Sniffle v1.7 releases: A sniffer for Bluetooth 5 and 4.x LE

by do son · Published · Updated

sniffer for Bluetooth

Sniffle

Sniffle is a sniffer for Bluetooth 5 and 4.x (LE) using TI CC1352/CC26x2 hardware.

It runs on Texas Instruments CC26x2 microcontrollers, including the low-cost CC26x2 Launchpad development board. The host side software for Sniffle is written in Python, enabling easy extension and modification, and providing cross-platform support. In addition to displaying packets on the terminal console in real-time, the host side software can save captured traffic to a standard PCAP format compatible with the Ubertooth. This allows easy analysis with Wireshark and other open-source tools.

sniffer for Bluetooth

Sniffle has a number of innovative and useful features that allow easy, convenient, and reliable sniffing. One major feature is the ability to capture advertisements for a particular MAC address on all three primary advertising channels using a single sniffer by hopping through advertising channels together with the target. This makes connection detection three times more reliable than most existing sniffers that only stay on a single advertising channel. Sniffle can usually detect connection establishment with over 90% reliability.

Sniffle has a number of useful features, including:

  • Support for BT5/4.2 extended length advertisement and data packets
  • Support for BT5 Channel Selection Algorithms #1 and #2
  • Support for all BT5 PHY modes (regular 1M, 2M, and coded modes)
  • Support for sniffing only advertisements and ignoring connections
  • Support for channel map, connection parameter, and PHY change operations
  • Support for advertisement filtering by MAC address and RSSI
  • Support for BT5 extended advertising (non-periodic)
  • Support for capturing advertisements from a target MAC on all three primary advertising channels using a single sniffer. This makes connection detection nearly 3x more reliable than most other sniffers that only sniff one advertising channel.
  • Easy to extend host-side software written in Python
  • PCAP export compatible with the Ubertooth

Changelog v1.7

  • New Wireshark extcap plugin (thanks @jaylogue)
  • Added support for CC2652R7, CC1352P7, and CC2651P3
  • Updated for TI SDK 6.20.00.29 and TI-RTOS 7
  • Added serial port auto-detection
  • Added option to ignore suspected encrypted PHY changes
  • Improved channel map recovery for encrypted connections
  • Fixed bugs in acknowledgement and retransmit handling under master/slave operation
  • Updated link layer logic to respect connSupervisionTimeout (rather than a fixed number of connection events)
  • Corrected reporting of connection access address for CONNECT_IND
  • Disabled RSSI filter by default

Install && Use

Copyright (C) 2016-2019 NCC Group plc

Tags: sniffer for BluetoothSniffle