↑ Return to Tutorials

Print this Page

Sniffing Bluetooth Packets with Kismet and Wireshark in Ubuntu 12.04

Kickstarter is a crowd funding web site that holds a variety of projects in arts, comics, gaming, film & video, etc.  On the technological part i want to make a special mention to one, Michael Ossmann’s Ubertooth Project.  Basically is an spectrum analyzer and development tool but with a few advantages like bluetooth sniffing… and in advanced options you can inject packets.

As fancy as it could be, there are a few drawbacks seeking the right version of linux that works following old guides.  I made this guide because was painful for me to follow some tutorials on the web.  By basically probe a variety of options of Linux (BackTrack 5 R3 and others) i finally could put the things on the way using Ubuntu 12.04 (Precise Pangolin),  

Finally i have to say if you follow completely the build guide of the project ubertooth using Ubuntu you will get the same results as i had.

There is a pair of tricky actions to follow if you want to make the kismet ubertooth plugin compiled, but its just a little work of reading, nothing more.

I installed a VirtualBox Machine downloading Ubuntu 12.04 from this link.

 

OK, lets start!

First download the prerequisites that Ubuntu needs

sudo apt-get install libusb-1.0-0-dev make gcc pyside-tools python-numpy

Screenshot from 2014-05-07 19_00_29You will be prompted to intall the dependencies, accept this with ‘y’ and ‘enter’

Screenshot from 2014-05-07 19_00_58

Screenshot from 2014-05-07 19_04_02

Screenshot from 2014-05-07 19_04_02

Now we need PyUSB to be downloaded from the repositories for add python access to USB ports, uncompress on the root folder, navigate to the new folder and compile/install python USB support files.

wget http://sourceforge.net/projects/pyusb/files/PyUSB%201.0/1.0.0-alpha-3/pyusb-1.0.0a3.tar.gz/download -O pyusb-1.0.0a3.tar.gz
tar xvf pyusb-1.0.0a3.tar.gz
cd pyusb-1.0.0a3
sudo python setup.py install

Screenshot from 2014-05-07 19_04_22

Screenshot from 2014-05-07 19_04_48 Screenshot from 2014-05-07 19_05_08 Screenshot from 2014-05-07 19_06_09

Next thing to follow is to install bluetooth base band libraries or libbtbb, are common files needed for the ubertooth to decode bluetooth packets:

wget http://sourceforge.net/projects/libbtbb/files/libbtbb-2012-10-R3.tar.xz/download -O libbtbb-2012-10-R3.tar.xz
tar xf libbtbb-2012-10-R3.tar.xz
cd libbtbb-2012-10-R3
make
sudo make install

Screenshot from 2014-05-07 19_06_52 Screenshot from 2014-05-07 19_08_40 Screenshot from 2014-05-07 19_09_17 Screenshot from 2014-05-07 19_10_53 Screenshot from 2014-05-07 19_11_23 Screenshot from 2014-05-07 19_11_37

Next step is to install ubertooth tools, basically there are all the ubertooth basic functionality for spectrum analyzing, bluetooth sniffing and firmware updates.  There is also inside a plugin for a linux program that we will install later.

wget http://sourceforge.net/projects/ubertooth/files/ubertooth-2012-10-R1.tar.xz/download -O ubertooth-2012-10-R1.tar.xz
tar xf ubertooth-2012-10-R1.tar.xz
cd ubertooth-2012-10-R1/host
make
sudo make install

Screenshot from 2014-05-07 19_13_34Screenshot from 2014-05-07 19_14_05 Screenshot from 2014-05-07 19_14_46Screenshot from 2014-05-07 19_15_20

 

Follow the next steps if you need to install ubertooth-follow tool.

sudo apt-get install libbluetooth-dev
cd ubertooth-2012-10-R1/host
make clock_debug=true
sudo make clock_debug=true install

Screenshot from 2014-05-07 19_16_12 Screenshot from 2014-05-07 19_17_21 Screenshot from 2014-05-07 19_17_47 Screenshot from 2014-05-07 19_18_07

Before install kismet, we first need to inspect if all our software is ready to use.  Now we will test the basic functionality of Ubertooth (Spectrum Analyzing).

