Installing the Ubertooth One on BT5

[HarvestGardener]

For those who haven't heard, Ubertooth one is an open-source, relatively inexpensive (~110USD) hardware platform for bluetooth packet capture and experimentation. This how-to will give a basic rundown on how to install and capture/analyze packets with the latest source (r238).

Topics covered include:
• Installing Ubertooth dependencies/source
• Building/testing Kismet plugin
• Installing Wireshark plugin

The first step is to setup the pyside repository to access precompiled binaries.

Code:

apt-get install python-software-properties
add-apt-repository ppa:pyside
apt-get update

- Download pre-compiled binary dependencies

Code:

apt-get install libnl-dev libusb-1.0-0-dev pyside-tools

- Compile and install PyUSB extension

Code:

wget http://downloads.sourceforge.net/project/pyusb/PyUSB%201.0/1.0.0-alpha-1/pyusb-1.0.0-a1.tar.gz
tar xvf pyusb-1.0.0-a1.tar.gz
cd pyusb-1.0.0-a1
python setup.py install

- Compile and Install libbtbb

Code:

wget http://downloads.sourceforge.net/project/libbtbb/libbtbb.0.5.tgz
tar xvf libbtb.0.5.tgz
cd libbtbb
make
make install

- Download and extract r238 of Ubertooth source

Code:

wget http://downloads.sourceforge.net/project/ubertooth/ubertooth-r238.tar.gz
tar xvf ubertooth-r238.tar.gz

With all of the dependencies installed, everything should be good to go in order to run the basic functionality of the Ubertooth adapter. A good test is to run the include spectrum analyzer:

Code:

cd ubertooth-r238/host/specan_ui
python specan_ui.py

You should see a window pop up with a nifty view of your local 2.4ghz spectrum.

**Capturing Bluetooth Packets**
- Reset ubertooth by unplugging and plugging it back in

- Test packet capture by compiling and running the following

Code:

cd ../bluetooth_rxtx
make
./ubertooth-lap

While this provides basic info about the packets flowing over the air, much more detail is provided via the Kismet plugin.

- Prep kismet source in a new terminal

Code:

tar xvf kismet-2011-03-R2.tar.gz -C /usr/src/
mv /usr/src/kismet-2011-03-R2/ /usr/src/kismet
cd /usr/src/kismet
./configure

- Compile ubertooth kismet plugin

Code:

cd ../kismet/plugin-ubertooth
wget http://www.kismetwireless.net/code/kismet-2011-03-R2.tar.gz
make
make install

- Add 'pcapbtbb' to the logtypes= line in /usr/local/etc/kismet.conf

- Run kismet with source and name as ubertooth

- Enable the ubertooth plugin via Kismet -> Plugins -> Select Plugin

Kismet will run like normal, using the Ubertooth to capture bluetooth packets and logging them to a capture file. In order to visualize this capture easily, libbtbb include the source code to build a Wireshark plugin.

You can either compile the plugin using the Wireshark source following instructions in doc/README.plugins. However, it is quite a process. Or you can just put the attached precompiled binaries for the 32 bit version of BT5 (btbb.la / btbb.so) in '/usr/local/lib/wireshark/plugins/1.4.6' and off you go. You can now simply open the appropriate Kismet capture file in Wireshark.

Hope this helps inspire someone to do some bluetooth hacking!

BTBB Wireshark Plugin.zip

[djjacket1]

Thanks for this! I was working on doing the same thing to test out my new device to make sure the hardware was working properly. Thankfully the hardware seems to be fully functional. Now just need to spend some time with the code and see what kinds of other things we can do with this.

Your instructions worked well - Kind of obvious, but I would add the download of the kismet source to the "prep of the Kismet source" just to make it completely idiot-friendly.

[djjacket1]

Thanks for this write-up! I was working on the same thing to test to make sure my new hardware was functional. I followed your steps and was able to confirm it is working.

Now I need to dig into the code and see what else we can do with this hardware!

[hak5darren]

Great tutorial. I'll add that if you're doing this in Virtualbox or VMware you'll probably run into libusb errors. However, running Backtrack on the host machine I have no problems getting the Ubertooth One up and running.

