Home

ComProbe Sodera User Manual

image

Contents

1. anne PANGGA Apa NID AVDTP Media Hands Free AVRCP A2DP Data Non Captured Info wi DE LE BB Data Link 1 ee ee 7 Ae oe B Framed ACP Enor Co Add INTS Packet Role Signal ID Trans 4 7 Ara iee Signal 2 089 1 Single Slave DISCOVER 0 AVDTP Signaling 2 092 1 1 single Master DISCOVER 0 L Link 1 2116 5 1 Single Slave GET_CAPABILITIES 1 Bole Master B 2119 1 Single Master GET_CAPABILITIES 1 2 Address 1 21 38 Fa 1 Single Slave GET CAPABILITIES Z z Tranzaction Label 1 2 143 1 Single Master GET_CAPABILITIES fd Packet Type Single Packet 2 154 1 1 Single Slave GET_CAPABILITIES 3 Message Type Response Accept 2 158 1 Single Master GET_CAPABILITIES 3 Signaling Identifier AYDTP GET CAPABILITIES 2 169 5 1 2 Single Slave SET CONFIGURATION 4 r Service Category Media Transport 2175 1 Single Master SET CONFIGURATION 4 Length Of Service Capability LOSC O 2185 5 1 Single Slave OPEN F E El Service Category Media Codec 3190 7 Single Master OPEN 5 i aren el pail 2 823 5 1 Single Slave START E a Media Codec Type Yendor Specific Codec eae sngeusblede aiki Codec Info Element El Apts codec data H Vendor ID APT Ltd Codec ID Classic a Sampling Frequency Reserved Supported ms Reserved Supported z 44 1Ehz Supported i ABC hz Supported z i Channel Mode Stereo a mla II t Figure 4 Frame Display for AVDTP Signaling Fra
2. i Set Timestamp Format Change the Font Size Choose CRC Method F7 Figure 4 12 Event Display Options menu 2 Choose a font size from the list Change Font Size Size E g i0 11 12 14 16 40 Figure 4 13 Event Display Font Size Selection 3 Click OK 4 4 Analyzing Protocol Decodes 4 4 1 Frame Display Window To open this window Click the Frame Display icon 6 on the Control window toolbar or select Frame Display from the View menu 101 ComProbe Sodera User Manual Chapter 4 Capturing and Analyzing Data Binary Pane Summary Pane Protocol Tabs Decoder Pane Navigation amp Search Tools i Freee Display sucherwebinar_12 04 2014cfa Fig Edt Ny Pormat Finer Bookmark Optom Window Help SG PAST Rise a DOU MAA Sa we eee z DOERCOOO Fandt QB erm ices Header Lergh 11 Unditesed info Configured BT bee anergy devices Enors Hesse Wersi 3 Baseband LMP 5 Bluetooth FHS SDP RFCDHM AVDTP Lire 1 A ow AVDTP Signaling AVDTP Media bands F AZP WE Speech Monaptued inig Pode Maton A EE E AT JI a Chainat 11 20131HH2 B Frames Ade LTAd Ob PSM i Code Source CD e pr oF BO Slave 1 GAO Signing 2 Inanakan request FLOW Go 27813 Maite 1T CIO hagar SDP 1 iaca a GD TPE Dhl f i Cert 5 a pal Zz 8 LT ADO 1 Paan Sheree 1 irain i Correchen spore tei oo Seg 1 ETEN Ti 1 CDO Sagresbrag E
3. ComProbe Sodera User Manual Chapter 4 Capturing and Analyzing Data r N TA DUT 1 DUT 2 Audio Source Audio Sink Cellular network Local memory Audio source Figure 4 93 Test Cases for Referenced Mode Testing 4 5 4 3 1 System Calibration for Referenced Mode The objective is to achieve settings at the Bluetooth source device DUT1 that bring the PCM sample levels of tones in the Reference Audio files sent over the air as close as possible to the levels at which they were created without exceeding them Test ID tones and the tones in test file sequences for Referenced Mode are generally recorded with a maximum tone segment level of 3 dBFS although there are a few exceptions where signal levels may be as high as 1 dBFS Figure 4 94 Test 1 02 44 1kHz 16Bit wav Waveform Show in the image above is a graphic of the overall envelope of the Reference Audio test file Test 1 02 44 1kHz_16Bit wav Test 1 02 is a test file that enables a wide range of tests that includes a number amplitude changes frequency changes intentional silence and multi frequency tone segments Its goal is to flush out the audio chain s general ability to convey amplitude frequency silence and duration The ideal calibration for this file is one where the waveform visualization on Frontline s Expert System User Interface UI looks identical to the one shown below with respect to maximum
4. Tran ID Initiated by master Tran ID Initiated by master LMP accepted ted by master O riginal O pcodez LMP host connection req LMP setup com plete Tran ID Initiated by slave Figure 4 91 Message Sequence Chart Print Preview The information in the dialog will vary depending on the layer that is selected in the Message Sequence Chart the properties of the printer you select and the amount of data in the layer which will correspond to the number of pages displayed You control what you see and when to print using the toolbar at the top of the dialog ABAD Pac jos AD DI EI say Figure 4 92 Print Preview Toolbar 180 Chapter 4 Capturing and Analyzing Data ComProbe Sodera User Manual Table 4 16 Print Preview Icons gt O Name av P pt ae a Print Prints all the pages to the printer you select in Print Setup dialog When you select Print you will output the data that is currently being displayed Cancel Printing Cancels the current printing Zoom In Horizontially Expands the data horizontally so it can be easier to read Zoom Out Horizontally Squeezes the data together so that more fits on one page Zoom In Vertically Expands the data vertically so it can be easier to read Zoom Out Vertically Squeezes the data so that more fits on one page Current Page The current page text box displays the Page o3 page number this is currently shown in the dialog You can enter a numb
5. 2 20 c eee eee eee eee cece eee eeeeeee 60 3 2 1 3 Deleting a Template lee cece ce cece cece cece eee ee eeeeeeeeeeee 60 3 2 2 Selecting A2DP Decoder Parameters _ 0 2 a 61 3 2 3 AVDTP Decoder Parameters ce ce ee eee eee eee ences 61 3 2 3 1 About AVDTP Decoder Parameters c eee e cece ee eeees 61 3 2 3 2 AVDTP Missing Decode Information 22 eee cece cece cece cece e cece ee ceeeeeeee 63 3 2 3 3 AVDTP Override Decode Information 0 0202 e cece cece eee 64 3 2 4 L2CAP Decoder Parameters eee ee ee ce eee ee ce eee eee eee ee eeee 66 3 2 4 1 About L2CAP Decoder Parameters cece cece ce ce cece cece cece eeeeeees 66 3 2 4 2 L2CAP Override Decode Information 2 20222 67 3 2 5 RFCOMM Decoder Parameters ce ce ee ce cece cece eee cece cece eeeeeneeee 68 3 2 5 1 About RFCOMM Decoder Parameters l eee eee ee eee eee eee eee 68 3 2 5 2 RFCOMM Missing Decode Information a 69 3 2 5 3 RFCOMM Override Decode Information 2222 c eee eee ee ee ee ee ee ee eee 70 3 3 Mesh Security 2c soccceccesecahersghcneuwedsia ddd chcde ravens debwdawdeeececaswekeceuncutctsseeesiclcuseessees 71 Chapter 4 Capturing and Analyzing Data _ _ _ 22 22 l ieee a 75 ComProbe Sodera User Manual 4 1 Capture Data __ 222 occ cc cc ccc ce cee ce cee eee e cece cece neceeneccee
