Skip to content

Checking PCAP data

Jump to bottom
sgxgsx edited this page May 18, 2024 · 2 revisions

Reviewing log data

log data location: /usr/share/BlueToolkit/bluekit/.logs To review them you can execute the following command

cat /usr/share/BlueToolkit/bluekit/.logs

Reviewing report data

report data location: /usr/share/BlueToolkit/bluekit/AA:BB:CC:DD:EE:FF/report.csv To review a report you can export it as JSON or CSV to Excel or any other tool you need. AA:BB:CC:DD:EE:FF is a MAC address for a target device

Reviewing PCAP data

So far there are 2 variants Braktooth or Internalblue wireshark installations. for braktooth exploits, you can use the following Wireshark binary that can be found at /usr/share/BlueToolkit/modules/tools/braktooth/wdissector/bin/wireshark If you use a VM, you can install Braktooth on your machine, without writing to the development board, that way you would be able to access a Wireshark binary. For Internalblue you can use the following script

#!/bin/bash

sudo apt install git python3-setuptools binutils-arm-linux-gnueabi adb python3-pip python3-dev gcc
python3 -m pip install https://github.com/seemoo-lab/internalblue/archive/master.zip

sudo apt-get install wireshark-dev wireshark cmake
git clone https://github.com/seemoo-lab/h4bcm_wireshark_dissector
cd h4bcm_wireshark_dissector
mkdir build
cd build
cmake ..
make
make install

python3 -m pip install cmd2 pure-python-adb pwntools pyelftools
cd ../..
Clone this wiki locally