Notice the device it finds has the same address for the light bulb that I saw earlier while exploring its GATT-this helps me know I'm looking at the correct device:
After a few moments the tools scans and lists all available BLE devices. BLE only allows one connection to a device at a time, and if you leave a GATT control app running then you won't be able to run the sniffer or other things that talk to the bulb!įirst I begin by plugging in the Bluefruit LE sniffer and running's Nordics's sniffer application. One thing to note, after you've finished examining the GATT for a device be sure to disconnect or turn off any applications which were connected to the light bulb.
In my case I'll be using Nordic's tool on Windows as it lets me directly see the data in Wireshark.
Reverse engineering from wireshark pcap how to#
If you're doing your own BLE device sniffing with the Bluefruit LE sniffer, make sure to read the guide on its usage first as it explains how to install and setup the software. Nordic's sniffing tool even allows the use of Wireshark, a powerful and popular packet analysis tool, to examine the traffic. Using a special firmware and tools from Nordic I can watch the BLE commands sent to the bulb to change its color.
This is possible using a BLE sniffer like the Bluefruit LE sniffer that's based on a Nordic nRF51822 chip. Now that I've examined the GATT for the bulb and hit a dead end, I'll capture packets from the light bulb's control application to understand how it controls the bulb.