6. Battery Charge The following table shows the charge state of the installed battery When the battery is not installed all LEDs are off except when the unit is in the process of powering up In that case they repeatedly light up in sequence Table 2 2 Sodera Battery Charge State LED Indicators Indicator LEDs Charge Status Greater than 80 60000 TYTY Between 60 and 80 eeo6ee Between 40 and 60 coe Between 20 and 40 AYYY Less than 20 e Not Active Capture When configured for Excursion mode pressing this button will begin data capture the same as the Record Recording button on the Sodera Window Capture Toolbar The Capture button is inactive when Sodera is connected to a computer To operate in the Excursion mode the Sodera hardware must have been previously configured from the ComProbe Protocol Analysis System prior to disconnecting from the computer Sodera hardware will retain those configuration settings when disconnected from the computer See Capture Options Pop up in Menu 2 1 2 Rear Panel Connectors The rear panel is shown below The panel provides connectors for external power and for connection to the computer hosting the ComProbe software ComProbe Sodera User Manual Chapter 2 Getting Started 12 VDC GI BA PROBESYNC TRIGGER HCIUSB1 HCI USB2 PC HOST Figure 2 2 Sodera Rear Panel Connectors 12VDC Connection to the Frontline supplied AC to DC power ad
7. No Timestamp 9 35 Por Help Press FI If we choose both the DTE and the DCE sides in the above example then the analyzer finds the second pattern followed by the third pattern but not the first pattern This is because each side has one instance in which the whole pattern can be found The analyzer completely searches the DTE side first followed by the DCE side A Note Side Restriction is available for pattern and error searching 1 Select one of the two options 2 Select DTE DCE or both 3 When you made your selections click on the Find Next or Find Previous buttons to start the search from the current event The result of the search is displayed in the Decode pane in Frame Display 5 1 2 Searching by Pattern Search by Pattern lets you perform a traditional string search You can combine any of the formats when entering your string and your search can include wildcards To access the search by pattern function 1 Opena capture file to search 2 Open the Event Display PD or Frame Display window 224 Chapter 5 Navigating and Searching the Data ComProbe Sodera User Manual 3 Click on the Find icon AA or choose Find from the Edit menu 4 Click on the Pattern tab of the Find dialog Note The tabs displayed on the Find dialog depend on the product you are running and the content V4 of the capture file you are viewing Decode Patten Time Go To Special Events Bookmark
8. 80 The analysis begins by clicking on the Analyze button or selecting Analyze from the Capture menu Alternatively click on the Start Analyze button r the Control Once analysis has begun you cannot change the device selection All device rows in the Wireless Devices pane are grayed out To stop the analysis click on the Analyzing Chapter 4 Capturing and Analyzing Data ComProbe Sodera User Manual button You can then change your device selection and restart analysis by clicking on the Analyze button To stop the Analysis click on the Analyzing button or click on the Control window Stop Analyze button J Conducting analysis from a capture file is identical to the live capture method 4 1 2 4 Signal Too Strong Indication When the ComProbe software has detected an RF signal that is too strong warnings will appear in several places e Event Log Pane on page 53 Displays Received Signal too Strong with a Warning icon iM The event is added to the log as soon as the conditions for a too strong signal have been detected A signal that is too strong can cause errors in the decoding process Caution The Sodera unit will continue to capture after a too strong signal detection which may compromise the decoded packet integrity e Status Bar seeComProbe Sodera Window on page 25 Displays SIGNAL TOO STRONG Note These warnings will occur only in live capture mode No visual indications will occur in Si capture file playba
9. IS a codec cS event at Frame 2839 states Unable to process AptX data as extracted It appears that SBC encoded data is being sent over this stream ee Audio Expert System non stereo detected aptx cfa gt jm Soon A Sample Rate 44100 00 18 6B 35 A2 86 E Mono Stereo Stereo Bits Sample 16 N0 82 1F F5 00 62 03 39 35 318 PM 03 39 35 368 PM 03 39 35 418 PM 03 39 35 518 PM Description Timestamp Audio stream has started and data should follow Dec 30 2014 03 39 35 386681PM Unable to process AptX data as extracted It appears that SBC encoded data is being sent over this stream Dec 30 2014 03 39 35 418557 PM Dec 30 2014 03 39 35 422307 PM Dec 30 2014 03 39 35 422344 PM Dec 30 2014 03 39 35 606057 PM Figure 7 Audio Expert System Error on Frame 2839 Data not aptX B 1 4 Conclusions This case shows the value of Frontline s Audio Expert System An error in the transmission of an audio stream compressed using aptX was not easily detected in the protocol analysis using frames While in this situation with audio streaming between a smartphone and a Bluetooth headset there was not a significant disruption of the audio but in playback using other devices there may have been a more significant interruption of the audio streaming The smartphone manufacturer may wish to find out why aptX compressed audio contained SBC compressed data in the stream We can speculate that there may be
10. Manage excursion Record or delete captures from the Sodera hardware that were created mode captures using excursion mode Opens the Manage excursion mode captures dialog This selection is disabled during live capture Exit Closes ComProbe software 27 ComProbe Sodera User Manual Chapter 3 Configuration Settings Table 3 1 Menu Selections continued OOO M Toolbars Capire When checked the Capture Toolbar is visible Checked is the default Standard When checked the Standard Toolbar is visible Checked is the default When checked the Status Bar is visible Checked is the default When checked the Security pane is visible Checked is the default Event Log When checked the Event Log pane is visible Checked is the default Piconet View When checked the Piconet View is visible Not checked is the default Experimental At this time the Piconet View is experimental and in development Private Keys When checked the Private Keys pane is visible The Private Keys pane displays user entered Private Public key pairs for Bluetooth low energy legacy and secure connection pairing By default this pane is not displayed When it is displayed it will be docked as a tab in the same area as the Security pane When Debug key is not used during pairing the datasource will look for a matching Public key in the set of Private Public key pairs If a match is found the datasource will use the corresp
