-
-
Notifications
You must be signed in to change notification settings - Fork 12
Reverse Engineering
All code for furble is derived from reverse engineering the bluetooth traffic between the camera and the camera app. In some cases, other projects with similar efforts are cross-referenced for sanity. If other projects are used for reference, please credit them.
You will need:
- an Android device
- a camera
- the camera's app
On the Android device:
- Enable developer options
- May differ on different devices, but is generally:
- Settings->System->About Phone (or About Device)
- Software Information
- Tap 'Build number' seven times
- May differ on different devices, but is generally:
- Settings->System->Developer Options
- Enable Bluetooth HCI snoop log
- Enabled
- Enable Bluetooth HCI snoop log
- Disable, then re-enable Bluetooth
- This will restart the bluetooth service with developer log enabled
- Open the camera app
- Connect to the camera
- Opt to control the camera via bluetooth
- Release the shutter an exact number (say 3) times
- Use an exact number as an attempt to identify the shutter release traffic
- Close the camera app
A bug report will include the requisite bluetooth snoop log, to obtain it:
- Settings->System->Developer Options
- Bug report
- Interactive Report
- 'Report'
When the report is complete, there should be options to share the report via whichever mechanism is convenient. Ultimately, the bug report needs to reach a destination accessible by a PC running wireshark.
- the bug report can contain sensitive information, do not share with untrusted parties
- especially random weirdos that run niche github projects
The bug report is a single zip containing a lot of information. We require one, typically btsnoop_hci.log.
Once the zip file is extracted, the log file should be somewhere in the tree.
From a Pixel 8 phone, the location was:
FS/data/misc/bluetooth/logs/btsnoop_hci.log
From a Samsung Tablet:
FS/data/log/bt/btsnoop_hci.log
Other Android devices and Android versions may place the file in a different location. This file is now ready to be parsed by wireshark for reverse engineering.