I'll post a follow-up if I figure out how to get the Ubertooth One functioning in a VM.

Full disclosure: My company sells the Ubertooth One. http://hakshop.com

[pbearne]

- Compile and Install libbtbb

Code:

wget http://downloads.sourceforge.net/project/libbtbb/libbtbb.0.5.tgz
tar xvf libbtb.0.5.tgz
cd libbtbb
make
make install

Typo:
-tar xvf libbtbb.0.5.tgz
+tar xvf libbtbb.0.5.tgz


Will this work in Virtual box?

getting USBErrot Unknown error

[Turbodn]

Thank you very much for this! I have got everything working except for that darn spectrum analyzer for some reason. I will run through your process tomorrow. I think I am just missing one dependency.

[HarvestGardener]

How to compile the libbtbb plugin for Wireshark on BT5 (should work on other linux flavors as well)

Download and uncompress Wireshark source

Code:

wget http://www.wireshark.org/download/src/wireshark-1.4.6.tar.bz2
tar xvf wireshark-1.4.6.tar.bz2

Copy the btbb folder from 'libbtbb/wireshark/plugins/' to 'wireshark-1.4.6/plugins/'

Now we need to make several changes to make/config files in the Wireshark source code so that libbybb is compiled along with the rest of the code.

The following files need to be edited:
wireshark-1.4.6/plugins/Makefile.am
wireshark-1.4.6/plugins/Makefile.nmake
wireshark-1.4.6/Makefile.am
wireshark-1.4.6/Configure.in
wireshark-1.4.6/CMakeLists.txt
wireshark-1.4.6/epan/Makefile.am
wireshark-1.4.6/packaging/nsis/Makefile.nmake
wireshark-1.4.6/packaging/nsis/wireshark.nsi

* Changes to 'wireshark-1.4.6/plugins/Makefile.am'
At around line 25:

Code:

SUBDIRS = $(_CUSTOM_SUBDIRS_) \
	asn1 \
	btbb \           <--- Add this line
	docsis \

* Changes to 'wireshark-1.4.6/plugins/Makefile.nmake'
At around line 9:
[code]
PLUGIN_LIST = \
asn1 \
btbb \ <--- Add this line
docsis \
...
[code]

* Changes to 'wireshark-1.4.6/Makefile.am'
At around line 264:

Code:

if HAVE_PLUGINS
-include plugins/Custom.make
plugin_ldadd = $(_CUSTOM_plugin_ldadd_) \
	-dlopen plugins/asn1/asn1.la \
	-dlopen plugins/btbb/btbb.la \      <--- Add this line
	-dlopen plugins/docsis/docsis.la \
	...

* Changes to 'wireshark-1.4.6/Configure.in'
At around line 1883:

Code:

AC_OUTPUT(
  ...
  plugins/asn1/Makefile
  plugins/btbb/Makefile     <--- Add this line
  plugins/docsis/Makefile
  ...

* Changes to 'wireshark-1.4.6/CMakeLists.txt'
At around line 353:

Code:

 if(ENABLE_PLUGINS)
	set(HAVE_PLUGINS 1)
	set(PLUGIN_DIR="${DATAFILE_DIR}/plugins/${CPACK_PACKAGE_VERSION}")
	set(PLUGIN_SRC_DIRS
		plugins/asn1
		plugins/btbb   <--- Add this line
		plugins/docsis
		...

* Changes to 'wireshark-1.4.6/epan/Makefile.am'
At around line 190:

Code:

 plugin_src = \
	../plugins/asn1/packet-asn1.c \
	../plugins/btbb/packet-btbb.c \    <--- Add this line
	../plugins/btbb/packet-btlmp.c \   <--- Add this line
	../plugins/docsis/packet-bintrngreq.c \
	...

* Changes to 'wireshark-1.4.6/packaging/nsis/Makefile.nmake'
At around line 47:

Code:

PLUGINS= \
	../../plugins/asn1/asn1.dll \
	../../plugins/btbb/btbb.dll \        <--- Add this line
	../../plugins/docsis/docsis.dll \
	...

