Date: Mon, 10 Jul 2017 14:44:48 -0700 From: Maksim Yevmenkin <maksim.yevmenkin@gmail.com> To: "Mikhail T." <mi+thun@aldan.algebra.com> Cc: "freebsd-bluetooth@freebsd.org" <bluetooth@freebsd.org> Subject: Re: Ubertooth (Re: How to listen quietly for other Bluetooth devices?) Message-ID: <CAFPOs6ogqKf9NUwhzp-6RnQuHj2jVxEfvM8PNTbZAiRrDLaVqw@mail.gmail.com> In-Reply-To: <CAFPOs6rq86dJEb9r4PNYTct66E%2BgtjGyn6zLZfYFPKv48jB5LQ@mail.gmail.com> References: <085c77b2-9f40-5a1f-0b49-86a24e561fce@aldan.algebra.com> <CAFPOs6o_1ExGjcOZWdRTuZXHCvPnXVjCn562u6ApXPVuyhadew@mail.gmail.com> <B643CF86-6270-4BB7-9E13-D76ECFC63AD3@aldan.algebra.com> <CAFPOs6pr2sxr=egtUKD-3AkGQd5P0X1V7jsXhgwTP7qQSjTfEA@mail.gmail.com> <ed4d6da5-9b62-66ae-2b6c-e224167c74dc@aldan.algebra.com> <9DDD63D7-52A2-4995-98E4-D60CEE5EE106@gmail.com> <6e1f597c-7f85-1a37-a228-49da2d2f77dd@aldan.algebra.com> <E7B9E64D-75C9-4965-B4C1-25B728156319@gmail.com> <4c47c36f-9161-7266-5cef-acb3e72d17fa@aldan.algebra.com> <CAFPOs6rq86dJEb9r4PNYTct66E%2BgtjGyn6zLZfYFPKv48jB5LQ@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Jul 10, 2017 at 10:06 AM, Maksim Yevmenkin <maksim.yevmenkin@gmail.com> wrote: > On Sun, Jul 9, 2017 at 4:11 PM, Mikhail T. <mi+thun@aldan.algebra.com> wrote: >> On 09.07.2017 18:54, maksim yevmenkin wrote: >> >> Interesting... I personally have not seen this. Thank you for the pointer. >> It looks like custom hardware running custom firmware. This should be able >> to give full access to baseband. Still kinda pricey. Ubertooth one hardware >> sells for $120 at sparkfun. That's 3x price of raspberry pi 2/3 :) for a >> fraction of general usability :) could make an relatively inexpensive >> Bluetooth scanner though. >> >> They are using "bluez" to flush their own firmware into the dongle, it >> seems. I doubt, they make their own chipset -- it may be possible to flush >> the same firmware into a much cheaper dongle with the same chipset... > > hmm... i don't see it. sorry. may be i'm looking in the wrong place. > > so, yes, they have custom firmware that is flashed onto ubertooth-zero > or ubertooth-one dongle. my understanding is that those are not > off-the-shelf dongles. > > https://www.sparkfun.com/products/10573 is $120 (ubertooth-one) > > https://www.amazon.com/Great-Scott-Gadgets-WRL-10573-Ubertooth/dp/B007R9UPHA > (Amazon) > > yes, they are not making completely custom chip, they are reusing some > off-the-shelf components. however, final board it custom. in fact, i'm > not even 100% sure that ubertooth-one is a complete bluetooth dongle. > according to schematics they use CC2400 Single-Chip 2.4 GHz ISM Band > Transceiver and CC2591 2.4 GHz Range Extender strapped to LPC175x ARM > Cortex-M3 microcontroller. it may be just designed for the purpose of > scanning and may be injecting packets. > > there are references to a modded CSR firmware that can be flashed onto > off-the-shelf CSR dongle. however, even with modded firmware, it will > not act as full scanner. according to the posts it will sniff traffic > for known BD_ADDR. > > as far as porting it, i don't see what's the big deal. it seems like > it should be possible to port this. after 15 minutes of looking at source code, i'm convinced that it should be possible to get it working in freebsd. it looks like ubertooth-one is already shipped with at least bootloader programmed. it may even already contain something called bluetooth_rxtx. even if one can not build bluetooth_rxtx (i.e. firmware) on freebsd right out of the box, there is a pre-build binary available. to flash bluetooth_rxtx onto ubertoot-one one can use usb dfu tool. that's a standard protocol and even if freebsd does not have a tool available right away, a little bit of user space libusb programming is all that is needed finally, as soon as bluetooth_rxtx (i.e. firmware) is flashed onto ubertooth-one, it will answer to a limited set of vendor HCI commands. again, a little bit of user space libusb programming and it should be all set. again, keep in mind that ubertooth-one is NOT a bluetooth dongle. i suppose it is possible to turn it into one by writing code that would implement both baseband and HCI. but then again, unless there is a specific need, its more cost effective to pick up $5-$10 off-the-shelf real bluetooth dongle. a $120 bluetooth sniffer (even if it has limited functionality) could be useful to some people. to summarize: $120 in hardware and weekend (or less) of coding will produce dedicated bluetooth sniffer. it is not even required to modify any kernel parts. as long as ubertooth-one is recognized as ugenX device, its possible to use libusb to control it. ubertooth-one bootloader / firmware development is a bit more complicated due to a) cross-compile toolchain. however, if one already has cross-compile toolchain for that micro-controller, its a piece of cake. if not, building gcc-based cross-compile toolchain should be doable. b) intimate knowledge of programming rf transceivers, understanding of other-the-air low level protocols, etc. etc. with enough dedication its also should be doable. thanks! max
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAFPOs6ogqKf9NUwhzp-6RnQuHj2jVxEfvM8PNTbZAiRrDLaVqw>