11. 18 2442 MHz 19 2444 MHz 20 2446 MHz 21 2448 MHz 22 2450 MHz 50 2452 MHz 51 2453 MHz 52 2454 MHz 53 2455 MHz 54 2456 MHz 55 2457 MHz 56 2458 MHz 57 2459 MHz 58 2460 MHz 59 2461 MHz 23 2452 MHz 24 2454 MHz 25 2456 MHz 26 2458 MHz 27 2460 MHz 60 2462 MHz 61 2463 MHz 62 2464 MHz 63 2465 MHz 64 2466 MHz 65 2467 MHz 66 2468 MHz 67 2469 MHz 68 2470 MHz 69 2471 MHz 28 2462 MHz 29 2464 MHz 30 2466 MHz 31 2468 MHz 32 2470 MHz There is a 5 MHz shift between each of the first 13 channels There is a 12 MHz shift between channels 13 and 14 70 2472 MHz 1 2473 MHz 72 2474 MHz 73 2475 MHz 74 2476 MHz 75 2477 MHz 76 2478 MHz 77 2479 MHz 8 2480 MHz 33 2472 MHz 34 2474 MHz 35 2476 MHz 36 2478 MHz 39 2480 MHz 1 2401 2423 MHz 2 2406 2428 MHz 3 2411 2433 MHz 4 2416 2438 MHz centered at 2412 MHz centered at 2417 MHz centered at 2422 MHz centered at 2427 MHz USA Europe Japan USA Europe Japan USA Europe Japan USA Europe Japan 8 2436 2458 MHz 9 2441 2463 MHz 10 2446 2468 MHz 11 2451 2473 MHz centered at 2447 MHz centered at 2452 MHz centered at 2457 MHz centered at 2462 MHz USA Europe Japan USA Europe Japan USA Europe Japan USA Europe Japan 5 2421 2443 MHz centered at 2432 MHz USA Europe Japan 12 2456 2478 MHz centered at 2
12. _ SON INE Et CTION 1 UE PDA TE Figure 4 6 Bluetooth low energy Critical Decryption Packets Message Sequence Chart 85 ComProbe Sodera User Manual Chapter 4 Capturing and Analyzing Data ki Frame Display Low Energy capture pairing1 File Edit View Format Filter Bookmarks Options Window Help a Abe YE SZ AOU Mla Bobi Len 40 noeBCceood Find CPO Unhhered into Configured BT low energy devices Channel index 25 2456 MHz LE BB LE PET LE ADW LE DATA LE LL L2CAP E Meets Predefined Filter Ciena tor BT low energy dewces Dala Pe ceive Status Received without errors Decryphon nibabed Yes B Freme Code Decrypton Status Decrypted successfully 141 Pairing Request RON Langh 144 Paimng Response LE PET cae s30 Pairing Confirm reame se 273 p R Access Address D50655b16 r PER ENEA CRC x714bd9 234 Painng Random Ph Pamng Random caf noon Alin B5OnN MESH 263 Master ldenthoation SN T 255 identty Information MO 0 257 Identity Address Information fis ep aka 259 Signing Information ts 60 Enorypion Information che Master dentication 264 Identty Information ebb Identity Address Inlormahon 9 5 ehe Signing Information Figure 4 7 Bluetooth low energy Critical Decryption Packets Frame Display 4 1 2 8 Capturing Sodera Analyzed Data to Disk Click the Record button on the Standard Toolbar Sodera will begin capturing data from all devices within range Note Record is
13. badi L AVDTP Signaling AVDTP Media Hands Free AVRCP PYM Data Non Captured Info Role Slave i Address 1 LE BB Data I wen B Frame Codec Addr Role LS Num F Fram Delta Timestamp ink Address 1 2 839 APTX 1 5 Audio Source 514 12 30 2014 3 3 _ Role Slave Audio Source 5 2841 APTX 1 S Audio Source 684 00 00 00 0 123072014 3 3 Codec APT X 1 2 850 APT 1 5 Audio Source 684 00 00 00 0 12 30 2014 3 3 Audio Frame Ox 9c bd 23 30 80 c0 00 00 00 00 00 00 00 d9 6d 2a b2 ba dO a5 56 56 f9 34 aa ca cb 5f 55 55 56 99 69 2a 92 83 e4 65 46 4a 65 Da a8 a9 33 A 55 15 39 74 2a a2 ab b3 45 54 56 2a 33 0 55 65 73 5f ca ac ad 68 45 55 55 9c bd 23 30 80 c0 00 00 00 00 00 00 00 81 76 b2 ab 2a b1 92 55 24 d0 42 4a a4 92 ab 15 51 52 cd a2 aa 2a 91 c8 55 45 5c al aa aa ac fb 7615 61 c4 9d 42 b4 3b 1c 93 ea aa aa d8 35 55 55 50 f7 8c a8 c9 53 65 55 55 9c bd 23 30 80 c0 00 00 00 00 00 00 00 26 10 2a a2 af fb 05 54 55 6d 98 aa Ba c3 fe 55 55 5b 29 Oc 2a c3 al 6d 55 55 76 be ca ac ae 76 b9 55 95 Ja c5 45 54 52 58 c3 2a 32 57 ac 55 45 51 bb Ba a8 ab 7f 95 15 51 9c bd 23 30 80 c0 00 00 00 00 00 00 00 9c fe aa aa b8 5c 65 56 57 61 44 aa ca eb fe 95 59 5c 1f d2 ab 2b 37 76 55 65 5b a9 2c aa 54 d9 28 aa 8a ac 85 15 51 58 56 2a 2a a3 60 c5 85 58 73 de aa aa ae d7 f9 55 95 9c bd 23 30 80 c0 00 00 00 00 00 00 00 d0 19 2a b2 b6 2e e5 56 56 1a 9a ca ac ad 19 45 54 53 70 e8 aa Ba 4b bc 5 ca ac b3 50 95 55 57 04 62 aa aa eb d3 91 59 1d 89
14. the Decode Pane 4 Select Find Previous Occurrence or Find Next Occurrence to continue the search There are several important concepts to remember with Find 109 ComProbe Sodera User Manual Chapter 4 Capturing and Analyzing Data e When you enter a search string and select Enter the search moves forward e If you select Find Previous Occurrence when the search reaches the first frame it will then cycle to the last frame and continue until it reaches the frame where the search began e Shift F3 is a shortcut for Find Previous Occurrence e If you select Find Next Occurrence when the search reaches the last frame it will then cycle to the first frame and continue until it reaches the frame where the search began e F3 is a shortcut for Find Next Occurrence e You cannot search while data is being captured e After acapture is completed you cannot search until Frame Display has finished decoding the frames e Find is not case sensitive e The status of the search is displayed at the bottom of the dialog Total Frames 259 Frames Filtered In 259 Frame s Selected 201 1 e The search occurs only on the Search for Antenna True results FPound protocol layer selected e Tosearch across all the protocols on the Frame Display select the Unfiltered tab e A drop down list displays the search values entered during the current session of Frame Display
15. 2 O D Find x A 13 yy Summary mo Ag CET ino Erors pa B Frame ASCII Hex Fram Delta Timestamp 3 E 1 660 109 00 00 41 1 4 10 2012 3 55 10 85203 E Figure 4 37 Connection Filter selecting All 802 11 frames front 4 4 1 13 3 Protocol Filtering from the Frame Display 4 4 1 13 3 1 Quick Filtering on a Protocol Layer On the Frame Display click the Quick Filtering icon NG or select Quick Filtering from the Filter menu This opens a dialog that lists all the protocols discovered so far The protocols displayed change depending on the data received 135 ComProbe Sodera User Manual Chapter 4 Capturing and Analyzing Data Quick Filtering and Hiding Protocols Protocols To Filter In Protocols To Hide Named Filters All Frames With Errors All But the Last Layer Filter0 All Frames With Information All Frames With Information Filter a AYDTP AVDTP Filter2 AVDTP Signaling JAVDTP Signaling 5CO link Supported a Baseband Baseband Filter3 Bluetooth FHS Bluetooth FHS Role Slave Headset Headset Configured BT low energy devic L2CAP L2CAP Exclude NULLs and POLLs LMP LMP Non Captured Info Non Captured Info PreConnection FHS PreConnection FHS RFCOMM RFCOMM SDP SDP Cancel Filtering shows only frames that contain the protocol desired but it shows the entire frame Hiding removes any protocol layers from displaying in any frame Figure 4 38 Frame Display Quick Filtering and
