Wireless Attacksbluetoothblesniffingspectrumubertooth

Ubertooth

Ubertooth is an open source 2.4 GHz wireless development platform for Bluetooth experimentation, capable of sniffing BLE (Bluetooth Smart) connections and some Basic Rate (BR) Bluetooth Classic data. It includes a spectrum analyzer for the 2.4 GHz band.

Description

Project Ubertooth provides hardware and software tools for Bluetooth experimentation, primarily focused on passive sniffing of BLE connections and limited BR Bluetooth Classic traffic. The main package contains everything needed to use the Ubertooth hardware dongle, including various utilities for discovery, decoding, interference, and spectrum analysis.

Use cases include Bluetooth security testing, such as discovering piconets, following connections, detecting AFH channel maps, and analyzing the 2.4 GHz spectrum for signals from Bluetooth or other protocols. Tools like ubertooth-btle support promiscuous sniffing and connection following, while ubertooth-specan-ui offers a GUI spectrum analyzer.

The suite supports both Ubertooth Zero and One devices, with firmware updates via ubertooth-dfu. Development libraries are available for custom applications.

How It Works

Ubertooth uses a CC2400 transceiver to operate in the 2.4 GHz ISM band, capturing raw bitstreams from Bluetooth protocols. It performs passive monitoring by tuning to specific channels, decoding LAP/UAP access codes, following piconets via clock estimation, and handling AFH maps. BLE sniffing follows advertising channels (default 37) and connection events using access addresses. Spectrum analysis sweeps frequencies from 2402-2480 MHz, measuring RSSI. Firmware handles low-level radio operations like continuous RX/TX, interference, and LED controls.

Installation

bash

sudo apt install ubertooth

Flags

-l <LAP>LAP of target piconet (3 bytes / 6 hex digits) for ubertooth-afh

-u <UAP>UAP of target piconet (1 byte / 2 hex digits) for ubertooth-afh

-fFollow connections for ubertooth-btle

-pPromiscuous: sniff active connections for ubertooth-btle

-r <reg>Read CC2400 register(s) for ubertooth-debug

-d <filename>Download/write DFU file to device for ubertooth-dfu

-l <LAP>LAP to decode (6 hex) for ubertooth-rx

-zSurvey mode - discover and list piconets for ubertooth-rx

Examples

Determine the AFH map for piconet ?? :??:22:44:66:88

ubertooth-afh -u 22 -l 446688

Passive Bluetooth Low Energy monitoring in follow connections mode

ubertooth-btle -f

Calculate clock and follow piconet for given LAP and UAP

ubertooth-rx -l <lap> -u <uap>

Survey mode: discover all LAPs+UAPs for 20 seconds

ubertooth-rx -z -t 20

Update firmware on Ubertooth device

ubertooth-dfu -d bluetooth_rxtx.dfu -r

Use BlueZ and Ubertooth for device discovery and extended inquiry scan

ubertooth-scan -s -x

Launch GUI spectrum analyzer for 2.4 GHz band

ubertooth-specan-ui

Updated 2026-04-16kali.org ↗