Reverse engineering Bluetooth using Android and SPOT as an example

[Travis Goodspeed] wrote in to tell us about his work reverse engineering the Bluetooth communications on this SPOT module. He’s targeted the post as a general guide to sniffing Bluetooth transmissions, but was inspired to use the SPOT as an example after seeing this other SPOT hack. We know he’s a fan of getting things to work with his Nokia N900, and that’s exactly where he ended up with the project.

This module was manufactured to be controlled by an Android phone. But there’s no control app available for the Nokia handset. Since Android uses the open-source Bluez package for the Bluetooth protocol, it’s actually pretty easy to get your hands on the packets. After grabbing a few test sets he shows how he deciphered the packets, then wrote a quick Python script to test out his findings. After working his way through the various commands available (grabbing the SPOT serial number, getting position data from it, etc) [Travis] wrote up a frontend in QT mobility for use on the N900.

Comments

  1. Taylor Alexander says:

    Neat! I have a device that uses proprietary software and I was hoping to sniff the password and write my own software. Hopefully this article will help with that!

    If anyone has any other ideas, I’m all ears. :)

  2. Smulders says:

    If anyone wants to do this with a Mac instead of Android: Install Xcode.

    It comes with the Bluetooth Diagnostics Utility, Bluetooth Explorer and PacketLogger (pretty self-explanatory applications). You can monitor packets like in WireShark, but also have some cool graphs of transmission power, which channels are used, what protocols devices in your area support etc.

    Not trying to flame btw, just giving a tip for someone who also wants to tinker with Bluetooth but hasn’t got an Android phone.

  3. DC says:

    As much as I want to play with a Spot (or the Delorme inReach) it seems like the service is too expensive for what I want to do.

    Spot is $100/year with only 5 ‘trial’ messages on a base package to send a custom Type-and-Send 41 character SMS. Then it’s another $50 for 500 messages – again, $50 for 20,500 characters.

    inReach is $50/month for 120 messages a month (standard SMS length), but costs an extra $.25 for each ‘overage’ message. At the cheapest, $10/month gets 10 text messages and $1.20 an overage.

    Is there an alternative? I’ve seen ORBCOMM but I don’t know what their pricing is. I think Digi makes a ‘starter kit’ for Orbcomm to send/receive satellite data.

  4. Ginger says:

    Good article. I will be ddealing with many of these issues as well..

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 92,295 other followers