16. Antenna True e The search is cancelled when you select a different protocol tab during a search e You can cancel the search at any time by selecting the Cancel Current Search button 4 4 1 7 Synchronizing the Event and Frame Displays The Frame Display is synchronized with the Event Display Click on a frame in the Frame Display and the corresponding bytes is highlighted in the Event Display Each Frame Display has its own Event Display As an example here s what happens if the following sequence of events occurs 1 Click on the Frame Display icon E in Control window toolbar to open the Frame Display 2 Click on the Duplicate View icon dg to create Frame Display 2 3 Click on Event Display icon Po in Frame Display 2 Event Display 2 opens This Event Display is labeled 2 even though there is no original Event Display to indicate that it is synchronized with Frame Display 2 4 Click on a frame in Frame Display 2 The corresponding bytes are highlighted in Event Display 2 5 Click on a frame in the original Frame Display Event Display 2 does not change 110 Chapter 4 Capturing and Analyzing Data ComProbe Sodera User Manual 4 4 1 8 Working with Multiple Frame Displays Multiple Frame Displays are useful for comparing two frames side by side They are also useful for comparing all frames against a filtered subset or two filtered subsets against each other e To create a second Frame Display cli
17. Displays each packet Tooltips packet text and selection boxes are available as usual Show Packet Displays an outline of each packet In this mode the spectrum data comprising each Outline packet is clearly visible and indicated Tooltips packet text and selection boxes are available as usual Hide Packets Packets and packet outlines are not displayed Tooltips packet text and selection and Outlines boxes are available as usual 144 Chapter 4 Capturing and Analyzing Data ComProbe Sodera User Manual 4 4 2 2 Coexistence View Toolbar BOOD a a 9 4 HO MIA LO BG Figure 4 40 Coexistence View Toolbar The toolbar contains the following selections Table 4 12 Coexistence View Toolbar icons Icon Description Move to the first packet CHU a aga 145 ComProbe Sodera User Manual Chapter 4 Capturing and Analyzing Data Table 4 12 Coexistence View Toolbar icons continued Pp escription Pp escription Zoom out Scroll cursor When selected the cursor changes from Scroll i k to a context aware zooming cursor Click on normal cursor to remove the zooming cursor EY a Scroll Lock Unlock during live capture mode Reset during live capture mode Clears the display 4 4 2 3 Coexistence View Throughput Indicators Packets All Selected Viewport Awg throughput 1 sec throughput bits bits Figure 4 41 Coexistence View Throughput Indicators Through
18. The Average and Actual audio stream bitrate graphs can be displayed over the audio waveform using the Global Toolbar Average Bitrate Overlay and Actual Bitrate Overlay buttons respectively These are presented as overlays onto the main Wave Panel so the user can correlate audio issues with bitrate changes and the like The scale is in kbps kilo bits per second Hovering over the bitrate scale will display a pop up showing the bitrate at the play cursor position Actual Bitrate is based on the throughput at the Codec level The Average Bitrate is the moving average over 0 1 sliding second window 12 52 40 365 PM 12 52 40 450 PM 12 52 40 615 PM 12 52 40 740 PM 12 52 40 365 PM See eee Figure 4 106 Average Bitrate Overlay All of the information for calculating the Acutal and Average Bitrate is in the codec data frame header 4 5 6 2 4 Event Timeline The Event Timeline in the Wave Panel shows the Bluetooth E1 Codec fa g and Audio events related to the waveform being viewed The events are synchronized in time to the waveform displayed in the Wave Panel The event severity is displayed as Information A Warning A and Error F Figure 4 107 Event Timeline Shown with Wave Panel 210 Chapter 4 Capturing and Analyzing Data ComProbe Sodera User Manual Clicking on an event in the Event Timeline shows a relevant selection in the Audio Waveform Panel The size of the selection depends on the number of frames associated with
19. technology specific e Clicking on a protocol filter tab in the General group filters in all packets containing that protocol regardless of each packet s technology e Clicking on a protocol filter tab in a technology specific group filters in all packets containing that protocol on that technology e A protocol filter tab appears in the General group only if the protocol occurs in more than one of the technology specific tab groups For example if L2CAP occurs in both Classic Bluetooth and Bluetooth low energy there will be L2CAP tabs in the General group the Classic Bluetooth group and the Bluetooth low energy group Select the Unfiltered tab to display all packets There are several special tabs that appear in the Summary Pane when certain conditions are met These tabs appear only in the General group and apply to all technologies The tabs are e Bookmarks appear when a bookmark is first seen e Errors appear when an error is first seen An error is a physical error in a data byte or an error in the protocol decode e Info appears when a frame containing an Information field is first seen The tabs disappear when the capture buffer is cleared during live capture or when decoders are reloaded even if one of the tabs is currently selected They subsequently reappear as the corresponding events are detected 103 ComProbe Sodera User Manual Chapter 4 Capturing and Analyzing Data Comparing
20. 0G 15 marker D0 4500 00 47 oan Bookmarks are easy to create and maintain and are a very valuable tool for data analysis When you create or modify a bookmark you have up to 84 characters to explain a problem leave yourself a reminder leave someone else a reminder etc Once you create a bookmark it will be saved with the rest of the data in the cfa file When you open a cfa file the bookmarks are available to you Once you have created a bookmark you can use the Find function or other navigation methods to locate and move among them 5 2 1 Adding Modifying or Deleting a Bookmark You can add modify or delete a bookmarks from Frame Display and Event Display Add 1 Select the frame or event you want to bookmark 2 There are three ways to access the Add Bookmark dialog a Select Add or Modify Bookmark from the Bookmarks menu on the Frame Display and Event Display b Select the Add or Modify Bookmark Li icon on one of the toolbars or c Right click on the frame event and choosing Add Bookmark 3 In the dialog box add a comment up to 84 characters in the text box to identify the bookmark 4 Click OK Once you create a bookmark it will be saved with the rest of the data in the cfa file When you open a cfa file the bookmarks are available to you ala ae ComProbe Sodera User Manual Chapter 5 Navigating and Searching the Data Modify 1 Select the frame or event with the bookmark to be edited 2
