Hello Dominic,
Many thanks for your reply. I added the -s option and the results are the
same. It is still 22 byte packets.
FWIW, I am in the #ubertooth channel if anyone is there to chat.
John
On Mon, Dec 14, 2015 at 9:02 AM, Dominic Spill <dominicgs@...> wrote:
> On 14 December 2015 at 13:33, John Davis <davisjf@...> wrote:
> > Doing something similar I get:
> >
> > davis@...:~/progs$ ubertooth-rx -q sniff.pcap -r sniff.pcapng
> > systime=1450099810 ch=39 LAP=1b150f err=1 clk100ns=2718876754 clk1=435020
> > s=-69 n=-77 snr=8
> > systime=1450099810 ch=39 LAP=54f4c1 err=0 clk100ns=2718988783 clk1=435038
> > s=-47 n=-77 snr=30
>
> > If I open the two capture files in wireshark, it has missing columns for
> > source and destination. All packets are shown as unkown and are 22
> bytes in
> > length.
>
> The source and destination address in Wireshark refer to the source
> and destination MAC addresses for Ethernet, they are not relevant to
> Bluetooth packets as the packets do not contain a source and
> destination address. All packets contain parts of the address of the
> master device.
>
> The packets here are of unknown length because we have not been able
> to decode enough about them to read the packet headers. All that we
> know is the LAP and receive time. This is why the packets are so
> short in Wireshark. If you wish to improve the reception, you can try
> using ubertooth-rx with the -s option to scan through different
> channels, I usually find that this yields better data.
>
> Dominic
>
> > On Mon, Dec 14, 2015 at 8:22 AM, Hannibal Smith <h.smith05@...>
> wrote:
> >>
> >> John,
> >>
> >> nothing special, I just run ubertooth-rx with lap & uap. The packages
> >> shown by wireshark are between 22 and 42 bytes long.
> >>
> >> ------------------------------
> >> # ubertooth-rx -U0 -l 000830 -u 81 -r sniff.pcapng -q sniff.pcap
> >>
> >> systime=1450098845 ch=39 LAP=000830 err=0 clk100ns=863167307
> clk1=2235259
> >> s=0 n=-81 snr=81
> >> systime=1450098846 ch=39 LAP=000830 err=0 clk100ns=868336302
> clk1=2236086
> >> s=0 n=-82 snr=82
> >> CLK6 = 0x3b found after 2 total packets.
> >>
> >> Calculating complete hopping sequence.
> >> Hopping sequence calculated.
> >> 26536 initial CLK1-27 candidates
> >> systime=1450098848 ch=39 LAP=000830 err=0 clk100ns=895561933
> clk1=2240442
> >> s=-21 n=-82 snr=61
> >> systime=1450098848 ch=39 LAP=000830 err=0 clk100ns=895898047
> clk1=2240496
> >> s=-16 n=-83 snr=67
> >>
> >> Acquired CLK1-27 = 0x03998f6
> >> got CLK1-27
> >> clock offset = 3078902.
> >> systime=1450098851 ch=39 LAP=000830 err=0 clk100ns=895898047
> clk1=2240496
> >> s=-16 n=-83 snr=67
> >> Packet decoded with clock 0x40 (rv=2)
> >> Type: DM1
> >> LT_ADDR: 1
> >> LLID: 1
> >> flow: 0
> >> payload length: 12
> >> Data: 49 a3 a3 b2 44 03 4e f1 4d ab 86 63
> >> Type: DM1
> >> LT_ADDR: 1
> >> LLID: 1
> >> flow: 0
> >> payload length: 12
> >> Data: 49 a3 a3 b2 44 03 4e f1 4d ab 86 63
> >> systime=1450098868 ch=74 LAP=000830 err=0 clk100ns=733195114
> clk1=3787327
> >> s=-21 n=-76 snr=55
> >> Packet decoded with clock 0x40 (rv=1)
> >> Type: NULL
> >> Type: NULL
> >> systime=1450098868 ch=29 LAP=000830 err=0 clk100ns=737090197
> clk1=3787950
> >> s=-16 n=-120 snr=104
> >> Packet decoded with clock 0x40 (rv=1)
> >> Type: NULL
> >> Type: NULL
> >> systime=1450098868 ch= 9 LAP=000830 err=0 clk100ns=739839269
> clk1=3788390
> >> s=0 n=-120 snr=120
> >> Packet decoded with clock 0x40 (rv=1)
> >> Type: NULL
> >> Type: NULL
> >> systime=1450098871 ch= 2 LAP=000830 err=0 clk100ns=901735634
> clk1=3814293
