Comments (12)
I haven’t yet gone through the PCAPs you sent me, but in principle this sounds normal. There are a couple reasons for this.
First, even though the three sniffers were positioned very close to each other, the signals they picked up would be slightly different; even small differences in orientation can make a substantial difference, and the PCB antenna on the Launchpad is a bit worse than the antenna that comes with the Sonoff dongles.
Second, the sniffer can struggle in crowded RF environments even when signal strengths of the target are strong because of the way the radio works. The radio listens for a sync word (0x8E89BED6 for BLE advertising), then captures a two byte packet header, and then receives additional data based on the length field in that header. Once the full packet is received, it computes the CRC, and if it matches the receiver CRC, it passes it up to higher levels of the firmware. Now, if there’s a weak advertisement signal whose sync word is captured, and then the real advertisement you’re interested in starts while that weak advertisement transmission was in progress, it will miss the stronger advertisement, and the weak advertisement’s CRC calculation will fail so it will also be dropped.
Both the RSSI filter and MAC filters in Sniffle are implemented at the higher level of the firmware, since the low level radio firmware is in ROM (and proprietary from TI). Thus, I can’t return to sync early for weak signals (in case of RSSI filter) or MAC mismatch (in case of a MAC filter). Thus unfortunately we’re stuck with this limitation. On the bright side, purpose built Bluetooth controller chips are dealing with similar radios and similar limitations.
In the future, I plan to add support for sending BLE frames with CRC errors up to the host, so you can see these interfering packets causing collisions.
A software defined radio based sniffer could avoid this limitation by both capturing a frame and searching for sync (in the middle of the frame being received) in parallel.
from sniffle.
Well, let me know what you think once you take a look at the specific packets then, because I think the details here will probably matter (and FWIW I wasn't using either RSSI or MAC filters in my capture commands. All default except the channel filter and save to pcap). Because I agree that I would expect to see weaker signals on the PCB antenna TI board, but when one Sonoff and the TI board are both seeing stuff and the other Sonoff isn't, the RSSI reported on the same packets between TI & Sonoff is basically the same. And also some of these occurrences are happening at what I would consider not-particularly-border-line RSSI values, like -56 to -63 (as opposed to if we were talking like -80s and -90s where it'd be more expected.) But when looking at the data, I couldn't explain it by a "One Sonoff is consistently worse than the other 2 sniffers", because then later in the packets, the two Sonoffs swap places in terms of which one is seeing and which one is missing.
from sniffle.
Having a look at your PCAP, that's a little different as the example you pointed out is during a connection (with a unique access address) rather than on an advertising channel. In that instance, packet loss should be less, but sometimes radio interference could cause a single bitflip on one of the sniffers that results in CRC failure and packet drop on one of them.
from sniffle.
Do you know if there's any way to test the theory that packets are being dropped due to CRC failure before being passed up to the custom firmware?
E.g. is there any stats that the hardware exposes that could be streamed back to the host (and e.g. embedded into the metadata visible in wireshark) to then inspect that for sniffer 1, which missed packet 250, the CRC error count was 12 at the time that packet 249 was returned, and 13 at the time that the nominal packet 250 was returned (but that packet is actually packet 251 from the perspective of the other sniffers which didn't miss the real packet 250)?
from sniffle.
I don't have any reporting to the host of CRC errors implemented right now. However, I could work on a basic implementation of sending packets with CRC errors to the host right now and probably have it working in a few hours, if you're staying around the hotel today.
from sniffle.
I've got 3.5 hours until my late check out, and I'd be happy to run it right up to the line to see if we can suss this out :) (and then I would be able to continue from the lobby afterwards, though the traffic isn't quite the same there)
from sniffle.
Alright, I'm almost ready with a proof of concept to capture invalid CRC packets. Give me another 30 mins to finish it up and test. Do you need prebuilt firmware binaries or can you compile the firmware yourself?
from sniffle.
Well, I figured I'd try to get firmware building working for the first time in anticipation of you asking me to compile it (I usually use prebuilt), and I'm currently getting 2 types of errors: 1) the "Permission denied" errors, which I don't understand given that the test user has what look like fine permissions to me and 2) the "#error "DeviceFamily_XYZ undefined. You must define a DeviceFamily_XYZ!" which seems more code-specific (but perhaps caused by the permission errors?)
test@VM:~/Downloads/Sniffle/fw$ make
make: /home/test/ti/sysconfig_1.18.1: Permission denied
make: /home/test/ti/sysconfig_1.18.1: Permission denied
Building AuxAdvScheduler.obj
In file included from ./RadioWrapper.h:16,
from ./AuxAdvScheduler.h:12,
from AuxAdvScheduler.c:11:
/home/test/ti/simplelink_cc13xx_cc26xx_sdk_7_40_00_77/source/ti/devices/DeviceFamily.h:225:6: error: #error "DeviceFamily_XYZ undefined. You must define a DeviceFamily_XYZ!"