21. 22 22 2 l ee eee cc ce cece cece cece cece eeceeeceeeeees 248 Figure 6 4 Event Display Export Example csv file 249 Figure 6 5 Example csv Event Display Export Excel spreadsheet 2 eee eee cece eee eee 251 Figure 7 1 System Settings Single File Mode cece eee cece cece eee c eee eeeeeeecees 254 Figure 7 2 Advanced System Options dialog 2 22 a 256 Figure 7 3 Start Up Options dialog _ 2 222 2 ieee ee ec cece cee cee cece eee eeeeeeeeeees 257 Figure 7 4 File Locations dialog _ 2 220 22 a 258 Figure 7 5 File Locations Browse dialog 2 22 22 c eee cece ec cee cece eee c cece ccc eeeceeceeeeees 258 Xvil ComProbe Sodera User Manual Figure 7 6 Example Side Names Where Slave and Master are current 260 xviii ComProbe Sodera User Manual XIX Chapter 1 ComProbe Hardware amp Software Frontline Test Equipment ComProbe family of protocol analyzers work with the following technologies e Classic Bluetooth e Bluetooth low energy e Dual Mode Bluetooth simultaneous Classic and low energy e Bluetooth Coexistence with 802 11 e Bluetooth HCI USB SD High Speed UART e NFC e 802 11 Wi Fi e SD e USB e HSU High Speed UART The ComProbe hardware interfaces with your computer that is running our robust software engine called the ComProbe Protocol Analysis System or ComProbe software Whether you are sn
22. 5 elect Pl A2DP Open File s After Extraction J Apes i t FBIP SCO eSCO Options BRP Write Streams as J FTP Two Mono Files lv HCRP One Stereo File HF J HS J MAP OPP JI PBAP Add Silence packets SCO eSCO Z SPP enc TI WBS Convert A Law and p law to Linear PEM CYSD is always converted Extract Figure 4 37 Data Audio Extraction Settings dialog 2 Choose a checkbox es on the left side of the dialog to identify from which profile s you want to extract data It s important to note that if there is no data for the profile s you select no extracted file is created 3 If you want the file s to open automatically after they are extracted select the Open File s After Extraction checkbox A Note This does not work for SCO eSCO 4 Click on aradio button to write the streams as Two Mono Files or as One Stereo File 218 Chapter 4 Capturing and Analyzing Data ComProbe Sodera User Manual J Note This option is for SCO eSCO only 5 Select the checkbox if you want to convert A Law and y law to Linear PCM CVSD are always converted to Linear PCM It s probably a good idea to convert to Linear PCM since more media players accept this format P Note This option is for SCO eSCO only 6 Selectthe Add Silence packets to insert the silence packets dummy packets for the reserved empty slots into the extracted file If this option is not selected the a
23. Chapter 4 Capturing and Analyzing Data ComProbe Sodera User Manual 4 5 6 2 2 Local Controls The Local Controls in each Wave Panel provide the user with indicators and controls for waveform display and audio play back Qi 4 CI Figure 4 101 Wave Panel Local Controls Waveform Play Back Volume The volume slider controls the playback volume for the audio in each Wave Panel Audio Volume Indicator AA The volume indicator shows the relative audio volume at the waveform display play cursor When the green bars completely fill the indicator the audio volume is at its highest level As the volume decreases the bars will move to the right linearly with no visible green bar indicating no audio The volume indicator will continue to operate if the audio stream has been muted Mute Mute Checking the Mute check box will silence the Wave Panel s audio output The volume indicator will respond to the audio volume but nothing will be heard All panels can be simultaneously muted using the Audio Expert System Global Toolbar The Wave Panel mute is a local control only However the Global Toolbar mute control will set the Stream Panel s Local Controls mute Vertical Zoom Each Wave Panel contains local Vertical Zoom controls that expands or reduces the waveform display vertically The waveform amplitude is always visible and the Vertical Zoom controls increases or decreases the entire vertical size of the display The verti
24. Click on the Find icon AA or choose Find from the Edit menu 4 Click on the Go To tab of the Find dialog 5 The system displays the Find dialog with the Go To tab selected Note The tabs displayed on the Find dialog depend on the product you are running and the H content of the capture file you are viewing Ska Decode Patten Tine GoTo Special Ewerdt Bookmark a Frame Humbe Merve Eorratd Data Event Humber Move Back Al Everts Number gis Figure 5 7 Find Go To tab To go to a particular frame 1 Select the Frame Number radio button 2 Type the frame number in the box 3 Click the Go To button 228 Chapter 5 Navigating and Searching the Data ComProbe Sodera User Manual 4 To move forward or backward a set number of frames type in the number of frames you want to move 5 Then click the Move Forward or Move Back button To go to a particular event 1 Select the Data Event Number or All Events Number radio button 2 Type the number of the event in the box 3 Click the Go To button 4 To move forward or backwards through the data type in the number of events that you want to move each time 5 Then click on the Move Forward or Move Backward button 6 For example to move forward 10 events type the number 10 in the box and then click on Move Forward Each time you click on Move Forward Frontline moves forward 10 events See Event Numbering for why the Data Event Number and Al
25. Figure 4 44 single selected packet __ 0 222 2 le lee eee aaa aoaaa aaa aooaa aoaaa aonan nann 149 Figure 4 45 Coexistence View Throughput Graph eee eee cee cece cece cee ceeceeeeeees 149 Figure 4 46 Throughput Graph y axis labels eee eee ec cee cee cece cece eeeeeeeeeee 150 Figure 4 47 Data point tooltip 22 ccc cee cee eee cece cece eee cece eeceeceeceeeeeees 150 Figure 4 48 A negative discontinuity 2 22 22 eee eee ccc ee cee eee cece eee ee eeeeeeeeeeees 151 Figure 4 49 Three positive discontinuities 2 22 2 c eee cece eee cece cece cece ccc eccecccceeceeceees 151 Figure 4 50 Throughput Graph Viewport 22 2 cece cece cee eee c ee cee cece ee eeeeeeeeeeees 152 Figure 4 51 Small Timeline and large Throughput Graph after pressing the Swap button 153 Figure 4 52 Dots Toggled On and Off 22 2 eee eee eee cee cee eee eee cece aaoo annona 153 Figure 4 53 Overlapping Dots Information Display 2 a 154 Figure 4 54 Synchronized Zoomed Throughput Graph and View Port ee ee 155 Figure 4 55 Zoomed Throughput Graph Largest Value Snaps to Top 22 2 2 eee eee ee eeeee 155 Figure 4 56 Zoomed Throughput Graph Freeze Y keeps the y axis constant _ 156 Figure 4 57 802 11 Source Address Dialog eee cece cee ce ccc cec
