For those who haven't heard, Ubertooth one is an open-source, relatively inexpensive (~110USD) hardware platform for bluetooth packet capture and experimentation. This how-to will give a basic rundown on how to install and capture/analyze packets with the latest source (r238).
Topics covered include:
• Installing Ubertooth dependencies/source
• Building/testing Kismet plugin
• Installing Wireshark plugin
The first step is to setup the pyside repository to access precompiled binaries.
- Download pre-compiled binary dependencies
apt-get install python-software-properties
- Compile and install PyUSB extension
apt-get install libnl-dev libusb-1.0-0-dev pyside-tools
- Compile and Install libbtbb
tar xvf pyusb-1.0.0-a1.tar.gz
python setup.py install
- Download and extract r238 of Ubertooth source
tar xvf libbtb.0.5.tgz
With all of the dependencies installed, everything should be good to go in order to run the basic functionality of the Ubertooth adapter. A good test is to run the include spectrum analyzer:
tar xvf ubertooth-r238.tar.gz
You should see a window pop up with a nifty view of your local 2.4ghz spectrum.
**Capturing Bluetooth Packets**
- Reset ubertooth by unplugging and plugging it back in
- Test packet capture by compiling and running the following
While this provides basic info about the packets flowing over the air, much more detail is provided via the Kismet plugin.
- Prep kismet source in a new terminal
- Compile ubertooth kismet plugin
tar xvf kismet-2011-03-R2.tar.gz -C /usr/src/
mv /usr/src/kismet-2011-03-R2/ /usr/src/kismet
- Add 'pcapbtbb' to the logtypes= line in /usr/local/etc/kismet.conf
- Run kismet with source and name as ubertooth
- Enable the ubertooth plugin via Kismet -> Plugins -> Select Plugin
Kismet will run like normal, using the Ubertooth to capture bluetooth packets and logging them to a capture file. In order to visualize this capture easily, libbtbb include the source code to build a Wireshark plugin.
You can either compile the plugin using the Wireshark source following instructions in doc/README.plugins. However, it is quite a process. Or you can just put the attached precompiled binaries for the 32 bit version of BT5 (btbb.la / btbb.so) in '/usr/local/lib/wireshark/plugins/1.4.6' and off you go. You can now simply open the appropriate Kismet capture file in Wireshark.
Hope this helps inspire someone to do some bluetooth hacking!
BTBB Wireshark Plugin.zip