I recently bought chinesse device that connects via bluetooth with android phone / tablet. Since there is no application availible for windows / linux I want to create one for personal usage.
Usually phone connects to the device and exchanges some data. I connected PC to the device and looked into serial debugger and menaged to discover the protocol (one way only). Phone sends only one command to the device. But this time I'm not able to find out what it containts.
Is there any software that will allow me to look into data sent via bluetooth? I tried decompiling the app, but it looks really unfriendly.
Thanks.
Android 4.4 (Kit Kat) does have a new sniffing capability for Bluetooth. You should give it a try.
If you don’t own a sniffing device however, you aren’t necessarily out
of luck. In many cases we can obtain positive results with a new
feature introduced in Android 4.4: the ability to capture all
Bluetooth HCI packets and save them to a file.
When the Analyst has finished populating the capture file by running
the application being tested, he can pull the file generated by
Android into the external storage of the device and analyze it (with
Wireshark, for example).
Once this setting is activated, Android will save the packet capture
to /sdcard/btsnoop_hci.log to be pulled by the analyst and inspected.
Type the following in case /sdcard/ is not the right path on your particular device:
adb shell echo \$EXTERNAL_STORAGE
We can then open a shell and pull the file: $adb pull
/sdcard/btsnoop_hci.log and inspect it with Wireshark, just like a PCAP
collected by sniffing WiFi traffic for example, so it is very simple
and well supported:
[source]
You can enable this by going to Settings->Developer Options, then checking the box next to "Bluetooth HCI Snoop Log."
Also, this might help finding the actual location the btsnoop_hci.log is being saved:
adb shell "cat /etc/bluetooth/bt_stack.conf | grep FileName"
On a Xiaomi phone with Android 11, after enabling "Bluetooth HCI Snoop log" in developer settings the file seems to be written to
/data/misc/bluetooth/logs/btsnoop_hci.log (only accessible with root)
/sdcard/MIUI/debug_log/common/com.android.bluetooth/btsnoop_hci.log
In addition, it's possible to get the log by running adb bugreport zipname from the computer, as written here.
Note that the logging only turned on after a reboot for me.
On Xiaomi Redmi Note 9s
This configuration file can also be found /storage/emulated/0/MIUI/debug_log/common
named as hci_snoop20210210214303.cfa hci_snoop20210211095126.cfa
With enabled 'Settings->Developer Options, then checking the box next to "Bluetooth HCI Snoop Log." '
I was used Total Commander for taking file from Internal storage
I new to Android embedded technology. I am working on Android device to external modem communication.
There will a external modem connected to Android device with USB.
now need to run modem command on external modem using Android application.
Should i start with http://code.google.com/p/usb-serial-for-android/ or http://source.android.com/accessories/index.html. Is there any other way to achieve it.
Please let me know your comments based that i will go forward.
Thank you.
I work in a project to make a telephone caller blocker using old 56k serial modem connected to an Android TV stick using an usb to serial adapter. I use USb terminal apk to senh Hayes AT commands to the modem, and it works flawlessly. I can configure the modem with AT#CID=1 to retrieve caller id data. The final process must include a self config part to make the modem act as caller id, a database part, that stores calls and compares with black and white list numbers, and a on hook modem command to block the call. I think that a very beginner android developer can reach it easy, but I have no ability in android. In arduino, I have made the same system working flawlessly.
I try to find a method for android devices to be routers as my goal is to control packets and even implement different routing algorithm. I don't know how does Android OS surport. As I knew, Android OS includes Wifi hotspot features. But the features are limited, there are no advance settings like routing table, firewall, ARP, NAT...
I also find some APP like "Droidwall" which can act as firewall for each application with root permission. It means there are some API for developer. Where can I find some resources(document or sample code) about the related developments? Which features could Android surport?
I finally used adb shell to make some Linux command. "DroidWall" can be implemented by using "iptables" command. I try to write an app where I can make some shell command when some events occurred . But I'm using shell command to control now.
How can I capture mobile phone traffic on Wireshark?
Here are some suggestions:
For Android phones, any network: Root your phone, then install tcpdump on it. This app is a tcpdump wrapper that will install tcpdump and enable you to start captures using a GUI. Tip: You will need to make sure you supply the right interface name for the capture and this varies from one device to another, eg -i eth0 or -i tiwlan0 - or use -i any to log all interfaces
For Android 4.0+ phones: Android PCAP from Kismet uses the USB OTG interface to support packet capture without requiring root. I haven't tried this app, and there are some restrictions on the type of devices supported (see their page)
For Android phones: tPacketCapture uses the Android VPN service to intercept packets and capture them. I have used this app successfully, but it also seems to affect the performance with large traffic volumes (eg video streaming)
For IOS 5+ devices, any network: iOS 5 added a remote virtual interface (RVI) facility that lets you use Mac OS X packet trace programs to capture traces from an iOS device. See here for more details
For all phones, wi-fi only: Set up your Mac or PC as a wireless access point, then run wireshark on the computer.
For all phones, wi-fi only: Get a capture device that can sniff wi-fi. This has the advantage of giving you 802.11x headers as well, but you may miss some of the packets
Capture using a VPN server: Its fairly easy to set-up your own VPN server using OpenVPN. You can then route your traffic through your server by setting up the mobile device as a VPN client and capture the traffic on the server end.
In addition to rupello's excellent answer, a "dirty" but very effective trick:
For all phones, any (local) network: Set up your PC to Man-In-The-Middle your mobile device.
Use Ettercap to do ARP spoofing between your mobile device and your router, and all your mobile's traffic will appear in Wireshark. See this tutorial for set-up details
Another option which has not been suggested here is to run the app you want to monitor in the Android emulator from the Android SDK. You can then easily capture the traffic with wireshark on the same machine.
This was the easiest option for me.
Wireshark + OSX + iOS:
Great overview so far, but if you want specifics for Wireshark + OSX + iOS:
install Wireshark on your computer
connect iOS device to computer via USB cable
connect iOS device and computer to the same WiFi network
run this command in a OSX terminal window: rvictl -s x where x is the UDID of your iOS device. You can find the UDID of your iOS device via iTunes (make sure you are using the UDID and not the serial number).
goto Wireshark Capture->Options, a dialog box appears, click on the line rvi0 then press the Start button.
Now you will see all network traffic on the iOS device. It can be pretty overwhelming. A couple of pointers:
don't use iOS with a VPN, you don't be able to make sense of the encrypted traffic
use simple filters to focus on interesting traffic
ip.addr==204.144.14.134 views traffic with a source or destination address of 204.144.14.134
http views only http traffic
Here's a sample window depicting TCP traffic for for pdf download from 204.144.14.134:
For Android phone I used tPacketCapture:
https://play.google.com/store/apps/details?id=jp.co.taosoftware.android.packetcapture&hl=en
This app was a lifesaver I was debugging a problem with failure of SSL/TLS handshake on my Android app. Tried to setup ad hoc networking so I could use wireshark on my laptop. It did not work for me. This app quickly allowed me to capture network traffic, share it on my Google Drive so I could download on my laptop where I could examine it with Wireshark! Awesome and no root required!
Packet Capture Android app implements a VPN that logs all network traffic on the Android device. You don't need to setup any VPN/proxy server on your PC. Does not needs root. Supports SSL decryption which tPacketCapture does not. It also includes a good log viewer.
Preconditions: adb and wireshark is installed on your computer and you have a rooted android device.
Download tcpdump to ~/Downloads
adb push ~/Downloads/tcpdump /sdcard/
adb shell
su root
mv /sdcard/tcpdump /data/local/
cd /data/local/
chmod +x tcpdump
./tcpdump -vv -i any -s 0 -w /sdcard/dump.pcap
CTRL+C after you've captured enough packets.
exit
exit
adb pull /sdcard/dump.pcap ~/Downloads/
Now you can open the pcap file using Wireshark.
Install Fiddler on your PC and use it as a proxy on your Android device.
Source: http://www.cantoni.org/2013/11/06/capture-android-web-traffic-fiddler
Similarly to making your PC a wireless access point, but can be much easier, is using reverse tethering. If you happen to have an HTC phone they have a nice reverse-tethering option called "Internet pass-through", under the network/mobile network sharing settings. It routes all your traffic through your PC and you can just run Wireshark there.
Make your laptop a wifi hotspot for your phone (any) and connect it to internet. Sniff Traffic on your wifi interface using wireshark.
you will get to know a lot of anti privacy stuff!
As a Wireshark alternative/companion for Android, you can try my open source app PCAPdroid. On non-rooted devices, it uses the VPNService to capture the traffic with some limitations. On rooted devices, it works like a user-friendly tcpdump.
You can analyze connections and packets payload directly into the app, or export the traffic in PCAP format to analyze it on a PC with Wireshark. It has many other cool features, give it a try!
For Android, I previously used tPacketCapture but it didn't work well for an app streaming some video. I'm now using Shark. You need to be root to use it though.
It uses TCPDump (check the arguments you can pass) and creates a pcap file that can be read by Wireshark. The default arguments are usually good enough for me.
I had a similar problem that inspired me to develop an app that could help to capture traffic from an Android device. The app features SSH server that allows you to have traffic in Wireshark on the fly (sshdump wireshark component). As the app uses an OS feature called VPNService to capture traffic, it does not require the root access.
The app is in early Beta. If you have any issues/suggestions, do not hesitate to let me know.
Download From Play
Tutorial in which you could read additional details
For iOS Devices:
⦿ Open Terminal and simply write:
rvictl -s udid
it'll open an interface on Wireshark with a name, In my case its rvi0.
udid is iPhone's unique device id.
(How to find my iOS Device UDID)
i'm trying to communicate with Arduino board (Duemilanove) from Android 3.1 device with USB-host support using Android USB Host API.
The goal is to communicate with the board in the same way as via Serial.
I follow this manual (http://android.serverbox.ch/?p=427) but have few problems (f.e. failed to claim interface) and of coarse dev guide (http://developer.android.com/reference/android/hardware/usb/package-summary.html) but no luck.
The questions are:
how to prepare arduino board (modify firmware) - interruptions or smth?
how to check if it's okay with arduino board (f.e. enumerate USB interfaces and verify that it supports needed. what tools can be used?
how to find needed interface (what are interface class/protocol/subclass)
what can be the reason when interface cannot be claimed? (faced with that)
The arduino Duemilanove board has only a build in FTDI FT232RL USB serial converter. So you don't have to deal with the USB device side. From the AVR controller point of view it is simply an asynchronous serial port. Find out to which UART it is connected to and use it. Maybe you want to implement a simple echo (transmit all received characters again) as a first test.
Use lsusb command under linux to check out the usb device descriptor.
Read about USB in USB in a nutshell or in the official specification to find out how it works (especially chapter 9). Without doing so you can't go on. You would not understand anything.
Then go on and read about CDC class devices in the usb class section.
It might not exist (if you rely on the interface index without checking the device descriptor) or the android kernel has claimed the interface because there is a native driver for that interface. In this case you can call UsbDeviceConnection.claimInterface with true as second argument to disconnect the kernel driver first.