26. Protocol Stack 88 89 91 Q Quick Filtering 135 R Radix 97 118 Reframe 90 Reframing 90 Relative Time 226 262 Remove Bookmarks 237 238 Columns 116 Custom Stack 88 Filters 126 127 ComProbe Sodera User Manual Framing Markers 90 Reset Panes 111 Resolution 261 Resumed 99 Revealing Protocol Layers 107 RFCOMM 68 70 RFCOMM Missing Decode Information 69 RFCOMM Override Decode Information 70 RS 266 Save 123 241 Save As 241 Saving Display Filter 122 Imported Capture Files 253 Search 222 224 226 228 229 233 236 238 binary value 224 bookmarks 238 character string 224 errors 233 event number 229 frame number 228 hex pattern 224 pattern 224 special event 229 timestamp 226 wildcards 224 Seed Value 95 Serial Driver 267 Short Break 100 Side Names 259 323 Appendicies Sides 259 Signal Strength 137 Smart 40 IRK 40 Smart Ready 40 Sodera Analyze 80 battery 9 Front Panel 5 emergency shut down 6 Rear Panel 8 security 43 Start Session 79 thermal overload 9 wired 43 wireless 43 Sorting Frames 108 Special Events 229 Specturm 31 83 Start 99 Start Up Options 256 Summary 113 Summary Pane 113 116 117 Sync Dropped 100 Sync Found 100 Sync Hunt Entered 100 Sync Lost 100 Synchronization 110 System Settings 253 255 T Technical Support 269 Appendicies ComProbe Sodera User Manual Test Device Began Responding 100 Test Device Stopped Responding 100 Timestamp 237 261 262 Timestamping 2
27. ee ec ec ec eee cece cece eee orna 154 AA 2 19 ZOOM CUNSOP gvedcnucigiewsientedee vewecenewseeeccsunsauueteeeeeeeauesGueeceseuedennemceseensac 156 4 4 2 20 Comparison with the Bluetooth Timeline s Throughput Graph _ 2 156 442 21 Coexistence View Set BUON scceecdeonn ATEN NG ANA NG Na Ahh ak GRE Ee ENE NRAN WREEK AER Si 157 4 4 2 22 Coexistence View Throughput Radio Buttons eee eee cece ee ee eee 158 VI ComProbe Sodera User Manual 4 4 2 23 Coexistence View Timeline Radio Buttons 22 2c eee eee ee eee eee eee eee 158 4 4 2 24 Coexistence View low energy Devices Radio Buttons eee eee eee ee ee 158 4 4 2 25 Coexistence View Legend __ _ 2 22 le eee eee cece eee cee cee eee eee eee eeeeeeeeeeees 159 4 4 2 26 Coexistence View Timelines eee cece ce ce ce cece cece cece eee eeeeeees 159 442 27 Pak el IMO MNGNON 2 022052 seen NSAN ANNA couulenege eeu DA EIERE misan 159 4 4 2 28 Relocating the tool tip a 162 4 4 2 29 The two Timelines ee ee ee ce ce ee ee ee eee arrana 164 AA 2 30 Bluetooth slot markers a ioe erie a NG drann aaah ka lata NG nA SNG kaaa GA ad Enare anong 166 NB Ae AA APO 166 4 4 2 32 DISCONUNUINGS oss code daa sea nner r a daa hh La ANG TODA An DU Kha naDL ADAN ANAK aaah JOANA ANING EEE 167 4 4 2 33 m Fed gal 01 ea DAA AA 168 4 4 2 34 Coexistence View No Packets Displayed with
28. of the Event Display Export dialog e Selecting more than one event in the Event Display window defaults the radio button in the Event Display Export dialog to Selection and allows the user to choose the All radio button e When only one event is selected something must be selected the All radio button in the Event Display Export dialog is selected by default 5 Next you need to select the Side variable for serial communications e is used to determine whether you want to export data from or both e Choose or Both to determine how you want to export the data 249 ComProbe Sodera User Manual Chapter 6 Saving and Importing Data 5 Choose or Both to determine how you want to export the data 6 Choose whether you want to display multiple events or single events per row Events Per Row You can choose to display Multiple Events Per Row but this method contains no timestamps If you select One Event Per Row you can display timestamps multiple events or single events per row Note The raw timestamp value is the number of 100 nanosecond intervals since the H beginning of January 1 1601 This is standard Windows time The timestamp data types displayed in columns for One Event Per Row Timestamp Delta Event Number Byte Number Frame Number Type Hex Dec Oct Bin Side ASCII 7 bit ASCII EBCDIC Baudot RTS CTS DSR DTR CD RI UART Overrun Parity Error Framing Error 7 Ifyou select csv as the f
29. s starting date and time in the local time zone of the user s computer e Size the size of the excursion mode capture Select Excursion mode capture files by e Click to select a single file e Shift click to select a contiguous range of files starting with the most recently selected file e Ctrl click to select an additional file or non contiguous file to the selection e Select all files by o right clicking and selecting Select All Ctrl A from the context menu or o Typing Ctrl a Delete selected files from the connected Sodera hardware by e Pressing the Delete key or e Right clicking and selecting Delete from the context menu or e Clicking the dialog Delete button A delete operation will display a confirming dialog that requires the user to confirm the operation before the files are actually deleted Clicking on Yes will permanently delete the files from the connected Sodera hardware Clicking on Cancel will abort the delete operation Record Selecting a single file will enable the Record button and the Record right click pop up menu item Clicking the Record button or menu item will close the dialog and start recording the selected excursion mode capture to the user s computer Right click pop up menu Right clicking on any file will open a pop up menu with options to Delete Delete Record or Select All Record Select All Ctri A View Menu aes The View menu offers options to display or hide panes toolbars and the stat
30. 1 System Calibration for Referenced Mode cece cece ccc ccccecceeceees 190 4 5 4 3 2 Adjusting for Optimal Volume Levels 22 eee cece cece cece cece ee eeee 192 4 5 5 Audio Expert System Event Type _ 2 220 a 193 4 5 5 1 Event Type Bluetooth Protocol _ 02 2 cee eee ee eee cece naonna 193 vil ComProbe Sodera User Manual 4 5 5 2 Event Type Codec _ 12 2 ee cece LaaLa DLLD LALL aL LaaLa aLaaa anaana 194 1 5 5 3 Event Type AUDIO 2 cc5occsecsevacuducsendousacbuescesunue a NAKAULAT sA mn Ubo ab Fa Lakan 196 4 5 6 Audio Expert System Window 2 22 2 cece eee ee cee cece eee c ccc cece aooo aaoo annn 202 4 5 6 1 Global Toolbar esac ceicyo ne onuas conc wee bore aieeosctsonmee nes caeeteneesedcesteeue este eee ee sees 203 M62 WAVE ANE AA 205 4 5 6 2 1 Audio Stream INTO Zed eden cevinceskduscudeecssacenateisdeesgeedeesesecedeswessaesde lt se 206 4 5 6 2 2 Local Controls AA eee ce cece eee eee e cece eceeeeeeeceeeeees 207 4 5 6 2 3 Audio Waveform Pahala cence AA NG ANg kaa daka aa aa GG nn paaa 208 4 56 24 Event Timeline aa aaaa HANNA Tha A AT G ED ONDI NE HOA GA ULA DEAL ANG hEmULLST TO ANAN ELEM 3AS 210 4 5 6 3 Event APA 212 4 5 6 4 Wave Panel amp Event Table Pop up Menu 22 2 ce eee eee c ee cece eee e eee eeeeeee 214 A 5 6 5 EXPO Audio Data occ ccedewdnacecedidasconeeuedeseede ddsodesdasiueetecdeneeddeceseseeecadeesees 215 4 5 6 6 E