  • Connect the ubertooth one to your USB port
  • If you are using a virtual machine, enable it on the Devices/Usb Ports and seek the ubertooth one

Ubertooth

  • When you finally select the ubertooth one, you must se three LEDs up.  Two green LEDs (RST and 1.8V) when you plugged the Ubertooth on your host machine and the red LED (USB LED) that indicates Ubertooth can communicate via USB port.

DSC02605

Now launch the ubertooth spectrum analyzer navigating between the ubertooth tools to the specan_ui folder and launch it:

Screenshot from 2014-05-07 19_23_10You now can see the basic spectrum traffic of WiFi 2.4GHz
Screenshot from 2014-05-07 19_23_32

On the figure below is an example of light trafic of a streaming page (watching a youtube video)
Screenshot from 2014-05-07 19_24_30

The next example is the analysis of bluetooth frequency hopping seeking neighbors devicesScreenshot from 2014-05-07 19_24_55

There is a youtube video of spectrum analyzer running:

That completes the first part of the installation of bluetooth basic tools.  Inside the ubertooth tools folder, bluetooth_rxtx there are a few interesting tools like ubertooth-lap that handles the discover of low address part of bluetooth devices when transmiting data, you could inspect this folder or follow up the ubertooth project page about other installed tools.

Now there is the tricky part, kismet!.  Kismet is a wireless detector to make sniffing and intrussion analysis via the 2.4GHz network in wifi a/b/g/n.  We first install kismet on Ubuntu with its default options and then install the ubertooth plugin that will make us capture bluetooth packets for futur analysis.  Use the commands below to install kismet

sudo apt-get install libpcap0.8-dev libcap-dev pkg-config \
build-essential libnl-dev libncurses-dev libpcre3-dev \
libpcap-dev libcap-dev
wget http://www.kismetwireless.net/code/kismet-2011-03-R2.tar.gz
tar xf kismet-2011-03-R2.tar.gz
sudo mv kismet-2011-03-R2 /usr/src/kismet
ln -s ../ubertooth-2012-10-R1/host/kismet/plugin-ubertooth /usr/src/kismet
cd /usr/src/kismet
sudo ./configure
sudo make && sudo make plugins
sudo make suidinstall
sudo make plugins-install

Screenshot from 2014-05-07 19_30_09 Screenshot from 2014-05-07 19_31_57 Screenshot from 2014-05-07 19_33_05 Screenshot from 2014-05-07 19_33_40 Screenshot from 2014-05-07 19_35_08 Screenshot from 2014-05-07 19_36_23 Screenshot from 2014-05-07 19_37_17 Screenshot from 2014-05-07 19_38_22 Screenshot from 2014-05-07 19_39_18 Screenshot from 2014-05-07 19_43_04 Screenshot from 2014-05-07 19_43_38

The final step of the kismet install is to link in a file named kismet.conf located in /usr/local/etc the file extension of kismet capture files, the extension to add is pcapbtbb.  For this:

  • Navigate to the folder /usr/local/etc
  • Open “kismet.conf” file
  • Find logtypes line
  • Add to the final line “,pcapbtbb” to permit kismet log bluetooth files for future analyzing
  • Verify if it was added using “grep logtypes kismet.conf”

Screenshot from 2014-05-07 19_36_23 Screenshot from 2014-05-07 19_52_15 Screenshot from 2014-05-07 19_52_38 Screenshot from 2014-05-07 19_53_27

