HackDig : Dig high-quality web security articles

RuberTooth - A complete Ruby porting of the ubertooth libraries and utilities.

2015-02-13 02:10

Today, finally my ubertooth arrived and I immediately started hacking with it.

ubertooth

I installed its libraries and tools both on OS X and on my Linux virtual machine, and after a while I noticed a few things:

  • The compilation process is not well documented for newer versions of OS X, thus manual code patching here and there is required.
  • Some of the tools are only available for GNU/Linux.
  • Some of the tools are unstable.
  • There's no way to create my own UberTooth scripts without using C.

Regarding the last point, there is a Python porting which is incomplete, it lacks most of the features that the native libraries have, so ubertooth is definitely not a scriptable device ... or maybe not :)

I studied the USB communication protocol implemented inside libubertooth and found out that is very easy and well implemented, so I started to write some Ruby code ( I hate Python! ) using the libusb gem and a new project was born :)

rubertooth in action

This project, RuberTooth, aims to be a complete Ruby porting of the ubertooth libraries and utilities, made by hackers for hackers, so anyone will be able to easily create scripts for their ubertooth devices.

Here's an example BLE packet sniffer ( which is the equivalent of the ubertooth-btle native tool ).

$LOAD_PATH.unshift File.expand_path("../../lib", __FILE__)

require 'ubertooth'  
require 'usbpktrx'  
require 'lepacket'

uber = RUbertooth::Ubertooth.new

uber.set_modulation RUbertooth::Ubertooth::MODULATIONS[:MOD_BT_LOW_ENERGY]  
uber.set_channel 2402  
uber.btle_sniffing 2

prev_ts = 0

loop do  
    uber.poll do |pkt|
        next unless not pkt.nil?

        access_address = 0
        4.times do |i|
            access_address |= pkt.data[i] << (i * 8)
        end

        ts_diff = pkt.clk100ns - prev_ts
        prev_ts = pkt.clk100ns

        printf "nfreq=%d addr=%08x delta_t=%.03f msn", pkt.channel + 2402, access_address, ts_diff / 10000.0

        len = (pkt.data[5] & 0x3f) + 6 + 3
        len = 50 unless len <= 50

        print "  "
        (4..len - 1).each do |i|
            printf "%02x ", pkt.data[i]
        end
        puts

        lepkt = RUbertooth::BlueTooth::LePacket.decode pkt.data, pkt.channel + 2402, pkt.clk100ns

        lepkt.dump
    end

    sleep 0.5
end  


Source: a-seirarbil-htootrebu-eht-fo-gnitrop-ybur-etelpmoc-a-htootrebur/21/20/5102/ten.tekcoslive.www

Read:5046 | Comments:0 | Tags:hack library BLE bluetooth low energy bluetooth ubertooth ru

“RuberTooth - A complete Ruby porting of the ubertooth libraries and utilities.”0 Comments

Submit A Comment

Name:

Email:

Blog :

Verification Code:

Announce

Share high-quality web security related articles with you:)
Tell me why you support me <3

Tag Cloud