> >> s=0 n=-59 snr=59
> >> Packet decoded with clock 0x40 (rv=1)
> >> Type: POLL
> >> Type: POLL
> >> ---------------
> >> ---------------
> >> No. Time Source Destination
> >> Protocol Length Info
> >> 4 3.273074000
> >> Bluetooth 22 NULL
> >>
> >> Frame 4: 22 bytes on wire (176 bits), 22 bytes captured (176 bits)
> >> Bluetooth BR/EDR Baseband
> >>
> >> No. Time Source Destination
> >> Protocol Length Info
> >> 5 432.769803600
> >> Bluetooth 34 HV1
> >>
> >> Frame 5: 34 bytes on wire (272 bits), 34 bytes captured (272 bits)
> >> Bluetooth BR/EDR Baseband
> >>
> >> No. Time Source Destination
> >> Protocol Length Info
> >> 6 1275.492969500
> >> Bluetooth 22 NULL
> >>
> >> Frame 6: 22 bytes on wire (176 bits), 22 bytes captured (176 bits)
> >> Bluetooth BR/EDR Baseband
> >>
> >> No. Time Source Destination
> >> Protocol Length Info
> >> 7 1275.882477800
> >> Bluetooth 22 AUX1
> >>
> >> Frame 7: 22 bytes on wire (176 bits), 22 bytes captured (176 bits)
> >> Bluetooth BR/EDR Baseband
> >>
> >> No. Time Source Destination
> >> Protocol Length Info
> >> 8 1276.157385000
> >> Bluetooth 22 EV5/3-EV5
> >>
> >> Frame 8: 22 bytes on wire (176 bits), 22 bytes captured (176 bits)
> >> Bluetooth BR/EDR Baseband
> >>
> >> No. Time Source Destination
> >> Protocol Length Info
> >> 9 862.850291900
> >> Bluetooth 22 DH5/3-DH5
> >>
> >> Frame 9: 22 bytes on wire (176 bits), 22 bytes captured (176 bits)
> >> Bluetooth BR/EDR Baseband
> >> --------------------------
> >>
> >>
> >>
> >>
> >> On 14.12.2015 13:53, John Davis wrote:
> >>
> >> Hannibal,
> >>
> >> I was trying to capture packets between two devices using an unencrypted
> >> SPP mode using classic bluetooth. I only got packets which were 12
> bytes in
> >> length. I'm curious about how you got your results. Would it be
> possible
> >> to give some more details on what you did?
> >>
> >> On Mon, Dec 14, 2015 at 7:07 AM, Hannibal Smith <h.smith05@...>
> >> wrote:
> >>>
> >>> Hey,
> >>>
> >>> currently I try to sniff and decrypt the communication between a
> >>> Bluetooth Keyboard and an old Bluetooth 2.0 Dongle. Sadly I didn't find
> >>> any website or blog entry where someone did this before.
> >>>
> >>> ubertooth-rx shows only packages with type NULL,POLL and DM1 but
> >>> wireshark shows the handshake with DH5, EV5... So the communication
> >>> seems to be encrypted as well.
> >>> I found some tools like btcrack or btpincrack to decrypt the stream but
> >>> they are incompatible to the pcap(ng) format. Is there any tool out
> >>> there which is able to crack this communication or can anyone give me a
> >>> hint, how i will be able to achieve this?
> >>>
> >>>
> >>> Regards
> >>> Hannibal
> >>>
> >>>
> >>>
> ------------------------------------------------------------------------------
> >>> _______________________________________________
> >>> Ubertooth-general mailing list
> >>> Ubertooth-general@...
> >>> https://lists.sourceforge.net/lists/listinfo/ubertooth-general
> >>
> >>
> >>
> >>
> >> --
> >> John F. Davis
> >> 6 Kandes Court
> >> Durham, NC 27713
> >> 919-888-8358
> >>
> >> 独树一帜
> >>
> >>
> >>
> >
> >
> >
> > --
> > John F. Davis
> > 6 Kandes Court
> > Durham, NC 27713
> > 919-888-8358
> >
> > 独树一帜
> >
> >
> >
> >
> ------------------------------------------------------------------------------
> >
> > _______________________________________________
> > Ubertooth-general mailing list
> > Ubertooth-general@...
> > https://lists.sourceforge.net/lists/listinfo/ubertooth-general
> >
>
--
John F. Davis
6 Kandes Court
Durham, NC 27713
919-888-8358
独树一帜 |