Bluetooth hacking

Troberg

Well-Known Member
Licensed User
Longtime User
Any hints on how to reverse engineer the protocol of an unknown bluetooth device? Back in the old days, with RS232 serial communication, it was a piece of cake to make a cable to "listen in" on the communication, but I suspect it's harder with bluetooth.

So, if I have a device controlled by bluetooth, but without any documentation on APIs and commands, and I want to make a better program to control it, how do I go about it to "listen in" on the communication?
 

KitCarlson

Active Member
Licensed User
Longtime User
You need to get to the rx, tx in hardware. I use a Saleae LA, to view both sides of communications. The analyzer shows both the chars and bytes.

I have the rx, tx available at UART on the embedded side that I develop.
 
Last edited:

Troberg

Well-Known Member
Licensed User
Longtime User
Except that the current app, which I'd like to replace, is for Android...

Best of all would have been some kind of software based bluetooth repeater that logged the traffic.
 

stevel05

Expert
Licensed User
Longtime User
is for Android...
Yes, but the incoming data will be the same and I just find it simpler to manipulate and work with this kind of data in B4j. As it's non Gui, the code should be very similar, if not identical in B4j and Android, and you don't have to use an emulator or device for long periods. You could write a class to do the work would should then work on both.
 

Troberg

Well-Known Member
Licensed User
Longtime User
But the device is not under my control either. Seems easier to hack the phone side than the device side.
 

stevel05

Expert
Licensed User
Longtime User
I don't think you can access the device side, you will get the same incoming data in B4j as you would in B4a, just my preference.
 
Top