Debugging Bluetooth on iOS
While debugging or reversing Bluetooth applications/comms, it is helpful to have a communications trace. Without the need of a proxy, one can activate the trace function of their mobile device.
Motivation
During the reversing of the Grill 5.0 BT thermometer, I wanted to implement the full protocol stack, so after having reversed the first part, I went for full comms. After searching for BTLE MitM proxies and finding none that could work well, I was about to create my own, but most mobiile devices have a trace function built in. Which might just delay my plans on creating my own MitM proxy.
Prerequisites
- iOS Device
- macOS Device
- Bluetooth DUT
Links
Apple iOS Configuration Profile - Bluetooth Trace (Note: Generated profile is valid for 4 days and every downloaded profile needs to be activated manually within Settings)
Xcode installation and Apple Developer - Additional Tools for Xcode - Packet Logger:
Instructions
Install and enable configuration profile from the link above on your test iOS device and download the Packet Logger for your Xcode version.
- Connect your iOS device via USB
- Power on your DUT
- Open Packet Logger
- Packet Logger: File -> New iOS Trace
- iOS Device: Enable Bluetooth and start corresponding DUT App
- Filter for DUT and Packet Types
- Profit.
