Ubertooth One Introduction

Since I’ve had it for a bit, I figured it was time for an Ubertooth One introduction.

The Ubertooth One is a 2.4GHz development platform intended for Bluetooth experimentation.

I haven’t used it a ton yet, but I wanted to get it setup and at least learn how to scan with it. In the future, I’m hoping to get some scripts working for fox hunting!

Basic Setup

First, I installed the VirtualBox Extension Pack.

Next, I plugged in the Ubertooth and verified that it connected to the VM.

After that, I installed all the prerequisites that I could get with apt.

apt-get -y install cmake libusb-1.0-0-dev make gcc g++ libbluetooth-dev pkg-config libpcap-dev python-numpy python-pyside python-qt4

Once those were install, I built libbtbb.

wget https://github.com/greatscottgadgets/libbtbb/archive/2015-10-R1.tar.gz -O libbtbb-2015-10-R1.tar.gz
tar xf libbtbb-2015-10-R1.tar.gz
cd libbtbb-2015-10-R1
mkdir build
cd build
cmake ..
make
make install

Finally, I installed ubertooth tools.

wget https://github.com/greatscottgadgets/ubertooth/releases/download/2015-10-R1/ubertooth-2015-10-R1.tar.xz -O ubertooth-2015-10-R1.tar.xz
tar xf ubertooth-2015-10-R1.tar.xz
cd ubertooth-2015-10-R1/host
mkdir build
cd build
cmake ..
make
sudo make install

Ubertooth One – Initial Traffic

First, I ran a Bluetooth scan from my phone to create some traffic.

While that ran, I ran the Spectrum Analyzer to verify that everything was working.

Next, I sniffed some traffic using ubertooth-rx.

Once I captured and verified the LAP, I tried to get the next byte of the address.

Capturing Traffic in Wireshark

First, I setup a FIFO that I could use as a named pipe.

mkfifo /tmp/pipe

Next, I opened Wireshark and setup a new interface using the pipe (reference).

Afterwards, I ran the Ubertooth in low energy mode on the named pipe.

ubertooth-btle -f -c /tmp/pipe

Note that I got an error at this point regarding “User encapsulation not handled”.

Per the documentation, I followed these steps.

Edit -> Preferences
Click Protocols -> DLT_USER
Edit (Encapsulations Table)
Click New
Under DLT, select “User 0 (DLT=147)” (adjust this selection as appropriate if the error message showed a different DLT number than 147)
Under Payload Protocol, enter: btle
Click OK
Click OK

Finally, with the error resolved, I setup a filter to try and view my traffic.

btle.data_header.length > 0 || btle.advertising_header.pdu_type == 0x05

With everything configured, I was able to see the connection between my phone and FitBit!

Ubertooth One – Conclusion

While I’m still understanding what I can use it for, this was a pretty easy introduction to the Ubertooth One.

If you have any ideas, suggestions, or tutorials, then please share them with me.

I’m not sure what I’ll use this for next, but hopefully I’ll be ready to hunt some foxes before the next wCTF!

Ray Doyle

Ray Doyle is an avid pentester/security enthusiast/beer connoisseur who has worked in IT for almost 16 years now. From building machines and the software on them, to breaking into them and tearing it all down; he’s done it all. To show for it, he has obtained an OSCE, OSCP, eCPPT, GXPN, eWPT, eWPTX, SLAE, eMAPT, Security+, ICAgile CP, ITIL v3 Foundation, and even a sabermetrics certification!

He currently serves as a Senior Staff Adversarial Engineer for Avalara, and his previous position was a Principal Penetration Testing Consultant for Secureworks.

This page contains links to products that I may receive compensation from at no additional cost to you. View my Affiliate Disclosure page here. As an Amazon Associate, I earn from qualifying purchases.

7 Comments

Josh

October 5, 2017 / 8:12 am Reply

Great post as usual!
A

July 7, 2019 / 11:46 pm Reply
```
apt-get -y install cmake libusb-1.0-0-dev make gcc g++ libbluetooth-dev pkg-config libpcap-dev python-numpy python-pyside python-qt4
```
Gives me errors,

“package cmake is not available but is referred to in another package”
- doyler
  
  July 8, 2019 / 10:00 am Reply
  
  Hi!
  
  It sounds like you either need to update your repositories first, or make sure that you have the right ones enabled.
  
  https://askubuntu.com/questions/356014/package-cmake-has-no-installation-candidate-ubuntu-12-04
  
  Does that help at all?
AKM Iqtidar Newaz

December 6, 2019 / 2:35 am Reply

Hi, when i was running prerequisite packages for the first installation getting error: unable to locate python-pyside.
- doyler
  
  December 8, 2019 / 12:39 pm Reply
  You should be able to install it with apt/your package manager. For example:
```
apt-get install python3-pyside
```
Austin Nugent

July 15, 2020 / 5:21 pm Reply

Hi i’m curious how i can get this up and running on well any os now, i’ve read everything on the internet and can’t seem to get this working now, my current problem is python-qt4 doesn’t install with apt, apt-get, or pip. I originally faced an issue with pyside aswell but pip worked that out, im hoping all of these are still on kali sources and im just doing something wrong. It’d be great to hear back from you i’ve been working on this for days thanks:)
- doyler
  
  July 16, 2020 / 2:49 pm Reply
  Hi Austin,
  
  It will depend on what OS and version of Python that you are using, but it should install just fine.
```
root@kali:/var/www/html# apt-cache search python-qt4
python-qt4 - Python bindings for Qt4
python-qt4-sql - Python bindings for PyQt4's SQL module
```
  Other than that, checking what repositories you are using in your /etc/apt/sources.list file and /etc/apt/sources.list.d/ folder.
  
  Also, if it isn’t in any repositories, you can install it manually – https://stackoverflow.com/questions/7942887/how-to-configure-pyqt4-for-python-3-in-ubuntu

Ubertooth One Introduction – Setup and Testing