Can Cypress receive packets replayed by a SDR like ubertooth one?

Tip / Sign in to post questions, reply, level up, and achieve exciting badges. Know more

cross mob
SoSa_3689956
Level 1
Level 1
First like given

I am trying to develop a BLE test bed for my research work on wireless security. Basically, I am trying to follow a BLE connection and replay packets from an SDR. In this case, I am using two Cypress as my test devices and a Ubertooth One as the sniffer. I was able to do all that, i.e. follow the Cypress communication on all channel and get the data packets. Now, I am trying to replay packets of the server Cypress from the Ubertooth to the client Cypress, but I was not able to do that. I would like to mention that I didn't enable any encryption on the Cypress side, so the packets are just purely whitened. Just to verify that Ubertooth is doing the correctly modulation, I sent some advertisement packets to a Cypress scanner and I was able to initiate a connection between them, which I verified in the Wireshark. I would also like to mention that, I have maintained all the communication timing requirements for the BLE communication. Since, I am new this platform and it is the only tool I have right now to work, I would like to know  the following -

1. If I send an exact packet from my Ubertooth One that has a valid CRC, and the NSEN & SN also matched with the current communication, will Cypress receive the data?

2. How can I get the raw BLE packets recevied by Cypress i.e. before the CRC, NSEN and SN are check and discarded.

One more thing is that the Ubertooth has no BLE stacks, that is no layers above link layer.

I would really appreciate if someone could help me with my questions. Thank you in advance!

0 Likes
15 Replies
VenkataD_41
Moderator
Moderator
Moderator
750 replies posted 500 replies posted 250 solutions authored

Hi,

Can you please specify which Cypress device you are using?

To be specific, are you using PSoC BLE based device or discrete BLE device?

Thanks

Ganesh

0 Likes

Hello,

I am using PSoC 4 BLE based devices. To be specific CY8C4247LQI-BL483.

0 Likes

Hi,

To answer your questions 1 and 2 in case of PSoC:

1 can be done once the connection is up. There will not be any issues.

2 is not possible with PSoC as HW stirps those fields( after checking the CRC) and populates the packet in our RX FIFO.

Thanks

Ganesh

0 Likes

Hi  Ganesh,

Thank you for your reply. I just wanted to clarify, so, for my question no. 1, the Cypress doesn't form a connection with the Ubertooth. The link is between two Cypresses and Ubertooth just send a replay packet. In this case, will sending a replay packet from Ubertooth be received, processed and displayed (sending so ATT data) by the Cypress receiver?

for my 2nd question, is the CRC check integrated into the HW? How can I get this RX FIFO data?

Thank you.

Sopan

0 Likes

Hi Sopan,

To answer your question 2, yes the CRC check is integrated into the HW. It is not recommended to read the RX FIFO data or any BLE hardware registers manually. Doing so may lead the system to unhandled state.

To answer your question 1, can you please clarify whether you are doing the following process?

As per our Unserstanding, you are doing the following sequence:

1. Cy_Master sends an LL Data packet in Connection Event # 1 (CE-1)

2.  Cy_Slave as well as Ubertooth receivee the packet in CE-1

3. Cy_Slave replies with its ACK 150 us after Cy_Master's packet

4. In CE-2, Ubertooth replays the Cy_Master's previous packet in the correct channel, with correct Access Address, and CRC, Modifies SN to make this as a new packet and not of a re-transmission

5. Cy_Slave receives this new packet from ubertooth, and assumes it to be comming from Cy_Master

Please correct us if we are wrong.

Thanks

Ganesh

0 Likes

Hi Ganesh,

Thank you for your response. Yes, you are absolutely correct, this is what I am trying to do.

Regards,

Sopan

0 Likes

Hi Sopan,

To answer to your question 1, please note that your Cypress slave should receive frames from either Ubertool or Cypress Master but not both. For example if you want to communicate Ubertooth to the slave you have to ensure that Cy-master packet is overridden by Ubertooth. You can try this by having large TX power.

Also we recommend you to go with following steps for your testing:

1. Use the Non-Stack version project for Cy_Slave and Cy_Master ie. the HCI mode project. Please refer Day 18 Direct Test mode project from the link below:

https://github.com/cypresssemiconductorco/PSoC-4-BLE/tree/master/100_Projects_in_100_Days

2. Establish connection using HCI commands

3. Now when Cy_Slave receives the ubertooth packet, it will send a HCI Packet to the host. There you can see the packet in HCI ACL Data format ( BLE Spec V5.2 Vol 4E, Section 5.4.2).

Thanks

Ganesh

Hi Ganesh,

Thank you very much for the suggestions!! I guess this is the thing I was looking for. Please, let me looked into it as per your suggestion and I will forward anymore questions that I have.

Regards,

Sopan

0 Likes

Hi Ganesh,

I am getting the following error when building the project.

arm-none-eabi-gcc.exe: error: ..\..\..\..\..\..\..\..\Documents\PSoC Creator\4.2\Downloads ( 4.2).cylib\BLE_v3_63\Library\gccCyBLEStack_HCI_MODE_CENTRAL_PERIPHERAL.a: No such file or directory

The command 'arm-none-eabi-gcc.exe' failed with exit code '1'.

0 Likes
lock attach
Attachments are accessible only for community members.

Hi Sopan,

Please try build the attached project and let us know if you are getting any errors.

Thanks

Ganesh

Dear Ganesh,

Thank you for the help! The code compiled successfully. I have one more question - do you guys have any tools to generate and decode the HCI commands. I found several tools online but they are for like TI and NXP, I am not sure if it will work with Cypress.

Thanks again.

Sopan

0 Likes
lock attach
Attachments are accessible only for community members.

Hi Sopan,

There is no problem if you use any tool. Since you are directly communicating with BLE controller the tool you are using is not a problem.

However we recommend you to use Bluetool since we are using it at our side. Please find the attached.

Thanks

Ganesh

0 Likes

Hi Ganesh,

I am facing a few problems -

1. I am not able to find the btwusb driver as the link on the README.txt doesn't work

2. I just installed the HCI_DTM code on the cypress and tried to send HCI command using the NXP test tool 12, but it doesn't work. Do I need to use the UART as mentioned on the schematics or using the onboard USB is fine?

Looking forward to your reply.

Sopan

0 Likes

Hi Sopan,

Are you using CY8CKIT-042 BLE kit? If yes, have you assigned the pins for UART correctly?

Ideally there is no need to install any drivers. If you have any USB to UART bridge it is sufficient. Can you please attach the errors that you are getting when you try to send the HCI commands? What is the bridge that you are using?

Thanks

Ganesh

0 Likes

Hi Ganesh,

I am using the CY8CKIT-042 BLE kit. I was able to figure out the problem, the pins were not correctly assigned. I am able to send commands from both the NXP Test tool 12 and CyBluetool. But, it is hard for me to establish a connection. Do you guys have any script that is able to do that? It would be really helpful for me. Or the series of commands that I need to follow to establish the BLE connection and send data. I am currently using the Kit and the BLE dongle provided with it to do the connection setup.

Thank you.

Sopan

0 Likes