304 North Cardinal St.
Dorchester Center, MA 02124

Work Hours
Monday to Friday: 7AM - 7PM
Weekend: 10AM - 5PM

Ubertooth One Introduction – Setup and Testing

Since I’ve had it for a bit, I figured it was time for an Ubertooth One introduction.

Ubertooth One Introduction

The Ubertooth One is a 2.4GHz development platform intended for Bluetooth experimentation.

I haven’t used it a ton yet, but I wanted to get it setup and at least learn how to scan with it. In the future, I’m hoping to get some scripts working for fox hunting!

Basic Setup

First, I installed the VirtualBox Extension Pack.

Next, I plugged in the Ubertooth and verified that it connected to the VM.

Ubertooth One - Plugged In

Ubertooth One - USB Connected

After that, I installed all the prerequisites that I could get with apt.

apt-get -y install cmake libusb-1.0-0-dev make gcc g++ libbluetooth-dev pkg-config libpcap-dev python-numpy python-pyside python-qt4

Once those were install, I built libbtbb.

wget -O libbtbb-2015-10-R1.tar.gz
tar xf libbtbb-2015-10-R1.tar.gz
cd libbtbb-2015-10-R1
mkdir build
cd build
cmake ..
make install

Finally, I installed ubertooth tools.

wget -O ubertooth-2015-10-R1.tar.xz
tar xf ubertooth-2015-10-R1.tar.xz
cd ubertooth-2015-10-R1/host
mkdir build
cd build
cmake ..
sudo make install

Ubertooth One – Initial Traffic

First, I ran a Bluetooth scan from my phone to create some traffic.

While that ran, I ran the Spectrum Analyzer to verify that everything was working.

Ubertooth One - Spectrum Analyzer

Next, I sniffed some traffic using ubertooth-rx.

Ubertooth One - ubertooth-rx

Once I captured and verified the LAP, I tried to get the next byte of the address.

Ubertooth One - LAP

Capturing Traffic in Wireshark

First, I setup a FIFO that I could use as a named pipe.

mkfifo /tmp/pipe

Next, I opened Wireshark and setup a new interface using the pipe (reference).

Ubertooth One - Named pipe interface

Afterwards, I ran the Ubertooth in low energy mode on the named pipe.

ubertooth-btle -f -c /tmp/pipe

Note that I got an error at this point regarding “User encapsulation not handled”.

Ubertooth One - User encapsulation error

Per the documentation, I followed these steps.

  1. Edit -> Preferences
  2. Click Protocols -> DLT_USER
  3. Edit (Encapsulations Table)
  4. Click New
  5. Under DLT, select “User 0 (DLT=147)” (adjust this selection as appropriate if the error message showed a different DLT number than 147)
  6. Under Payload Protocol, enter: btle
  7. Click OK
  8. Click OK

Ubertooth One - DLTs Table

Ubertooth One - New DLT

Finally, with the error resolved, I setup a filter to try and view my traffic.

btle.data_header.length > 0 || btle.advertising_header.pdu_type == 0x05

With everything configured, I was able to see the connection between my phone and FitBit!

Ubertooth One - Wireshark Capture

Ubertooth One – Conclusion

While I’m still understanding what I can use it for, this was a pretty easy introduction to the Ubertooth One.

If you have any ideas, suggestions, or tutorials, then please share them with me.

I’m not sure what I’ll use this for next, but hopefully I’ll be ready to hunt some foxes before the next wCTF!


Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

  1. apt-get -y install cmake libusb-1.0-0-dev make gcc g++ libbluetooth-dev pkg-config libpcap-dev python-numpy python-pyside python-qt4

    Gives me errors,

    “package cmake is not available but is referred to in another package”

  2. Hi, when i was running prerequisite packages for the first installation getting error: unable to locate python-pyside.

  3. Hi i’m curious how i can get this up and running on well any os now, i’ve read everything on the internet and can’t seem to get this working now, my current problem is python-qt4 doesn’t install with apt, apt-get, or pip. I originally faced an issue with pyside aswell but pip worked that out, im hoping all of these are still on kali sources and im just doing something wrong. It’d be great to hear back from you i’ve been working on this for days thanks:)