The best Bluetooth low energy sniffer tutorial (Connections)

A BLE sniffer can be very handy. 3 primary use cases come to mind:

  • Debug problems with BLE connections
  • Reverse engineer a BLE device
  • Last but not least, as a way to learn about how BLE works and understand how data gets transferred between Central and Peripheral

In the previous blog post and video on BLE sniffers we went over how to use the TI CC2540 BLE sniffer to detect advertisement data. In this video we’ll go over how to use the same BLE sniffer to capture and follow connections between a Central device and Peripheral device.

To illustrate the use of a BLE sniffer for following a connection I go through the exercise of reverse engineering a BLE device called the Playbulb Candle. The device is basically an LED candle that allows you to light it up in different colors and control the light with different effects such as Candle effect, Pulse, Rainbow effect..etc.

Previously in the series:

Part 1: How to use a BLE sniffer without pulling your hair out (comparison of BLE sniffers)

Part 2: How to use a BLE sniffer to capture and debug Advertisement data (Video)

4 Comments

  1. Peter on September 15, 2017 at 1:21 pm

    Mohammad, Thank you for creating this series. It has been very helpful.

  2. Matthew on November 22, 2017 at 6:21 am

    Mohammad, Thank you very much for the videos. It helps a lot!

  3. rw on March 19, 2018 at 2:42 pm

    Fantastic. Thanks for the explanation. I was trying to sniff out some ble data by following the steps described here. I ended up with 4 bytes that are supposed to carry 2 values (both float).. If I didn’t know how the 2 floats are stored in the 4 byte hex, is there any approach that I can adopt to decode the hex? I am only interested in decode 4 bytes (hex) into 2 float values. For example the values “hidded” in 4 hex string is 3.765, 36.89. Thks a zillion.

Leave a Comment