* Changes to 'wireshark-1.4.6/packaging/nsis/wireshark.nsi'
At around line 878:

Code:

Section "Dissector Plugins" SecPlugins
;-------------------------------------------
SetOutPath '$INSTDIR\plugins\${VERSION}'
File "..\..\plugins\asn1\asn1.dll"
File "..\..\plugins\btbb\btbb.dll"        <--- Add this line
File "..\..\plugins\docsis\docsis.dll"
...

Now that you have done all the hard work, you can capture it into a patch file so that if you ever need to do it again, it's a much simpler process

Code:

mv wireshark-1.4.6 wireshark.new
tar xvf wireshark-1.4.6.tar.bz2
diff -rupN wireshark-1.4.6/ wireshark.new/ > btbb.patch

The above command will make a patch file of the differences between the original Wireshark source and your new modifications. It is important to note that it will also take into account the libbtbb files you copied in to the plugin folder. To get just the changes you made to the configuration/make files, just temporarily move the btbb folder somewhere else, then execute the diff command.

You can test the patch by moving it into the top-level of the clean Wireshark source directory and run:
[code]
patch -p1 < btbb.patch
[/quote]

If everything was successful you should see the exact same modifications as you made above.

Now we are ready to compile the Wireshark source along with the libbtbb plugin.

In order to compile Wireshark, you need the following dependencies. Some may be present on your system, but the below command references all of the requirements (beyond typical compile tools)

Code:

apt-get install autoconf libgtk2.0-dev libglib2.0-dev libgeoip-dev libpcre3-dev libpcap0.8-dev libtool byacc flex subversion

Compiling is a straightforward process but takes a bit of time. Simply move to the top level folder of your patched source and execute:

Code:

./autogen.sh
./configure
make
make install

Once that process is complete you should be able to run Wireshark and see 'btbb.so' listed under Help -> About -> Plugins.

If you want to save the binary or move it off to another platform, just look under Help -> About -> Folders -> Global Plugins to see where they are stored. You will need both btbb.so and btbb.la.

If everything worked, that's it. You are now able to decode bluetooth packets with btbb.


-----------------------------------------------------------
Here is the patch file for the current revision of libbtbb:

Code:

diff -rupN wireshark-1.4.6/CMakeLists.txt wireshark.new/CMakeLists.txt
--- wireshark-1.4.6/CMakeLists.txt	2011-04-18 14:43:07.000000000 -0400
+++ wireshark.new/CMakeLists.txt	2011-06-01 12:42:56.853391847 -0400
@@ -355,6 +355,7 @@ if(ENABLE_PLUGINS)
 	set(PLUGIN_DIR="${DATAFILE_DIR}/plugins/${CPACK_PACKAGE_VERSION}")
 	set(PLUGIN_SRC_DIRS
 		plugins/asn1
+		plugins/btbb
 		plugins/docsis
 		plugins/ethercat
 		plugins/giop
diff -rupN wireshark-1.4.6/configure.in wireshark.new/configure.in
--- wireshark-1.4.6/configure.in	2011-04-18 14:43:07.000000000 -0400
+++ wireshark.new/configure.in	2011-06-01 12:36:50.081391615 -0400
@@ -1881,6 +1881,7 @@ AC_OUTPUT(
   packaging/svr4/pkginfo
   plugins/Makefile
   plugins/asn1/Makefile
+  plugins/btbb/Makefile
   plugins/docsis/Makefile
   plugins/ethercat/Makefile
   plugins/giop/Makefile
diff -rupN wireshark-1.4.6/epan/Makefile.am wireshark.new/epan/Makefile.am
--- wireshark-1.4.6/epan/Makefile.am	2011-04-18 14:43:01.000000000 -0400
+++ wireshark.new/epan/Makefile.am	2011-06-01 12:40:35.305391757 -0400
@@ -189,6 +189,8 @@ if ENABLE_STATIC
 -include ../plugins/Custom.make
 plugin_src = \
 	../plugins/asn1/packet-asn1.c \
+	../plugins/btbb/packet-btbb.c \
+	../plugins/btbb/packet-btlmp.c \
 	../plugins/docsis/packet-bintrngreq.c \
 	../plugins/docsis/packet-bpkmattr.c \
 	../plugins/docsis/packet-bpkmreq.c \
diff -rupN wireshark-1.4.6/Makefile.am wireshark.new/Makefile.am
--- wireshark-1.4.6/Makefile.am	2011-04-18 14:43:07.000000000 -0400
+++ wireshark.new/Makefile.am	2011-06-01 12:34:02.169391507 -0400
@@ -265,6 +265,7 @@ if HAVE_PLUGINS
 -include plugins/Custom.make
 plugin_ldadd = $(_CUSTOM_plugin_ldadd_) \
 	-dlopen plugins/asn1/asn1.la \
+	-dlopen plugins/btbb/btbb.la \
 	-dlopen plugins/docsis/docsis.la \
 	-dlopen plugins/ethercat/ethercat.la \
 	-dlopen plugins/giop/cosnaming.la \
diff -rupN wireshark-1.4.6/packaging/nsis/Makefile.nmake wireshark.new/packaging/nsis/Makefile.nmake
--- wireshark-1.4.6/packaging/nsis/Makefile.nmake	2011-04-18 14:43:04.000000000 -0400
+++ wireshark.new/packaging/nsis/Makefile.nmake	2011-06-01 12:46:06.565391970 -0400
@@ -46,6 +46,7 @@ HELP=../../$(INSTALL_DIR)/help/capture_f
 
