Grrrrr.
-
@benetherington which sniffer for Android do you recommend?
-
@Edent No clue, sorry!
-
@benetherington Have you ever done any BLE packet sniffing?
-
@Edent No. As far as I know, you need dedicated hardware for it. Maybe there’s a way to convince an NRF chip into sniffing mode? I have an iOS app published by Nordic that shows advertising packets, but once devices are paired, I’m out of my depth.
-
@benetherington I'm sorry, I'm struggling to understand why you bothered replying at all?
-
@Edent Yes, Wireshark can sniff USB both on your Linux host and (I believe) the Windows guest.
On Linux you could also use the "usbmon" kernel module directly (which is what Wireshark's using).
https://wiki.wireshark.org/CaptureSetup/USB
https://docs.kernel.org/usb/usbmon.html -
@henryk aha! Thanks. For some reason, my laptop won't let me use usbmon. Trying to add it just gives
modprobe: ERROR: could not insert 'usbmon': Invalid argumentWill bash my head against the keyboard until it works
-
@Edent Check dmesg, there should be a more verbose kernel error. (Most likely: Your distribution did not install the module by default.)
-
@henryk thanks! A reboot did the trick.
-
Well, I've sniffed the USB connection, and I'm pretty sure I've found the individual packets which send the image to the eInk screen via NFC.
No idea how to actually decode them. So I guess I'll stick with the shitty Android app.
If anyone fancies doing some decompiling, let me know
-
And, yes, I got it to run DOOM!
(Obviously not. I can stream Doom to it at 2 frames per *minute*.)
-
@Edent Bad Apple when?
-
@tswsl
The Android developer menu Bluetooth HCI snoop log will store all Bluetooth traffic (both directions, including BTLE) in a PCAP format file called btsnoop_hci.log in a model dependent location, cf. https://stackoverflow.com/a/43046823
@Edent -
-
@Edent
Yeah, the BTLE layer 2 protocol isn't very exciting, and the fragmentation and indirection between UUIDs and handles doesn't make it easy to follow. You should also query the device with https://play.google.com/store/apps/details?id=no.nordicsemi.android.mcp to get a map of the UUIDs and which ones are read/write. Maybe googling the device ID will yield prior work as well.
@tswsl -
@ge0rg oooh! That's useful. It shows me that the BLE isn't active until it receives an NFC message.
Thanks