Convert TI SmartRF Bluetooth Low Energy Packet Captures to Libpcap Format
HEAD
Read a Bluetooth Low Energy packet capture savefile generated by the TI Packet Sniffer utility (.psd file, but not PhotoShop), and convert it to a libpcap packet capture file. The libpcap packet capture file is formatted to use the PPI DLT, with DLT_USER set so the BTLE Wireshark plugin can be used to decode the BTLE traffic.
You can download the SmartRF Packet Sniffer software here: http://www.ti.com/tool/packet-sniffer
The CC2540 USB Evaluation Kit USB dongle that captures Bluetooth LE traffic (and injects) with default firmware is available from digikey.com and many other sites for $50 with the part number CC2540EMK-USB.
USAGE
C:\>python tibtle2pcap.py fitbit-smartrf.psd out.pcap
The capture file "fitbit-smartrf.psd" is included with this software as an example.
BUGS
- Timestamp information is not present in the output libpcap file.
- The PPI header does not include important characteristics such as channel, RSSI, etc. This information is available, but the PPI header format doesn't accommodate for link layer information outside of 802.11. The libpcap-workers list (with Mike Ryan's assistance) is working on rectifying this. I'll update at some point in the future.
THANKS
Many thanks to Mike Ryan for blazing the path forward to open up Bluetooth LE sniffing and traffic analysis.
The PcapDump class is borrowed from the KillerBee project. I wrote it initially, then Ryan Speers and Ricky Melgares made it better. I stole it here so as not to have to deal with dependencies.
Joshua Wright, 2014-03-03 jwright@hasborg.com