目錄
- 前言
- 1、編譯 Ubertooth tools
- 1.1、準備工作
- 1.2、編譯安裝 libbtbb
- 1.3、編譯安裝 Ubertooth tools
- 1.4、Wireshark 插件
- 1.5、更新固件
- 2、更新及開發固件
- 2.1、更新固件
- 2.2、開發固件
- 3、效果展示
- 附錄
Ubertooth One 是一款軟硬體開源的藍牙抓包器,我們本教程将采用:學習使用、分析代碼、分析硬體設計、自己制作一款抓包器的路徑來展開。
Ubertooth 需要用到 Ubertooth tools,該工具依賴 libbtbb (藍牙 baseband 庫),這兩個工程都需要自己編譯,是以,第一步需要安裝為了編譯上述工程的工具:
Debian 10 / Ubuntu 20.04 / Kali
sudo apt install cmake libusb-1.0-0-dev make gcc g++ libbluetooth-dev wget \
pkg-config python3-numpy python3-qtpy python3-distutils python3-setuptools
Bluetooth baseband library (libbtbb) 主要用來解碼藍牙資料包,編譯安裝操作如下:
wget https://github.com/greatscottgadgets/libbtbb/archive/2020-12-R1.tar.gz -O libbtbb-2020-12-R1.tar.gz
tar -xf libbtbb-2020-12-R1.tar.gz
cd libbtbb-2020-12-R1
mkdir build
cd build
cmake ..
make
sudo make install
sudo ldconfig
Ubertooth 工程包含 host 端代碼,主要提供:抓取藍牙資料包、配置 Ubertooth、更新固件,編譯安裝操作如下:
wget https://github.com/greatscottgadgets/ubertooth/releases/download/2020-12-R1/ubertooth-2020-12-R1.tar.xz
tar -xf ubertooth-2020-12-R1.tar.xz
cd ubertooth-2020-12-R1/host
mkdir build
cd build
cmake ..
make
sudo make install
sudo ldconfig
建議用 2.2+ 版本的 Wireshark,自帶插件。下面我寫了個腳本,可以一鍵運作并調用 Wireshark 進行抓包。
➜ bluetooth cat ubertooth_wireshark.sh
#!/bin/bash
sudo rm -rf /tmp/pipe
sudo mkfifo /tmp/pipe
echo the mac address is: $2
echo '''
HOW TO SET WIRESHARK:
1.Click Edit -> Preferences
2.Click Protocols -> DLT_USER
3.Click Edit (Encapsulations Table)
4.Click New
5.Under DLT, select "User 0 (DLT=147)" (adjust this selection as appropriate if the error message showed a different DLT number than 147)
6.Under Payload Protocol, enter: btle
7.Click OK
8.Click OK
'''
sudo killall wireshark
sudo wireshark -k -i /tmp/pipe &
echo "reset ubertooth"
sudo ubertooth-util -r
if [ "$2" != "NULL" ];then
echo "-t<address> set connection following target (example: -t22:44:66:88:aa:cc/48)"
sudo ubertooth-btle -t $2
fi
if [ "$1" == "-p" ];then
echo "-p promiscuous: sniff active connections"
sudo ubertooth-btle -p -I -c /tmp/pipe
elif [ "$1" == "-n" ];then
echo "-n don't follow, only print advertisements"
sudo ubertooth-btle -n -c /tmp/pipe
elif [ "$1" == "-f" ];then
echo "-f follow connections"
sudo ubertooth-btle -f -I -c /tmp/pipe
else
echo "INPUT_ERROR: sudo bash ubertooth_wireshark.sh -f BC:23:4C:00:00:01"
exit 1
fi
echo the mac address is: $2
當完全安裝好 Ubertooth tools 之後,需要将固件更新到和上面工具軟體相比對的版本(參考第2.1節)。
擷取最新版本的 Ubertooth,然後解壓進入 ubertooth-one-firmware-bin 目錄,之後運作:
$ ubertooth-dfu -d bluetooth_rxtx.dfu -r
Switching to DFU mode...
Checking firmware signature
........................................
........................................
................
裝置将會自動進入 DFU 模式然後更新固件。
注:在處于非 DFU 模式,可以用
ubertooth-util -v
擷取固件的資訊。
安裝支援 ARM Cortex-M3 工具鍊:
sudo apt-get install gcc-arm-none-eabi libnewlib-arm-none-eabi
或這直接下載下傳:https://launchpad.net/gcc-arm-embedded
編譯:
cd firmware/bluetooth_rxtx/
make
燒寫:
ubertooth-dfu -d bluetooth_rxtx.dfu -r
運作抓包指令:
sudo bash ubertooth_wireshark.sh -f dc:23:4D:0c:2f:5f
自動調用 wireshark 顯示資料:
1.完整代碼(GITHUB):https://github.com/greatscottgadgets/ubertooth
2.ubertooth 首頁:https://greatscottgadgets.com/ubertoothone/
- : uBertooth 是一千元以下的開源藍牙抓包器,實際使用存在一定的丢包率~
- 專業抓包,還要買 Ellisys 之類的幾萬或幾十萬的工具~