31. 11 50 28 193625 AM 5F AB 59 A7 90 49 and ab 3 11 2015 11 50 37 403866 AM wg 3711 2015 11 50 29 021527 AM 56 9A EBAZ 37 01 rand 4 11 9075 17 50 49 WAAR AM OM IP ARAM AF R7 i PT Figure 3 23 Positioning by Cursor This pane positioning method works whether the pane is docked or floating Position the cursor on the title bar of the pane Left click hold and start dragging the pane Eight positioning controls each with its own arrow will appear at various locations on the main window Drag the pane such that the mouse cursor is positioned on the desired positioning control The positioning control will turn blue and the new position of the pane will be indicated in blue Release the mouse button The pane will move to the new position 55 ComProbe Sodera User Manual Chapter 3 Configuration Settings Creating a tabbed pane 19 666 packets captured Figure 3 24 Position Control for Setting Tabbed Security Pane ae a er OP er ee a 2 Move the cursor until the middle position indicator turns blue ap Tal 4 11 2015 11 50 29 021527 AM and release the mouse key The pane will appear as a tab at the bottom of the target pane 3 11 2015 11 50 43 386325 AM D 3 11 2015 11 50 51 727526 am Changing the position of a tabbed pane mo 11 2015 11 50 47 128040 AM This is the same as changing the position of a non tabbed pane am mi except that the cursor is positioned on the tab itself not the title bar E
32. 248 6 6 2 Exporting a File with Event Display Export l eee eee eee eee cece eee eeeeeee 249 6 6 2 1 Export Filter Out a 251 6 6 2 2 Exporting Baudot eee ee cc cece ce eee eee ence eee eeeeeeeeeeeeeeeees 251 Chapter 7 General Information a 253 7 1 System Settings and Progam Options 22 222 eee cece cece cece eee cece ccc cece ee ceeceeeeees 253 Teg A BC ES uiii ee eee s cette ewer eee er A seca beds ex 253 7 1 1 1 System Settings Disabled Enabled Options _ 2 2 2 2 2 cece ee eee eee eee ee eee eeeceeeee 255 7 1 1 2 Advanced System Options a 255 7 1 1 3 Selecting Start Up Options eee ee cee cece cece cece ee ceeceeeeees 256 7 1 2 Changing Default File Locations lec c eee c cece cece cence eceeceeeeeees 257 74 3 Side NAMEGS 522000000500 24eed0erdwecdvewsestesiedoowapedsscosdaueoetacsanebeddssouseceeonteeererewaess 259 MESA AA 260 444 1 TImestamping OPTIONS 4a NENA GANA AA no UNO DULA GG DT IDA NAG NANU LAAD PA NBA DANE NAANS 260 7 1 4 2 Enabling Disabling Timestamp 2 c cece e cece cece cece cece ec eeeeeeeeeeececececs 261 7 1 4 3 Changing the Timestamp Resolution oo ce eee cee cece cece cece eceeeeeee 261 7 1 4 4 Switching Between Relative and Absolute Time cece cece cece cece ee ceeceeees 262 7 1 4 5 Displaying Fractions of a Second ee eee eee eee cece cece ce
33. 27 2015 10 02 04 6584 00 00 00 0 1 27 2015 10 02 04 6587 00 00 00 0 1 27 2015 10 02 04 6773 00 00 00 0 1 27 2015 10 02 04 6823 00 00 00 0 1 27 2015 10 02 04 6873 00 00 00 0 1 27 2015 10 02 04 6878 00 00 00 0 1 27 2015 10 02 04 6881 00 00 00 0 1 27 2015 10 02 04 7060 00 00 00 0 1 27 2015 10 02 04 7065 00 00 00 0 1 27 2015 10 02 04 7063 00 00 00 0 1 27 2015 10 02 04 7110 00 00 00 0 1 27 2015 10 02 04 7160 00 00 00 0 1 27 2015 10 02 04 7335 00 00 00 0 1 27 2015 10 02 04 7340 00 00 00 0 142772015 10 02 04 7344 00 00 00 0 142772015 10 02 04 7385 00 00 00 0 1 27 2015 10 02 04 7435 00 00 00 0 1 27 2015 10 02 04 7585 00 00 00 0 1 27 2015 10 02 04 7635 00 00 00 0 1 27 2015 10 02 04 7685 00 00 00 0 1 27 2015 10 02 04 7792 00 00 00 0 1 27 2015 10 02 04 7842 on non BO NS Total Frames 6 767 Frames Filtered In 6 017 Frame s Selected 1 1 total Figure 4 35 Front Display Filtered on Access Address Ox8e89bed6 In the figure above is an example Bluetooth low energy data set connection filtered on Access Address Ox8e89bedb The Frame Display in the front is the filtered data set One way to note the difference between the original and the filtered display is to observe the Protocol Tabs In the filtered display there are four low energy protocol tabs as compared to nine in the original display
34. 4 Encrypted Diversifier EDIV 16 bit stored value used to identify the LTK A new EDIV is generated each time a new LTK is distributed Figure 14 Sample Initiator Pairing Request Decode ComProbe Frame Display BPA 600 low energy capture 5 Random Number RAND 64 bit stored value used to identify the LTK A new RAND is generated each time a unique LTK is distributed Of particular importance to decrypting the encrypted data on a Bluetooth low energy link is LTK EDIV and RAND B 4 3 Pairing Methods The two devices in the link use the IO capabilities from Pairing Request and Pairing Response packet data to determine which of two pairing methods to use for generation of the Temporary Key TK The two methods are Just Works and Passkey Entry An example of when Just Works method is appropriate is when the IO capability input None and output None An example of when Passkey Entry would be appropriate would be if input Keyboard and output Display There are 25 combinations that result in 13 Just Works methods and 12 Passkey Entry methods In Just Works the TK O In the Passkey Entry method _ 6 numeric digits Input Keyboard 6 random digits Input Display SMP Code Pairing Confirm Contin Value Oxfade3394940594 7 cbedbblfeeSI399c9d5 Figure 15 Initiator Pairing Confirm Example ComProbe Frame Display BPA 600 low energy capture lA third method Out Of Band OOB performs the same as Pass Key but thr
35. 50 mW going to the ComProbe Sodera o If DUT1 or DUT2 is a Class 2 device 10 dBm 12 5 mW will reach the ComProbe analyzer antenna connector If they are Class 3 devices 3 dBm 0 5 mW will reach the antenna connector e For BPA 600 o Ateach T connector the power will split in half Therefore the power reaching the ComProbe protocol analyzer will be one fourth the transmitted power For example if DUT1 is a Class 1 device transmitting 20 dBm 100 mW at the first T connector it will split with 17 dBm 50 mW going to DUT2 and 17dBm 50 mW going to the ComProbe analyzer o The 17dBm 50 mW going to the ComProbe analyzer splits again Each coaxial cable going to a ComProbe analyzer antenna connector carries 14 dBm 25 mW o If DUT1 or DUT2 is a Class 2 device 8 dBm 6 25 mW will reach each ComProbe analyzer antenna connector If they are Class 3 devices 6 dBm 0 25 mW will reach each antenna connector Attenuation should be selected to limit the received power levels to prevent equipment damage and to provide sufficient power to reliably operate the equipment If using attenuation follow these recommendations e Ifthe devices are of the same class the attenuators AT1 and AT2 should be of equal value e For ComProbe BPA 600 attenuators AT3 and AT4 should be of equal value 292 ComProbe Sodera User Manual Appendicies e Determine the maximum power received at the ComProbe antenna jacks Then select an appropri