 PLUGINS= \
 	../../plugins/asn1/asn1.dll \
+	../../plugins/btbb/btbb.dll \
 	../../plugins/docsis/docsis.dll \
 	../../plugins/ethercat/ethercat.dll \
 	../../plugins/giop/coseventcomm.dll \
diff -rupN wireshark-1.4.6/packaging/nsis/wireshark.nsi wireshark.new/packaging/nsis/wireshark.nsi
--- wireshark-1.4.6/packaging/nsis/wireshark.nsi	2011-04-18 14:43:04.000000000 -0400
+++ wireshark.new/packaging/nsis/wireshark.nsi	2011-06-01 12:48:23.077392053 -0400
@@ -879,6 +879,7 @@ Section "Dissector Plugins" SecPlugins
 ;-------------------------------------------
 SetOutPath '$INSTDIR\plugins\${VERSION}'
 File "..\..\plugins\asn1\asn1.dll"
+File "..\..\plugins\btbb\btbb.dll"
 File "..\..\plugins\docsis\docsis.dll"
 File "..\..\plugins\ethercat\ethercat.dll"
 File "..\..\plugins\giop\coseventcomm.dll"
diff -rupN wireshark-1.4.6/plugins/Makefile.am wireshark.new/plugins/Makefile.am
--- wireshark-1.4.6/plugins/Makefile.am	2011-04-18 14:42:24.000000000 -0400
+++ wireshark.new/plugins/Makefile.am	2011-06-01 12:27:27.649391259 -0400
@@ -24,6 +24,7 @@
 -include Custom.make
 SUBDIRS = $(_CUSTOM_SUBDIRS_) \
 	asn1 \
+	btbb \
 	docsis \
 	ethercat \
 	giop \
diff -rupN wireshark-1.4.6/plugins/Makefile.nmake wireshark.new/plugins/Makefile.nmake
--- wireshark-1.4.6/plugins/Makefile.nmake	2011-04-18 14:42:24.000000000 -0400
+++ wireshark.new/plugins/Makefile.nmake	2011-06-01 12:29:31.217391333 -0400
@@ -8,6 +8,7 @@ include ..\config.nmake
 
 PLUGIN_LIST = \
 	asn1        \
+	btbb	    \
 	docsis      \
 	ethercat    \
 	giop        \

[pbearne]

Typo

wget http://downloads.sourceforge.net/pro...ibbtbb.0.5.tgz
tar xvf libbtb.0.5.tgz
cd libbtbb

tar xvf libbtbb.0.5.tgz

missing a b

[pbearne]

got it to work on bare metal after fixing the typo

Need a bit instructions on how to get wireshark to work got lost in here a bit mainly down to lack on knowledge of wireshark