This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

SENSORTAG-SW: Is it possible to implement an Android Sniffer?

Part Number: SENSORTAG-SW
Other Parts Discussed in Thread: BLE-STACK

Hi, I think TI's BLE sniffer is great. I want to implement a similar sniffer like this on Android mobile devices.

I will be using Nexus 5 (Android 6.0) or Galaxy S7.

Since there are Android apps available, I got some questions to ask.

1. Is the codes for SensorTag opened? I wish to see the code, plese.

2. Also, I wish to sniff the

ADV_CONNECT_REQ
ADV_IND
SCAN_REQ
SCAN_RSP
These type of packets were sniffed from TI's sniffer. Is it possible to sniff these packets and display it on Android phones?

Just like the TI sniffer does? I hope there are Android SDKs from TI or Google, but I can't find it. So I want to hear this from the community.

  • Hi David,

    This is theoretically possible, but it would require a significant development effort.
    Namely because

    1. The TI CC254x Dongle that performs the sniffing of the BLE packets is closed source and provided as hex file only.
    The format of the packets between the dongle and the PC is not extensively documented either. The only information is here:
    www.ti.com/.../swru187g.pdf
    You may be able to reverse engineer this format, but TI intends this tool to be a black box, so we don't support customization. At least on the CC254x side.

    2. The Android device would need to implement the USB communication to the dongle and would need to keep up with the stream of packets coming form the device.

    The source code from the SensorTag is open source with the exception of the BLE protocol stack, you can find it inside the BLE SDKs at ti.com/ble-stack.
  • Hello, Sean. Thanks for your reply.

    Sean2 said:
    The Android device would need to implement the USB communication to the dongle and would need to keep up with the stream of packets coming form the device.

    Do you mean the Android device itself (like Nexus 5, latest Galaxy S series which supports BLE)

    cannot act like that dongle to sniff nearby hundreds of BLE devices?

    I didn't think of connecting the CC254x dongle to the Android device via USB.

    I just wanted to use the Android device solely for sniffing nearby BLE devices.

    So I was curious whether people from the forum know about any Android/TI SDKs to implement an Android sniffer.

  • David,

    To my understanding Android BLE-Stack does not provide an ability to follow a connection in the way a sniffer does.
    You can verify this in the android docs.
    Acting as a sniffer is a bit more complicated than BLE scanning and includes following a connection and perhaps have information distributed out of band such as pairing keys, etc.

    One way that might meet your needs is to access the HCI logs from the Android device, using btsnoop.
    stackoverflow.com/.../sniffing-logging-your-own-android-b‌​luetooth-traffic

    However, this only provides information about the connection that the Android device is actively in, not passively observing external connections like a sniffer would.
  • In the CC2640R2 SDK we do have a microstack that is capable of following a connection, but this is also not a full fledged sniffer.