Jump to content

Ubertooth

From YawgNetWiki

Just a quick resource on Ubertooth things

Wireshark

[edit]

After toying around with this, I found the best way to operate was as follows:

  • Make the pipe
   mkfifo /tmp/uberpipe0
  • Open Wireshark
    • Click Capture -> Options
    • Manage Interfaces
    • Make a new Pipe and rename to /tmp/uberpipe0
    • Click Save/Close and Start capturing the pipe
  • In a terminal run
   ubertooth-btle -f -c /tmp/uberpipe0
  • You may need to change the encapsulation if you get a "User encapsulation not handled: DLT=147"
    • Go to Edit -> Preferences -> Protocols -> DLT_USER
    • Set DLT to "User 0 (DLT=147)" or whichever DLT number in the error
    • Set Payload Protocol to "btle"


After you've identified the mac of the device you'd prefer to chase instead of seeing the stream of crap from everything else, you may want to capture more than just advertisements. Run the following and you should be able to get a bit more detail: 

   ubertooth-btle -t aa:bb:cc:dd:ee:ff

Kismet

[edit]

Most kismet packages from pacman/apt don't seem to work with ubertooth out of the box, so you will need to grab and compile it yourself.

Setup

[edit]
  • Grab the latest source
   git clone https://www.kismetwireless.net/git/kismet.git
  • Ensure you have the dependencies covered
    apt install build-essential git libmicrohttpd-dev pkg-config zlib1g-dev libnl-3-dev libnl-genl-3-dev libcap-dev libpcap-dev libnm-dev libdw-dev libsqlite3-dev libprotobuf-dev libprotobuf-c-dev protobuf-compiler protobuf-c-compiler libsensors4-dev libusb-1.0-0-dev python3 python3-setuptools python3-protobuf python3-requests python3-numpy python3-serial python3-usb python3-dev librtlsdr0 libubertooth-dev libbtbb-dev
  • Install
   cd kismet
   ./configure
   make
   sudo make suidinstall

Starting

[edit]

Barring no issues in the setup above, you should now be able to start kismet with the ubertooth source using 

   kismet -c ubertooth

There is a bug in the ubertooth firmware (as of 2019-12) where channel hopping can lead to a firmware crash, requiring a physical removal and re-insertion of the ubertooth device, so Kismet has channel hopping disabled and only looks on Channel 37 by default. Alternate channels can be viewed with: 

   kismet -c ubertooth:channel=39


References

[edit]
Retrieved from "https://yawg.net/index.php?title=Ubertooth&oldid=27"