Now we need to compile and install the kismet plugin to enable kismet capture bluetooth packets following up these steps:

cd ubertooth-2012-10-R1/host/kismet/plugin-ubertooth”

cd ubertooth-2012-10-R1/host/kismet/plugin-ubertooth
KIS_SRC_DIR=/usr/src/kismet make 
sudo KIS_SRC_DIR=/usr/src/kismet make install

Screenshot from 2014-05-07 19_44_34 Screenshot from 2014-05-07 19_46_59 Screenshot from 2014-05-07 19_47_27 Screenshot from 2014-05-07 19_49_14

Now that kismet plugin is installed, we can now launch kismet and configure ubertooth plugin down the windows.  For that purpose do the steps below:

  • Start kismet: sudo kismet
  • Say Yes to display default colors
  • Confirm that you are running as root, press OK
  • When prompted again, say Yes to start kismet services
  • Press Enter to start the server
  • Close the console window because is only information
  • When prompted to add an interface to kismet saye Yes to add ubertooth interface
  • When add source window opens, put on “Intf” the word “ubertooth” and in “Name” again “ubertooth” and click Add
  • Go to the tool bar and go to Kismet/Plugins/Select Plugin…
  • Use arrows to navigate up to “ubertooth_ui.so” and click the spacebar to enable ubertooth, then click close
  • Close the window and verify that ubertooth is up
  • Enable a bluetooth device discovery mode / scan, be patient and wait a few seconds, you will see captured packets
  • When you finish your capture close kismet killing the server when prompted
  • If you view your working directory, kismet would log the pcapbtbb and other files, we are interested on pcapbtbb for future analyzing with wireshark and the ubertooth plugin for wireshark

Screenshot from 2014-05-07 19_54_16 Screenshot from 2014-05-07 19_54_23 Screenshot from 2014-05-07 19_54_29 Screenshot from 2014-05-07 19_54_40 Screenshot from 2014-05-07 19_54_47 Screenshot from 2014-05-07 19_55_06 Screenshot from 2014-05-07 19_55_28 Screenshot from 2014-05-07 19_55_52 Screenshot from 2014-05-07 19_56_04 Screenshot from 2014-05-07 19_56_12 Screenshot from 2014-05-07 19_56_20 Screenshot from 2014-05-07 19_56_33 Screenshot from 2014-05-07 19_58_38 Screenshot from 2014-05-07 19_59_00

 

Now we will install wireshark with wireshark bluetooth baseband plugin for the file captured by kismet to be analyzed.

sudo apt-get install wireshark wireshark-dev \
libwireshark1 libwireshark-dev cmake
cd libbtbb-2012-10-R3/wireshark/plugins/btbb
cmake -DCMAKE_INSTALL_LIBDIR=/usr/lib/wireshark/libwireshark1/plugins .
make
sudo make install

Screenshot from 2014-05-07 19_59_46 Screenshot from 2014-05-07 20_05_13 Screenshot from 2014-05-07 20_06_02 Screenshot from 2014-05-07 20_06_49 Screenshot from 2014-05-07 20_07_07 Screenshot from 2014-05-07 20_07_25

 

Now, and finally we can open pcapbtbb files.  Run wireshark, open the pcapbtbb file, and see all packets sniffed for your bluetooth network.

Screenshot from 2014-05-07 20_07_42 Screenshot from 2014-05-07 20_08_23 Screenshot from 2014-05-07 20_08_50

Hope you like this guide, have a happy sniffing!

Permanent link to this article: http://cerescontrols.com/tutorials-3/sniffing-bluetooth-packets-with-kismet-and-wireshark-in-ubuntu-12-04/

16 comments

1 ping

Skip to comment form

  1. Fernando de Sousa

    Really interesting, I did not know Kismet could join the wireshark that way and analyze the bluethooth frequency. Strength and honor!

  2. venky

    Hi,

    Thanks a million for this. It helped me a lot while configuring my ubertooth one and kismet. I finally got them both working but when I start scanning them, I just get broadcast packets and the destination is always 000000000000. Can you please guide me on how to capture packets the right way? I have bluetooth devices running but nothing shows up on the scan results.

