NCC Group Releases "World's First Open Source Sniffer" for Bluetooth 5, Bluetooth 4.x LE
Compatible with low-cost TI Launchpad dev boards, Sniffle is claimed to be the world's first open source Bluetooth 5.0 sniffing utility.
NCC Group has released what it describes as the world's first open source sniffer utility for Bluetooth 5 and Bluetooth 4.x Low Energy (LE) communications: Sniffle, initially compatible with the CC26x2R and CC1352R LaunchPad development boards.
Designed for Bluetooth development, debugging, testing, and reverse engineering, and surely to be of aid to security researchers as well, Sniffle features Python-based host-side software which can display packets in real-time and capture them to a PCAP packet capture file compatible with the Ubertooth wireless development platform and Wireshark packet analysis software.
"Sniffle has a number of innovative and useful features that allow easy, convenient, and reliable sniffing. One major feature is the ability to capture advertisements for a particular MAC address on all three primary advertising channels using a single sniffer by hopping through advertising channels together with the target. This makes connection detection three times more reliable than most existing sniffers that only stay on a single advertising channel. Sniffle can usually detect connection establishment with over 90 percent reliability." - NCC Group's Sultan Qasim Kahn
Sniffle includes support for the extended length advertisement and data packets permitted by the Bluetooth 4.2 and Bluetooth 5 standards, Bluetooth 5 channel selection algorithms one and two, 1M, 2M, and FEC-coded Bluetooth 5 PHY modes, the optional ability to discard all but advertisement traffic and to filter advertisements by MAC address and RSSI, as well as support for channel map, connection parameter, and PHY change operations.
"A reliable and easy to use sniffer can greatly facilitate the development, debugging, testing, and reverse engineering of devices using Bluetooth 5 and 4.x LE."
More information on Sniffle can be found on the NCC Group website, while the tool itself is available on the NCC Group GitHub repository under the GNU General Public Licence Version 3.