Bluetooth Hci Snoop Log Android


Android Comms Test Suite

Bluetooth HCI snoop log on Android 8 (Oreo)

The Android Comms Test Suite performs automated testing of connectivity stacks, such as Wi-Fi, Bluetooth, and cellular services. The testing tool requires adb and python, and it can be found in tools/test/connectivity/acts.

The ACTS tests for Bluetooth and Bluetooth Low Energy are found in and respectively.

Auditing Bluetooth Communications With Wireshark On Android

For a security analyst then it will become increasingly important to be able to audit the features of the software related to Bluetooth. In order to do a better analysis of Bluetooth communication, you would ideally use a dedicated device like the Ubertooth One. If you dont own a sniffing device however, you arent necessarily out of luck. In many cases we can obtain positive results with a new feature introduced in Android 4.4: the ability to capture all Bluetooth HCI packets and save them to a file. When the Analyst has finished populating the capture file by running the application being tested, he can pull the file generated by Android into the external storage of the device and analyze it . Once this setting is activated, Android will save the packet capture to /sdcard/btsnoop_hci.log to be pulled by the analyst and inspected. We can then open a shell and pull the file: $adb pull /sdcard/btsnoop_hci.log andinspect it with Wireshark, such as a PCAP collected by sniffing WiFi traffic for example, so it is very simple and well supported:

Wireshark capture using Android HCI snoop

:/etc/bluetooth $ ls -l        -rw-r--r-- root root 1541 2013-09-30 00:52 auto_pair_devlist.conf        -rw-r--r-- root root 2821 2013-09-30 00:52 bt_did.conf        -rw-r--r-- root root 947 2013-09-30 00:52 bt_stack.conf        

The content for the auto_pair_devlist.con file looks as follows:

Big thanks and credits to Sebastiàn Guerrero about how to customize the settings and the output logs.

How To Capture Bluetooth Packets On Android 44

New mobile applications are constantly improving their use of advanced device features, like sensors and short range networks. In particular we have seen increased and wide-ranging use of Bluetooth. Bluetooth is a wireless technology used to exchange data at short ranges with high frequency radio waves that has been around for about 20 years. Over time it has evolved with many versions and specifications. This technology is ubiquitous today. It is found it in smartphones and tablets , cars, accessories such as headphones and embedded devices, computers, speakers, and many other places. The number of applications leveraging Bluetooth will increase in the coming years. I anticipate Bluetooth Low Energy partnered with wearable devices such as Google Glass or the Samsung Gear smart watch will be a driving force behind this.

Developer option to enable Bluetooth HCI snoop

Recommended Reading: How To Control Android From Pc

Pros And Cons Of This Technique:


  • Very easy to perform
  • Supported by open source tools
  • Even if we dont know exactly what kind of Bluetooth connection the app uses, we can get the traffic anyway
  • Cons:

  • It simulates an attack by a privileged adversary that has access to the device, not a more general attack where the attacker can only sniff radio traffic, so we have only a part of the picture of the security of the application or device.
  • It works only on Android > = 4.4
  • Once the application is audited in this way, you still have work to do to understand if the information passed in the Bluetooth communication is properly protected by, for example, Bluetooth encryption.
  • What to read next:
    2016 NowSecure Mobile Security Report Now Available

    The NowSecure team plunged into the depths of our mobile security intelligence to gather and correlate data in order to present a snapshot of the current state of mobile security.

    Where Is Bluetooth Hci Snoop Log Android

    How to test if Bluetooth headphones use aptX or other ...

    For most Android devices, the logs are stored in data/misc/bluetooth/logs . For privacy reasons, always-on, in-memory BTSnoop only logs non-personal information and events. To log all data, the user needs to enable Bluetooth HCI snoop by doing the following: Enable Developer options on the device.

    You May Like: Best Vpn App For Android

    How Do I Get Hci Log From Bluetooth

    Turn off Bluetoothon your Android device. Turn Bluetoothon. Restart or reboot your android device. Once this procedure is complete, your device is able to generate the HCI log file and saves it to /sdcard/btsnoop_hci.log. When retrieving the HCI log from the android device you have two options. a) You can connect your android device to a computer.

