth Smart / BLE Products" -- a comprehensive overview of debugging tools/process from hardware layer through to mobile layer.

Bluetooth LE Sniffing / RE links

• Sniffing and decoding NRF24L01+ and Bluetooth LE packets for under $30 / https://github.com/omriiluz/NRF24-BTLE-Decoder (Also ANT+

• Nordic nRF51 developer board/dongle sniffer tool:

  • https://developer.mbed.org/media/uploads/nemovn/ble-sniffer_win_1.2_user_guide.pdf
  • nrf-ble-sniffer-osx -- "An OS X client for the Nordic BTLE sniffer dongle" (wiki)
  • Nordic nRF51 Dongle (on mbed.org)
  • https://devzone.nordicsemi.com/question/47434/bad-mic-when-sniffing/ ("Overview and Evaluation of Bluetooth Low Energy: An Emerging Low-Power Wireless Technology" has description of MIC as "When encryption and authentication are used in a connection, a 4-byte Message Integrity Check (MIC) is appended to the payload of the data channel PDU (see Figure 1(b)). Encryption is then applied to the PDU payload and MIC fields." )

• BTLE Encryption cracking:

  • https://github.com/mikeryan/crackle
  • http://blog.cozybit.com/how-to-crack-bluetooth-le-security-using-crackle/
  • https://devzone.nordicsemi.com/question/14461/wireshark-and-encryption/

• Wireshark:

  • https://devzone.nordicsemi.com/question/36746/why-sniffer-shows-connect_req-from-slave-to-master/ (bug in certain versions of Wireshark causes wrong direction to be displayed)

• http://blog.lacklustre.net -- Variety of Bluetooth/BLE research (including "Blackbox Reversing an Electric Skateboard Wireless Protocol")

BLE Reverse Engineering related projects

• https://github.com/madhead/saberlight/blob/master/protocols/ZJ-MBL-RGBW%20(v3)/protocol.md
• http://stackoverflow.com/questions/26171647/zengge-ble-bulb-protocol (includes gattool example)
  • "got the codes by turning on the Bluetooth HCI-snoop-log in Android wile using the Magic Light app and analysing it with Wireshark"
  • Further comment on using Android logging: http://stackoverflow.com/questions/19502853/android-4-3-ble-filtering-behaviour-of-startlescan#23290220

13 September 2016¶

• Browser tab link-dump related to bleno and pairing/bonding/encryption:

  • "How to connect a windows 10 device with Bleno #191"
  • "Secure Read with iOS 9.3.1 #187"
  • "bleno disconnects when smartphone access a secure charactheristic #71"
  • "Pairing #5"
  • "connection disconnect after pairing #171"

  Error message was "Connection Terminated Due to MIC Failure", related links:

  • http://stackoverflow.com/questions/31175024/android-bluetooth-low-energy-status-61
  • "CC2541 HCI errors 0x3D and 0x3E"
  • https://github.com/sandeepmistry/noble/blob/master/lib/hci-socket/hci-status.json
  • http://support.dialog-semiconductor.com/disconnect-issue-da14580-murata-lbca2hnzyz

  Also, I think related:

  • "SMP support? #31"
  • "bleno advertising not working after noble peripheral disconnect #64"
  • "How to set OOB (Out of Band) Pairing on Raspberry Pi? #110"
  • https://github.com/sandeepmistry/bleno/blob/master/lib/hci-socket/smp.js

• "No BLE discovered by nRF Master #205" specifies how to get the most complete logging dump with:

      DEBUG=* node <file>.js