calderpwn

How to Capture Bluetooth Traffic on a Samsung S23

,

Bluetooth traffic analysis can be essential for debugging, security research, or reverse engineering Bluetooth-enabled applications and devices. If you’re using a Samsung S23, you can capture Bluetooth packets without requiring root access by leveraging the built-in Bluetooth snooping feature. This guide will walk you through the process step by step.

Step 1: Enable Bluetooth HCI Snooping

Samsung provides a built-in Bluetooth HCI snoop log feature in Developer Options, allowing you to capture raw Bluetooth traffic.

How to Enable It:

  1. Enable Developer Options (if not already enabled):
    • Go to Settings > About Phone
    • Tap Build Number 7 times until you see “Developer mode has been enabled”
    • Go back to Settings and find Developer Options
  2. Enable Bluetooth HCI Snoop Log:
    • In Developer Options, scroll down to Enable Bluetooth HCI snoop log
    • Toggle it ON

Step 2: Generate Bluetooth Traffic

Once Bluetooth snooping is enabled, you need to generate some traffic to capture.

How to Generate Traffic:

  1. Pair the Samsung S23 with another Bluetooth device (headphones, smartwatches, IoT devices, etc.).
  2. Perform actions that involve Bluetooth communication, such as:
    • Transferring files via Bluetooth
    • Streaming audio
    • Sending commands between paired devices
    • Interacting with a Bluetooth app
  3. Keep the connection active for some time to ensure enough packets are captured.

Step 3: Export the Logs Using the Service Menu

After capturing Bluetooth traffic, you need to extract the logs from your device.

How to Access the Log Export Menu:

  1. Open the Phone app and dial:
    • *#9900#
  2. This will open the Samsung Debug Menu.
  3. Scroll down and select:
    • Run dumpstate/logcat/modem log
  4. Wait for the process to complete; this will generate a dump of various system logs, including Bluetooth traffic.

Step 4: Copy the Logs to Internal Storage

Once the logs are generated, you need to move them to a location where you can access them.

How to Copy the Logs:

  1. In the same Samsung Debug Menu (*#9900#), look for:
    • Copy to SD Card
  2. Tap this option.
  3. The Bluetooth logs will be copied to:
    • /sdcard/logs/bluetooth/

Step 5: Retrieve the Logs via ADB

Now, you need to extract the logs to your computer for further analysis.

How to Use ADB to Pull the Logs:

  1. Connect your Samsung S23 to your PC via USB.
  2. Open a terminal or command prompt and verify your device is detected:
    • adb devices
      • If prompted, authorize USB debugging on your phone.
  3. Pull the logs from the device using:
    • adb pull /sdcard/logs/bluetooth/
  4. This will copy the logs to your current working directory.

Conclusion

Capturing Bluetooth traffic on a Samsung S23 is straightforward with no root access required. Whether you’re debugging connectivity issues or performing security research, this method provides an easy way to access and analyze Bluetooth HCI logs directly from your device.

Stay tuned for more reverse engineering guides!

Leave a comment

cat /etc/about-me

@calderpwn spends peaceful days in Cozumel, a beautiful island in the Caribbean, working on remote projects, learning new technologies, developing new tools, or simply enjoying the beach.

Join the mailing list

Stay updated with the latest tips and other news of my developments by joining the newsletter. It is very low volume, I promise :)

Categories

Tags

802.11 android azure ble book books calderpwn catsniffer Conferences cozumel General GSoC hopper infosec ios iot iot hacking iot security mexico mobile security nmap nordic nostarch iot hacking oneplus owasp owasp latam tour owasp mstg owasp riviera maya Publications Research reversing scripting source code auditing sql injection tips Tutorials wifi windows wireshark

Recent Posts

Favs

DragonJAR

PWNLAB

Websec

ThreatPatrol