    Should I Force Gpu Rendering

    When you leave a GPU on all the time, youll see a 10-15% reduction in battery life. GPUs consume more power than CPUs, so you should expect to see a 10-15% reduction in battery life. It makes sense to force GPU rendering on devices with a weaker CPU when it comes to GPU rendering. It would be best to leave your device running at all times if it is not a quad-core.

    You May Like: Best Porn Blocking App For Android

    There’s More There Than Usb Debugging

    Hidden in the settings on your phone, are settings used for debugging and application development. While plenty of us have dove in there to switch to the ART runtime or to enable USB debugging, there’s a long list of options. While most of us will never use them, it’s always nice to know what’s going on under the hood of your phone.

    Let’s take a look at them, and see if we can’t decipher some of these settings so that all of us have a better understading of what happens when you tap them. Come on, you’ve tapped them …

    How Do You Find A Bluetooth Device That Is Off

    Galaxy S20/S20+: How to Enable/Disable Bluetooth HCI Snoop Log

    Bluetooth Scanner app. Will help you search for nearby Bluetooth devices, so you can narrow down your search area range. You will need to download an app from the app store. Alternatively, keep scanning manually on your phone to see if your Bluetooth headphones show on your list of nearby headsets to connect to.

    Don’t Miss: How To Develop An App For Android Free

    Bluetooth Le Packet Capture On Android

    At Propeller Health we develop products that help people with asthma or COPD manage their condition. One component of our platform is a sensor that attaches to a persons inhaled medication and sends medication usage data to a connected device over Bluetooth Low Energy .

    BLE communication in Android can be finicky for many reasons, including inconsistencies in hardware such as Bluetooth

    Using Bleah For Ble Attacks

    Bleah is a BLE scanner. It’s based on the bluepy python library. In this section, we are going to see how we can “hack” BLE devices using Bleah.

    To get started, we will need


    First ensure, Bluepy is working as expected.

    Go to bluepy directory. Open a terminal and typesudo ./bluepy-helper 0 followed by le on as shown below

    A success message indicates Bluepy is functioning correctly. Now, lets see how we can use Bleah for BLE hacking.

    Step 1: In the same terminal type Scan to scan for BLE devices in the vicinity.

    Our BLE device address is F81D78607184

    Step 2: Open another terminal and run sudo bleah -t0 where t0 means to scan continuously.

    Step 3: We can connect to the specific device and enumerate all the Services and Characterstics using.

    sudo bleah -b "aa:bb:cc:dd:ee:ff" -e

    where,aa:bb:cc:dd:ee:ff stands for device address-b means to filter by device address-e means to connect to the device and perform enumeration

    Step 4: For writing data to a specific characteristics run.

    sudo bleah -b "aa:bb:cc:dd:ee:ff" -u "0000ffe9-0000-1000-8000-00805f9b34fb" -d "data"

    As we just saw, Bleah is a powerful tool for conducting attacks on BLE devices. It automates many of the steps which otherwise we need to do manually.

    Read Also: Best Way To Secure Your Android Phone

    How Does Bluetooth Hci Snoop Log Work On Android

    When the Bluetooth HCI snoop log is enabled, the Android framework will capture Bluetooth packets sent and received between central and peripheral devices and store them as part of a bug report. To enable the Bluetooth HCI snoop log: On stock Android open Settings > System > Advanced > Developer options

    Retrieving The Hci Log


    Now that Developer options have been activated on the Android device, you can retrieve the HCI log.

  • On the Android device go to Settings.
  • Select Developer options.
  • Return to the Settings screen and select Developer options.
  • In the Developer options screen select Enable Bluetooth HCI snoop log. The log file is now enabled.
  • Typical Android Developer options screen

  • On the Android device turn off Bluetooth.
  • Turn on Bluetooth.
  • The HCI log file is now being generated and is saved to /sdcard/btsnoop_hci.log.

    Note: Samsung devices have a slightly different location for the btsnoop file.

    There are two options for retrieving the HCI log from the Android device.

  • Attach the Android device to your computer. The file /sdcard/btsnoop_hci.log is in the root of one of the mountable drives. Copy the file to directory C:/Users/Public/Public Documents/Frontline Test Equipement/My Capture File/.
  • The second option is to use the Android Debug Bridge using the following steps. The debug bridge is included with Android Software Developer Kit.
  • On the Androd device Development screen, select Android debugging or USB debugging.
  • Connect your computer and Android device with a USB cable.
  • Open a terminal on your computer and run the following command.

    adb devices.