    1. Rangel Alvarado

      I now don’t use ubertooth more so i thing i could not help a lot. Years back maybe.

      Right now you can use Nordic Semiconductors Bluetooth Low Energy Sniffer (nRF51 Dongle + SW + nRF51822 DK) or NXP Solution for Sniffing (USB-KW40Z + SW + FRDM-KW40Z).

  3. Manel

    It’s Great .
    we can see all the steps , i thank you
    but i have some problems in my computer , i can’t install libbtbb and ubertooth with ” make and sudo make install ” i tried ” sudo apt-get install make ” but it did not work too .
    same for “make clock..=true” and “KIS_SRC_DIR=/usr/src/kismet make ”
    can you help me ?

    1. Rangel Alvarado

      I have a virtual machine that i can upload to you for a few days if you want to test it. But basically you must be in super user mode to do that, without any problem.

  4. michael

    Why do I always get only 14bytes packets and no data payload

  5. Stephen Cobb

    Wow! What a phenomenal set of instructions. I am sure these have been a great help to many researchers. I am considering trying this setup but wondered if it works with Ubuntu 14.04, which is what I currently have. I think you set this up on an earlier version.

    Cheers…Stephen

    1. Rangel Alvarado

      Yes, its an early version. I made it from the scratch because there are some tricky parts and this might help.

  6. Fractalspace

    Thanks,
    Everything works all the way till the end. Seeing just the 14 byte “Bluetooth Baseband” frames only, as noted by someone earlier. I will try the responses to see if I get anything more interesting.

    (Using Ubuntu 14.04.02 in VirtualBox on Windows 7)

    1. mp3weenie

      Hi Fractalspace,

      I have the same config and the exact same issue! Did you ever find a solution? I am new to BT but I paired with a device and captured it so I know I should have packets with payload.

      Thanks. Jay

  7. Tom Becker

    Hello. Thanks for putting this guide together. Is there any way to tell what is the Bluetooth channel number from the imported Wireshark trace? Thanks again.

    1. Rangel Alvarado

      Sorry for the late answer. Really don´t remember, i think that you could only spy the hooked channel, but is a hypothesis. Must check the documentation if is possible, sorry.

  8. Adrian

    Why do I always get only 14bytes packets and no data payload, though xml Data is being transmitted over an insecure connection? Am I doing something wrong? I trieb setting on Hop or Dwell, and like the I get a lot more packets, But still only 14bytes and I cannot find any xml in the captured packets. I would appreciate any idea hoe to fix this. With the uebertooth utils I see a lot of binary data (a lot more than with kismet + ubertooth plugin, But I find no tool which can analyse the captured data.

    1. Rangel Alvarado

      – In my picture (my case) the 14 bytes only are for a non paired device, but i was able to sniff the payload
      – Even in a secure connection you must see encrypted data
      – Try to do a few tries with kismet+ubertooth, sometimes the driver needs to wait time to interpret the data (i think), that happens to me a few times.

      If you have more comments please don’t hesitate to ask again.

  9. Tarun

    Whenever I start the sniffing, the Kismet console says
    ” No Ubertooth devices. can show the details once the device has been found.”
    I am on Ubuntu 14.04 and have followed the instructions above for installation. I am sure that the Ubertooth dongle is fine and working as I have tested it for spican.
    I am also wondering why it needs to connect with a server(proxy name and port) for running.

    Please help.
    Thanks :-) .

    1. Rangel Alvarado

      Tarun, i replied to your question via email the same day in the night.

  1. Ubertooth One – Bluetooth Packet Sniffing Hardware and More » Ceres Controls

    […] Sniffing Bluetooth Packets with Kismet and Wireshark in Ubuntu 12.04 […]

Leave a Reply

Your email address will not be published. Required fields are marked *