Logo

dev-resources.site

for different kinds of informations.

Capturing the perfect (radio) wave

Published at
10/30/2024
Categories
bluetooth
zephyr
rfcreations
Author
denladeside
Categories
3 categories in total
bluetooth
open
zephyr
open
rfcreations
open
Author
11 person written this
denladeside
open
Capturing the perfect (radio) wave

Introduction

When developing and debugging bluetooth solutions, it is often necessary to know exactly what is communicated in the air between connected devices.

For this purpose, a Bluetooth Protocol Analyzer (or Bluetooth Sniffer) is needed and in this post, I’ll show you how to get started, using the RFcreations mini-moreph together with the blueSpy software, available for download on the RCcreations website.

The software is available for Linux, Windows and Mac. A big plus for me, as I am using Linux on my main development machine.

Getting started with Bluetooth sniffers

Even though I have been developing software in general for almost 40 years and wireless related for the last 10, only recently, I’ve been introduced to using Bluetooth protocol analyzers to debug Bluetooth solutions and this has been a great eye-opener for me (comparable to when I got my first oscilloscope after having done electronics “in the blind” for some years).

I am not an expert (yet) but find the blueSpy software very enjoyable to use and even though the RFcreations solution can capture and analyze very advanced stuff, I’m happy to see that the UI is snappy and the UX being very intuitive. This allows me to explore and learn while using the tool and not being required to look through a bunch of documentation at the same time.

Our first capture

I thought about what would be a good first capture, and remembered, I recently made a very simple Bluetooth Low Energy demo using Zephyr and Web, covered in an earlier post.

SimpleWebZephyr image

After powering up the Nordic Semiconductor nRF52840 Dongle, I connected the mini-moreph via USB and started the blueSpy software.

Initially, the screen looks like this:

blueSpy start screen
Full size

NOTE: If the device is not automatically found and you are using Linux, remember to add a udev rule to allow userspace access to the device (see the PDF manual included with the software):

SUBSYSTEM=="usb", ATTRS{idVendor}=="2bbd", ATTRS{idProduct}=="00f3", MODE="0666"
Enter fullscreen mode Exit fullscreen mode

Starting the capture

Click the red capture button to start capturing all traffic in the air. You should now see the “Filter devices” tab to the right quickly being filled with devices found around the analyzer. At first it can look a bit chaotic, but clicking the search button in the upper right corner allows you to write a partial name, which should quickly bring the device of interest to the top of the table.

NOTE: I’ve also disabled WiFi capture and a few others in this example (keeping the summary view clean and focused).

Filtering summary
Full size

Now click the check mark in the “Shown” column for that device and see the filtered traffic starting to flow in the summary panel.

Filter device
Full size

We quickly see a bunch of advertising data, emitted from the ‘Simple Web Zephyr’ dongle.

Connecting from Web

Now, from a phone, I open the test web page for the project and request a connection to the dongle. Then we see the following initial handshake in the capture summary, including discovery of the service requested from the web application.

Connection and discovery
Full size

If I try to press and release the button on the nRF Dongle, I see two notifications being sent from the dongle. The first with the payload value 0x01 (indicating "Pressed")...

Pressed notify
Full size

...and the second with the payload value 0x00 (indicating "Released") - just as expected:

Released notify
Full size

From the web application, I now select the color red (payload: [0xFF, 0x00, 0x00])…

Write red 0xff,0x00,0x00
Full size

…followed by blue (payload: [0x00, 0x00, 0xFF])…

Write blue 0x00,0x00,0xff
Full size

Again, the data captured is as expected, but it’s nice to verify :)

Disconnecting the web application from the dongle lets the dongle firmware go back to advertising mode, which we verify in the summary pane.

Disconnect, advertising
Full size

Storing capture files

Sometimes, capture files can become quite large - especially if the capture was made in an area with a lot of wireless traffic. To help solve this problem, I found a very neat feature in the blueSpy software file menu, called “Save Advanced…”, which allows you to store just the packets shown in the current filtered summary.

Save capture
Full size

In my case, this brought the capture file size down to ~2Mb (compared to ~90Mb for the full capture).

Conclusion

I had great fun, finally being able to see the Bluetooth traffic in the air after developing and debugging Bluetooth solutions “in the blind” for years - and blueSpy made it enjoyable.

In my next post, I’ll try to capture some LE Audio Broadcast sources to see how the analyzer handles those.

bluetooth Article's
30 articles in total
Favicon
Building a BLE Real-Time macOS Menu Bar App
Favicon
"Why is it, when something happens, it is always you TWO?"- troubleshooting Bluetooth and Wi-Fi devices on Debian 12
Favicon
🎉 The Fun Beginner’s Guide to Bluetooth on Void Linux 🎉
Favicon
Automated Session Control with Bluetooth: An Insight into ble-lock-session
Favicon
Capturing the perfect (radio) wave
Favicon
How the Web Bluetooth API Enhances Passkeys
Favicon
High-Power Bluetooth LE Modules and Their Applications
Favicon
Broadcast Audio URI
Favicon
What's the Difference of BLE Connection Roles: Central vs. Peripheral?
Favicon
Embedded Rust Bluetooth on ESP: BLE Scanner
Favicon
RF-star Introduces CC2642R-Q1 Automotive Grade BLE Module for PEPS, PaaK, and BMS
Favicon
How To Use The Web Bluetooth API
Favicon
Unraveling the Wonders of Bluetooth: Connecting the World Wirelessly
Favicon
Bluetooth Bring-Up in AOSP
Favicon
How to disable the Lock key on a non-Mac Bluetooth Keyboard
Favicon
Passkeys Bluetooth: Cross-Platform Authentication
Favicon
a2dp-sink profile Protocol not available
Favicon
Handling Bluetooth Programmatically on Windows
Favicon
Developing a Bluetooth Low energy-based application
Favicon
Interacting with Shimmer3 using Node SerialPort
Favicon
TOP 5 ALL-IN-ONE BEST PRINTERS & SCANNERS FOR 2023
Favicon
From PulseAudio to PipeWire
Favicon
Struggling to fix: Bluetooth connection failed: protocol not available?
Favicon
Bluetooth LE cihazlarla çalışma
Favicon
Demystifying machine learning via Bluetooth with Arduino
Favicon
Interacting with Polar Verity Sense using Web Bluetooth
Favicon
Hacking Nespresso Expert Machine To Brew Coffee Using Custom Applications Via Bluetooth
Favicon
A Rundown of IoT Communication Protocols — and Expert Tips for Choosing One for Your Project
Favicon
How to choose in your smart home,is Bluetooth, ZigBee, or WiFi
Favicon
Using Web Bluetooth in an Electron App in 2022

Featured ones: