Bluetooth hci snoop log

Enabling HCI Bluetooth snoop log programmatically

There is a well known way to enable HCI Bluetooth snoop log from Developer options UI.
Is there any way to achieve this programmatically?

1 Answer 1

Using Developer Options:

• If you enable Developer Options, then you can enable Bluetooth snoop Logging under those options as well. After reboot, you should find your log files under /data/misc/bluetooth/logs/ (Not sure if you need root to access these files),

Using bt_stack.conf (requires root) — (Updated for Android 8.0+)

bt_stack.conf is found under /system/etc/bluetooth and existing conf files are also found under /data/misc/bluedroid .

In most cases, you’ll have to disable verity using the following steps:

• adb -s root
• adb -s disable-verity
• adb -s reboot (To apply changes)
• Next enter root again, after reboot: adb -s root
• Then remount, adb -s remount
• You can also remount using command mount -o rw,remount
• Then you’ll be able to push the files, then you can make the changes + reboot.
• Edit bt_stack.conf file (set BtSnoopLogOutput=true )
• Disable and then enable Bluetooth — this will start the HCI snoop logging
• When you decide it is enough, edit the file again while setting BtSnoopLogOutput=false and reset the Bluetooth — this will stop the HCI snoop logging
• What I usually do is pull the respective file, make the changes in my fav editor (Usually vi or VSCode) and then push it back using these commands
• adb -s pull /system/etc/bluetooth/bt_stack.conf
• adb -s push bt_stack.conf /system/etc/bluetooth/.
• Along with BTSnoop logging , You can also enable all the stack traces using bt_stack.conf .

Here is what the files looks like on Android 9.0 r34, MSM Kernel 4.4:

root@console:/system/etc/bluetooth# cat bt_stack.conf # Enable trace level reconfiguration function # Must be present before any TRC_ trace level settings TraceConf=true # Trace level configuration # BT_TRACE_LEVEL_NONE 0 ( No trace messages to be generated ) # BT_TRACE_LEVEL_ERROR 1 ( Error condition trace messages ) # BT_TRACE_LEVEL_WARNING 2 ( Warning condition trace messages ) # BT_TRACE_LEVEL_API 3 ( API traces ) # BT_TRACE_LEVEL_EVENT 4 ( Debug messages for events ) # BT_TRACE_LEVEL_DEBUG 5 ( Full debug messages ) # BT_TRACE_LEVEL_VERBOSE 6 ( Verbose messages ) - Currently supported for TRC_BTAPP only. TRC_BTM=2 TRC_HCI=2 TRC_L2CAP=2 TRC_RFCOMM=2 TRC_OBEX=2 TRC_AVCT=2 TRC_AVDT=2 TRC_AVRC=2 TRC_AVDT_SCB=2 TRC_AVDT_CCB=2 TRC_A2D=2 TRC_SDP=2 TRC_SMP=2 TRC_BTAPP=2 TRC_BTIF=2 TRC_BNEP=2 TRC_PAN=2 TRC_HID_HOST=2 TRC_HID_DEV=2 # This is Log configuration for new C++ code using LOG() macros. # See libchrome/base/logging.h for description on how to configure your logs. # sample configuration: #LoggingV=--v=0 #LoggingVModule=--vmodule=*/btm/*=1,btm_ble_multi*=2,btif_*=1 # PTS testing helpers # Secure connections only mode. # PTS_SecurePairOnly=true # Disable LE Connection updates #PTS_DisableConnUpdates=true # Disable BR/EDR discovery after LE pairing to avoid cross key derivation errors #PTS_DisableSDPOnLEPair=true # SMP Pair options (formatted as hex bytes) auth, io, ikey, rkey, ksize #PTS_SmpOptions=0xD,0x4,0xf,0xf,0x10 # PTS AVRCP Test mode #PTS_AvrcpTest=true # SMP Certification Failure Cases # Set any of the following SMP error values (from smp_api_types.h) # to induce pairing failues for various PTS SMP test cases. # Setting PTS_SmpFailureCase to 0 means normal operation. # Failure modes: # # SMP_PASSKEY_ENTRY_FAIL = 1 # SMP_PAIR_AUTH_FAIL = 3 # SMP_CONFIRM_VALUE_ERR = 4 # SMP_PAIR_NOT_SUPPORT = 5 # SMP_PAIR_FAIL_UNKNOWN = 8 # SMP_REPEATED_ATTEMPTS = 9 # SMP_NUMERIC_COMPAR_FAIL = 12 #PTS_SmpFailureCase=0 

Using hidden Android API

Note that this approach will require your application to have BLUETOOTH_ADMIN permission.
If this is OK, you can use the same code Android system settings app uses.

private void writeBtHciSnoopLogOptions()

configHciSnoopLog is a part of a hidden API of BluetoothAdapter class, so make sure you know how to enable it:

Using SL4A

SL4A brings scripting languages to Android by allowing you to edit and execute scripts and interactive interpreters directly on the Android device. These scripts have access to many of the APIs available to full-fledged Android applications, but with a greatly simplified interface that makes it easy to get things done.

If your Android image built with support for SL4A, you can use the following method of BluetoothFacade :

@Rpc(description = "Enable or disable the Bluetooth HCI snoop log") public boolean bluetoothConfigHciSnoopLog( @RpcParameter(name = "value", description = "enable or disable log") Boolean value )

Note that the API reference on Github is outdated, but you can see the latest in official AOSP repo ( Common\src\com\googlecode\android_scripting\facade\bluetooth )

Python script that enables HCI snoop logs would look like this:

from android import Android droid = Android() droid.bluetoothConfigHciSnoopLog(True) 

When done with logging, you can find the HCI Snoop log in /sdcard/btsnoop_hci.log

Источник

btsnoop_hci.log — что за файл?

• Описание
• Разбираемся
• Вывод

Приветствую. Сегодня поговорим об одном файле, который можете встретить на смартфоне под управлением Андроид.

Описание

btsnoop_hci.log — лог-файл, который создается при прослушивании трафика Блютуз, когда активна функция Журнал Bluetooth HCI.

Разбираемся

1. При проведении глубокой очистки можно обнаружить btsnoop_hci.log, который может весить прилично, например более 2 гигабайта.
2. По информации в интернете — это отчет, лог, на работу программ никак не влияет, поэтому можно удалить. Только сперва отключите журнал трансляций операций HCI Bluetooth. Если этого пункта нет, значит функция отключена, просто удалите файл.
3. Но что вообще за btsnoop_hci.log? Это файл, в который записывают данные о прослушивании трафика Блютуз. Точнее записывается информация о пакетах, обычному пользователю это вряд ли может быть интересно. Но поэтому и размер может быть большой — так как туда постоянно складируются данные, особенно когда Блютуз включен.

Как отключить создание btsnoop_hci.log? На самом деле просто. Сперва откройте настройки устройства:

Далее находим пункт Для разработчиков:

Далее необходимо отключить опцию Включить журнал трансляций операций HCI Bluetooth:

После отключения опции — можно удалить файл btsnoop_hci.log. Он больше появляться не должен.

Пункт также может называться немного иначе, а именно Журнал Bluetooth HCI:

Заключение

• btsnoop_hci.log — файл содержит данные о пакетах трафика Блютуз, чтобы файл не создавался нужно отключить опцию прослушивания Блютуз.
• Сам файл можно спокойно удалить, если вы только не собираетесь анализировать данные. Но лучше перед удалением отключить функцию.

Удачи и добра. До новых встреч друзья!

Источник

Sniffing/logging your own Android Bluetooth traffic

I recently bought chinesse device that connects via bluetooth with android phone / tablet. Since there is no application availible for windows / linux I want to create one for personal usage. Usually phone connects to the device and exchanges some data. I connected PC to the device and looked into serial debugger and menaged to discover the protocol (one way only). Phone sends only one command to the device. But this time I’m not able to find out what it containts. Is there any software that will allow me to look into data sent via bluetooth? I tried decompiling the app, but it looks really unfriendly. Thanks.

4 Answers 4

Android 4.4 (Kit Kat) does have a new sniffing capability for Bluetooth. You should give it a try.

If you don’t own a sniffing device however, you aren’t necessarily out of luck. In many cases we can obtain positive results with a new feature introduced in Android 4.4: the ability to capture all Bluetooth HCI packets and save them to a file.

When the Analyst has finished populating the capture file by running the application being tested, he can pull the file generated by Android into the external storage of the device and analyze it (with Wireshark, for example).

Once this setting is activated, Android will save the packet capture to /sdcard/btsnoop_hci.log to be pulled by the analyst and inspected.

Type the following in case /sdcard/ is not the right path on your particular device:

adb shell echo \$EXTERNAL_STORAGE 

We can then open a shell and pull the file: $adb pull /sdcard/btsnoop_hci.log and inspect it with Wireshark, just like a PCAP collected by sniffing WiFi traffic for example, so it is very simple and well supported:

[source]

You can enable this by going to Settings->Developer Options, then checking the box next to «Bluetooth HCI Snoop Log.»

Источник

Bluetooth HCI snoop log not generated

I’m running Android 4.4.2 and I enabled the «Bluetooth HCI snoop log» as described here Sniffing/logging your own Android Bluetooth traffic After turning bluetooth on and off I rebooted the phone. I could not find the log file in the expected location:

$ adb pull /sdcard/btsnoop_hci.log remote object '/sdcard/btsnoop_hci.log' does not exist 

The answer marked as correct is not actually the correct answer. Please scroll to the highest voted answer for the ACTUAL correct answer.

11 Answers 11

UPDATE: The btsnoop hci log seems to be getting phased out of the user-accessible areas on a lot of phones. Assuming you have hci logging enabled, you can get a bugreport

adb bugreport anewbugreportfolder 

Then decompress the folder. If you’re lucky there is an ‘FS’ folder that contains the btsnoop_hci.log log several layers down (not sure why some phones have this and some don’t.) If you don`t have it, grab the bug report text file that looks like this

bugreport-2018-08-01-15-08-01.txt 

To extract snoop logs from the bug report, use the btsnooz script. Get btsnooz.py. Extract the text version of the bug report. Run btsnooz.py on the text version of the bug report: btsnooz.py BUG_REPORT.txt > BTSNOOP.log 

You can see where your phone is storing the hci log by reading the bt_stack.conf file. Try

adb shell cat /etc/bluetooth/bt_stack.conf 

You will see a line that looks like

# BtSnoop log output file BtSnoopFileName =/sdcard/btsnoop_hci.log  

# EnableBtSnoop logging function # valid value : true , false BtSnoopLogOutput=false 

# EnableBtSnoop logging function # valid value : true , false BtSnoopLogOutput=true