  • Your Android device should show up in this list confirming that ADB is working.

    List of devices attached

  • Don’t Miss: Create Android App Without Coding Free

    How Can I Retrieve Data From Bluetooth

  • Your computer should be connected to the Bleuio dongle.
  • The index.html file should now be open.
  • The device will load on your com port after you click connect.
  • The port you want to use for your computer is the one you selected.
  • The script should only be used for Hibou Devices.
  • You can start getting data by selecting a device
  • You can stop receiving data once you click the stop button.
  • Why Wont My Fitbit Get My Text Messages

    Make sure your phone is within 30 feet of your Fitbit. Check that you turned on Bluetooth on your phone and that your phone has notifications on. Verify that you turned on notifications in your phone settings and within the Fitbit app. Turn off Do Not Disturb and Sleep Mode on your phone and Fitbit.

    Read Also: Best Kitchen Design App For Android

    How To Get The Bluetooth Host Controller Interface Logs From A Modern Android Phone

    Most of the guidance floating around the internet for extracting the Bluetooth HCI logs from Android is grossly out of date. Here is how I managed to achieve it with a Samsung Galaxy S10 running Android version 10.

    Things that dont work on this version of android, for this phone at least, include:

  • Live capture via Wiresharks androiddump tool
  • Copying the file directly from the filesystem using adb pull
  • Here is what worked for me:

    How To Force Bluetooth Pairing Through Debug Mode On Android

    Samsung Galaxy S10 / S10+: How to Enable / Disable Bluetooth HCI snoop log

    A wireless ADB pairing dialog is displayed. You should update your SDK Platform-Tools on your workstation. Developer options can be enabled on the device. Make sure that Wireless debugging is enabled. Does the dialog box ask you to allow wireless debugging on this network?? You can click Allow to allow the program to run. The device with the pairing code will be selected.

    Recommended Reading: How To Make Android Apps Using C++

    How Do I Set Up My Fitbit Sense

    Today tab > your profile picture > Set Up a Device. If you dont have a Fitbit account, tap Join Fitbit to be guided through a series of questions to create a Fitbit account. 3. Continue to follow the on-screen instructions to connect Sense to your account.

    What Are Hci Commands

    The HCI Link instructions present the Host with the power to manage the hyperlink layer connections to different Bluetooth units. These instructions usually contain the Link Manager to change LMP instructions with distant Bluetooth units. The HCI Policy instructions are used to have an effect on the behaviour of the native and distant LM.

    Also Check: Does Uber Driver App Work With Android Auto

    Debugging Android Bluetooth Communications

    Working with bluetooth communications can be tedious and frusterating. It can often be invaluable to be able to know exactly how many packets were sent and exactly to what device. Or perhaps you are just curious about what the heck goes back and forth between your phone and those fancy BT mesh lightbulbs? Follow these instructions to sniff your phones bluetooth traffic!

    You will need:

    • Android phone running version 4.4 or later
    • Android phone in Developer Mode
    • Bluetooth HCI Snoop Log enabled on Android phone
    • An easy way to move a file from the android phone to your dev computer. I use Google Drive.

    The Android phone needs to be in developer mode. In the developer menu, the Bluetooth HCI Snoop Log setting needs to be enabled. This setting will generate a log file of all of the bluetooth activity in and out of the phone with great detail. However, you need to enable the setting and THEN TOGGLE THE BLUETOOTH ON/OFF in order to get the file/folder to be initialized.

    Various versions of the Android operating system can write the btsnoop file/folder in slightly different places. Go to Files and search for btsnoop. The log files should have a .cfa extension. You may need to go into the settings and toggle on show internal storage to get the files/folder to show up. Each time you turn on and off your bluetooth radio, a new file is generated in this btsnoop folder.

    Bluetooth Hci Snoop Log


    Android starting from version 4.4 onwards has an option to record all bluetooth packets going in/out from the device. To enable capture of bluetooth traffic follow the steps below. Ensure that the android app is installed.

    Step 1 : Go to mobile Settings and enable the developer option.

    Step 2 : Go to “developer option” and enable Bluetooth HCI snoop log.

