13

I am trying to re-write a closed-source application, originally deployed on mobile devices, that lets you command and control a certain type of mechanical robots via bluetooth.

The new application I am writing should be able to control the same robots as the first one does.

How can I intercept the commands -sent via bluetooth- from the closed source application ?
And more importantly, will I be able to "reproduce" them ?

An outline of the steps I have to take is enough to answer my question. A detailed answer would be appreciated.

Andrei Botalov
  • 5,267
  • 10
  • 45
  • 73
Pierre
  • 233
  • 1
  • 2
  • 6

4 Answers4

8

The Ubertooth one will allow you to sniff bluetooth traffic. It is fully capable of being placed into monitor mode and can be used with tools such as Kismet to perform bluetooth sniffing. There may be additional functionality that will allow you to perform packet injection as well. However if the traffic is encrypted this may not allow you to see the packets in the clear but it may give you a good start at reverse engineering the communication protocols.

Mark S.
  • 670
  • 4
  • 10
6

There is a better method today if you are using android. The developer tools offer a way to sniff Bluetooth packets into a log that can be opened in Wireshark.

Go to Developer Options on your phone and enable hcidump.

See this blog post for more details

Ziv
  • 201
  • 2
  • 4
4

Controlling robots via bluetooth sounds cool.

Perhaps instead of intercepting the bluetooth communication and decoding it, it might actually be easier to decompile the closed-source app and then search for the bluetooth commands? The control devices might use a standard bluetooth library that you might be able to hook into and log all requests/responses somehow?

Yoav Aner
  • 5,299
  • 3
  • 24
  • 37
  • 1
    I thought that would be more complicated, thanks for the answer, it turned out it's pretty easy to [decompile/reverse engineer an android apk](http://code.google.com/p/android-apktool/).. – Pierre Mar 13 '12 at 11:08
  • 2
    some times it's easier walking through the front-door than climbing through the window :) – Yoav Aner Mar 14 '12 at 14:17
1

Well it is not that easy. Refer to this article.

Unlike sniffing 802.11, Bluetooth doesn't use one channel, but hops over 79 channels. Which makes sniffing a lot harder.

You also have little or no control over the hardware, the only way to do this is by using the HCI with predefined commands.

The thing is when you check the sites you will see you need to ask a quote for a device. Most of the time that's not a good sign.

Lucas Kauffman
  • 54,169
  • 17
  • 112
  • 196