Start hacking Bluetooth Low Energy today! (part 2)#1347
Merged
carlospolop merged 2 commits intomasterfrom Aug 28, 2025
Merged
Conversation
Collaborator
Author
🔗 Additional ContextOriginal Blog Post: https://www.pentestpartners.com/security-blog/start-hacking-bluetooth-low-energy-today-part-2/ Content Categories: Based on the analysis, this content was categorized under "Generic Methodologies & Resources -> Pentesting Network -> Bluetooth Low Energy (BLE) Attacks (Sniffing & GATT Write Abuse)". Repository Maintenance:
Review Notes:
Bot Version: HackTricks News Bot v1.0 |
Collaborator
Author
|
merge |
github-actions
Bot
force-pushed
the
master
branch
2 times, most recently
from
083f622 to
52cdbdb
Compare
carlospolop
deleted the
update_Start_hacking_Bluetooth_Low_Energy_today___part_2__20250827_124037
branch
github-actions Bot
pushed a commit
that referenced
this pull request
Aug 28, 2025
…uetooth_Low_Energy_today___part_2__20250827_124037 Start hacking Bluetooth Low Energy today! (part 2)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
🤖 Automated Content Update
This PR was automatically generated by the HackTricks News Bot based on a technical blog post.
📝 Source Information
🎯 Content Summary
Sniffing and Controlling Unpaired Bluetooth Low Energy (BLE) Devices
This hands-on post shows how to sniff, analyze, and actively control unpaired Bluetooth Low Energy (BLE) devices using low-cost hardware: a Sonoff Zigbee 3.0 USB Dongle Plus (CC26x2-based) re-flashed as a BLE sniffer with NCC Group’s Sniffle, and a Nordic nRF52 USB mini dev board to connect and write to GATT characteristics. Because many cheap gadgets don’t use pairing/bonding, their ATT/GATT traffic is unencrypted;...
🔧 Technical Details
Off‑path BLE connection sniffing for unauthenticated control: When devices don’t pair/bond, GATT is cleartext. Use a CC26x2 Sonoff re-flashed with Sniffle to follow connections and filter Wireshark on
_ws.col.info contains "Sent Write Command"to identify the exact handle/value pairs that trigger actions (e.g.,handle 0x0b, values0x01/0x00).Replay/control via generic BLE clients: After learning the t...
🤖 Agent Actions
I analyzed the blog and the HackTricks repository and found that while there is an existing BLE page (in Radio Hacking), it lacked practical content on off-path BLE sniffing with Sniffle, Wireshark triage filters, and active control via Nordic tools with automation (blatann). I updated the existing BLE page to include this hands-on exploitation workflow, preserving all existing content and structure.
What I did:
✅ Review Checklist
This PR was automatically created by the HackTricks Feed Bot. Please review the changes carefully before merging.