    Step 3 : Run the android app app and send some commands to the bulb to change its color. Repeat this several times.

    Step 4 : Corresponding to our commands we can find the captured file of the Bluetooth traffic at /sdcard/btsnoop_hci.log or /internal Storage/btsnoop_hci.log

    Note – In some devices, btsnoop_hci.log is created in a different location like /sdcard/Android/data/btsnoop_hci.log.

    Transfer the captured log file to a computer/laptop using Email, Google Drive or you can connect the android device to your laptop via USB cable.

    Step 4 : Analyze the capture packets in Wireshark. Wireshark is a free and open source packet analyzer tool and can be installed by running

    sudo apt install wireshark-qt

    For more information on how to use Wireshark for analysis refer to our blog GHOST_URL/exploiting-iot-enabled-ble-smart-bulb-security/

    Alternatively, you can open this capture file in a text editor like nano.

    Also Check: Where Do You Get Podcasts On Android

    Why Wont My Fitbit Sense Sync With My Phone

    Troubleshooting steps On your phone, go to Settings > Bluetooth and turn Bluetooth off and back on. If your Fitbit device doesnt sync, restart it. If your Fitbit device still doesnt sync, remove all other Fitbit devices from your account and from the list of connected Bluetooth devices on your phone and try to sync.

    What Is Bluetooth Hci Snoop Log

    A BluetoothHCI snoop log is a log file that contains all the Bluetoothtransmissions that you have made on your android gadget. Having this file means that youve got an app that allows logging or which logs of all Bluetoothcommunications, your android gadget logs Bluetoothusage automatically or you allow Bluetoothtransmission logging.

    This is a storage of data of Bluetoothusage over time and hence should not be anything to be troubled about. It can even be deleted without a problem to clear the Bluetoothusage history on your device but it will be restored and updated with fresher Bluetoothuse unless the logging of Bluetoothusage is disabled. You should not worry about it since it is an ordinary feature from android 4.4+.

    Most android devices are able to log full Bluetoothtransmissions. Before android 4.4 one required root and app such as BluetoothHCI log. In all gadgets with android developer settings, beginning with android 4.4, the log choice is in existence.

    Don’t Miss: How To Make Your Own Game App For Android Free

    Location Of Btsnoop: Hci Log File

    Hi,I cannot find my file btsnoop_hci.log, which is supposed to be in /sdcard/btsnoop_hci.log.Is there another path to look for, or should I deduce that my logs arent generated ?All the best,

    Hi and welcome to the Fairphone forum,

    Logs are generated but well hidden and in a different format:You need to create a bugreport after snooping, e.g. via adb bugreport, then unpack the zip file and look for the folder FS/data/misc/bluetooth/logs/. There should be some files named hci_snoop< sometimestamp> .cfa which can be opened with wireshark.

    On some posts regarding the the bluetooth snooping it was recommended to first turn bluetooth off, enable snooping, enable bluetooth, do tests, disable bluetooth, disable snooping exactly in this order. Otherwise the logs might not appear.

    Great thank you, I didnt knew this command, cause Im a perfect newcomer to android world.I followed your instructions concerning snooping as well.Id did got some file, but sadly no misc folder .

    ‘unlocking’ The Developer Options Settings

    Samsung Galaxy S20 : How to enable or disable Bluetooth HCI snoop log (Android 10)

    As we mentioned, the developer options on your phone are hidden by default. This actually makes a lot of sense, because they are easy to “unhide” and most people have little need to use any of them. But everyone reading this is a bit more advanced than most people, simply because you are reading an Android enthusiast website.

    Unlocking them is easy-peasy. Open the settings on your phone, and find the “About” section. Look through it until you see the “Build number” entry. Tap if five times in quick succession, and you should see a small dialog letting you know that you’re now a developer. Try not to break stuff, mmkay? Or break everything either way is good! Really, some of these settings can make your phone run really really poorly.

    Let’s have a look at them and figure out why.

    Read Also: Indigo Credit Card App For Android

    Share post:


    More like this

    Missed Call Auto Reply Android

    More Automatic...

    Free Toddler Apps For Android

    Setting Limits...

    How To Watch Redzone On Android

    Which Devices...

    How To Video Chat With Iphone And Android

    Best Video...