225 | #error "DeviceFamily_XYZ undefined. You must define a DeviceFamily_XYZ!"
| ^~~~~
/home/test/ti/simplelink_cc13xx_cc26xx_sdk_7_40_00_77/source/ti/devices/DeviceFamily.h:254:39: fatal error: ti/devices/DeviceFamily_DIRECTORY/driverlib/rf_data_entry.h: No such file or directory
254 | #define DeviceFamily_constructPath(x) <ti/devices/DeviceFamily_DIRECTORY/x>
| ^
compilation terminated.
make: *** [makefile:185: AuxAdvScheduler.obj] Error 1
test@VM:~/Downloads/Sniffle/fw$ ls -lah /home/test/ti/
total 24K
drwxrwxr-x 6 test test 4.0K May 14 13:08 .
drwxr-x--- 30 test test 4.0K Jun 2 14:34 ..
drwxrwxr-x 9 test test 4.0K Jun 2 14:28 simplelink_cc13xx_cc26xx_sdk_7_40_00_77
drwxrwxr-x 7 test test 4.0K Apr 4 10:24 sysconfig_1.18.1
drwxrwxr-x 12 test test 4.0K May 14 13:09 uniflash_8.6.0
drwxrwxr-x 10 test test 4.0K Apr 4 10:24 xdctools_3_62_01_15_core
test@VM:~/Downloads/Sniffle/fw$ ls -lah /home/test/ti/sysconfig_1.18.1/
total 100K
drwxrwxr-x 7 test test 4.0K Apr 4 10:24 .
drwxrwxr-x 6 test test 4.0K May 14 13:08 ..
-rw-rw-r-- 1 test test 206 Mar 11 09:45 conaninfo.txt
-rw-rw-r-- 1 test test 54K Mar 11 09:45 conanmanifest.txt
drwxrwxr-x 6 test test 4.0K Apr 4 10:24 dist
drwxrwxr-x 3 test test 4.0K Apr 4 10:24 .metadata
drwxrwxr-x 2 test test 4.0K Apr 4 10:24 nodejs
drwxrwxr-x 4 test test 4.0K Apr 4 10:24 nw
-rw-rw-r-- 1 test test 145 Mar 11 09:45 package.json
-rwxrwxr-x 1 test test 637 Mar 11 09:45 sysconfig_cli.sh
-rwxrwxr-x 1 test test 220 Mar 11 09:45 sysconfig_gui.sh
drwxrwxr-x 3 test test 4.0K Apr 4 10:24 tests
from sniffle.
The subsequent error is because of the permission error executing sysconfig. I'm guessing file permissions don't have the sysconfig utility as executable.
from sniffle.
Try building and using the invalid_crc
branch once you get sysconfig permissions working.
from sniffle.
OK, yes, I accidentally had
SYSCONFIG_TOOL ?= /home/user/ti/sysconfig_1.18.1
instead of
SYSCONFIG_TOOL ?= /home/user/ti/sysconfig_1.18.1/sysconfig_cli.sh
Building is working now, and I'm testing.
from sniffle.
Related Issues (20)
- active scan mode can not get connect_ind packet HOT 1
- Sonoff dongle error "XDS110 not found" HOT 14
- Full packet not written to pcap file HOT 4
- decoding packets in secure connection (le audio) HOT 2
- (Request) BT4 legacy and BT5 extended Remote ID sniffing HOT 41
- Feature request: graceful malformed packet drop HOT 10
- Please add support for Sonoff Zigbee 3.0 USB Dongle Plus V2 HOT 4
- (Question) Sniffle ubertooth-specan-ui port HOT 5
- Questions, Requests - Quiet parameter in Wireshark, Delta time column populated, Custom GATT dissection HOT 3
- Small efficiency improvement in the rbit24() utility function for CRC HOT 2
- Question: temporary-follow support? HOT 5
- Catsniffer release hex HOT 1
- pcap storage of sent packets? HOT 16
- Trouble with receiving 2m and coded phy HOT 3
- Relay Attack HOT 3
- Ext cap not detected HOT 2
- initiator.py cannot connect target HOT 2
- AttributeError: module 'numpy' has no attribute 'typing' (rfnm)
- (device disconnected or multiple access on port?) HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from sniffle.