36. 602 11 bottom A 4 E 7 3 120 bits 8 192 ms Data Point 85 Right click to zoom to data point WEEK i 380 859 bits s 802 11 Packet Throughput Chapter 4 Capturing and Analyzing Data Overlapping Dots d Cursor placed on visilble d bottom dot to display 802 11 LN L packet information 802 11 Packets in Overall Packet Range 16 765 16 787 Figure 4 53 Overlapping Dots Information Display 4 4 2 18 Zoomed Throughput Graph Clicking the Show Zoom button Show Zoom displays the Zoomed Throughput Graph above the Throughput Graph The Zoomed Throughput Graph shows the details of the throughput in the time range covered by the viewport in the Throughput Graph Both the Zoomed Throughput Graph and the Timelines are synchronized with the Throughput Graph s viewport The viewport is sized by dragging one of its sides or by using one of the other zooming techniques listed in the Zooming subsection in the Timelines section 154 Chapter 4 Capturing and Analyzing Data ComProbe Sodera User Manual ee een pa Pir Fee Pees Alege ipo Hiig GOOD 25 aw Cakes ki Lisa Ye NG haaa Pee E bai ECM Na BOO Kora lie T Zoomed Thro ughput and Timeline scrollbars are synchronized a ki PB tasa Em Nia Pepa FL Figure 4 54 Synchronized Zoomed Throu
37. A C Sum Ba r F i A gt a Errors Bluetooth low energy Link 0 s 3 Baseband Show Hidden Panes e Ee T E Baseband faseband PreConnection FHS SCO eSCO z Header Length 11 4 i Header Version 3 B Frame Pr Access Add CRC BDSDOR Fram Delta Timestamp a a E maid 6 463 17 4 13 2015 10 55 32 661 Figure 4 32 Connection Filter from the Frame Display Toolbar right click 131 ComProbe Sodera User Manual Chapter 4 Capturing and Analyzing Data From the Frame Display panes Right click anywhere in a Frame Display pane and select Connection Filter in the pop up menu The procedure for creating a connection filter are identical as described in From the Frame Display Filter menu above Frame Display TestFileSimmer cfa eka File Edit View Format Live Filter Bookmarks Options Window Help O GH o FA 4 AHS Y ic2l n PO sa Frame 6 471 Master Len 289 in En MOE amp CCOO i Baseband Packet Status CRC Error 0 Unfiltered Data Errors E Baseband Baseband PreConnection FHS SCO eSCO Header Length 11 Header Version 3 B Frame Pr Access Add CAC EDADDR Delta Timestamp 6 453 421372015 10 55 32 661 Husa A A Q Sum This is the Decode Pane Copy Selection to Clipboard Select Entire Frame Expand Decode Pane Collapse All Nodes Expand All Nodes Connection Filter 5 464 6 465 5 466 6 467 6 466 5 469 6 470 6 47
38. AA Classic k 00 00 00 0 00 00 00 0 00 00 00 0 00 00 00 0 00 00 00 0 00 00 00 0 00 00 00 0 00 00 00 0 00 00 00 0 00 00 00 0 4713 2015 10 55 32 660 41272015 10 55 32 671 4713 2015 10 55 32 69001 4713 2015 10 55 32 692 4773 2015 10 55 32 6941 41372015 10 55 32 701 4713 2015 10 55 32 7051 4713 2015 10 55 32 711 4713 2015 10 55 32 711 4713 2015 10 55 32 14 Bluetooth low energy k 00 00 00 0 441342015 10 55 32 7201 Provide L2CAP Rules a Set Subsequent Decoder Parameters Hide This Pane Show Hidden Panes Figure 4 33 Connection Filter from the Frame Display Pane right click From the Frame Display frame selection Select a frame in the summary pane Right click and select Connection Filter in the pop up menu The procedure for creating a connection filter are identical as described in From the Frame Display Filter menu above If the frame you have selected is associated with a Classic Bluetooth link or a Bluetooth low energy access address an additional pop up menu item will appear as shown in the example image below This selection is a predetermined filter based on your selection In the example frame 6471 is associated with Link 4 so the predetermined filter assumes that you may want create a connection filter for that link Clicking on Connection Filter Link 4 will filter in Link 4 frames without op
39. Because the Binary pane displays the logical bytes rather than the physical bytes the data in the Binary pane may be different from that in the Event pane See Physical vs Logical Byte Display for more information Colors are used to show which protocol layer each byte belongs to The colors correspond to the layers listed in the Decode pane The Event Radix Binary Character and Decode panes are all synchronized with one another Clicking on an element in any one of the panes highlights the corresponding element in all the other panes 4 4 1 11 8 Event Pane The Event pane shows the physical bytes in the frame You can choose between iu displaying only the data events or displaying all events by clicking the All Events icon a Ja FF 3p 1f Hh x5 kA This ts the Event Pane Copy Selection to Clipboard Mee Oo Hgzmgm HO Select Entire Frame Displaying all events means that special Change Text Highlight Color events such as Start of Frame End of Frame and any signal change events are displayed as special symbols within the data Display All Events The status lines at the bottom of the pane give the same information as the status lines in the Event Display window This includes physical data errors control signal changes if appropriate and timestamps Because the Event pane displays the physical bytes rather than the logical bytes the data in the Event pane may be different from that in the Radix Binar
40. Figure 4 88 MSC View of Selected Packet from Ctrl Summary You can return to the text version by using a right click and selecting Show in Text All Layers Ctrl Summary Non Msg Summary BB LMP LZCAP SDP RFCOMM HF AYOTP AVDIP Signaling Showin Test Shaw Times oniy Show both Frome and Time Hide both Frames and Tire Suspend streaming to stream end point 1 Figure 4 89 Return to Text View Using Right Click Menu You can also choose to show e Frame only e Time only e Show both Frame and Time e Hide both Frame and Time 177 ComProbe Sodera User Manual Chapter 4 Capturing and Analyzing Data 4 4 3 1 Message Sequence Chart Search The Message Sequence Chart has a Search function that makes it easy to find a specific type message within the layers When you select the 1 Search icon HA or 2 use Select layer and message F3 key the Select layer and message dialog appears From this dialog you can search for specific protocol messages or search for the first error frame 1 On the MSC dialog select one of the protocol tabs at the top Note If you select All Layers in Step 1 the Protocol Layers drop down list is active If you S select any of the other single protocols the Protocol Layers drop down is grayed out 2 Or Open the Search dialog using the Search icon or the F3 key 3 Select a specific Protocol Message from the drop down list f Select layer and message Proto
41. For All Emors Hele O Search For Frame Enos Oink O Search Far Information Frames Sade Revinchon Search vahou regad bo data ongin C Search onb these sides w OTE m OE Figure 5 3 Find Decode Tab Side Restriction There are several options for error searching on the Decoder tab e Search For String in Decoder allows you to enter a string in the text box You can use characters hex or binary digits wildcards or a combination of any of the formats when entering your string Every time you type in asearch string the analyzer saves the search The next time you open Find the drop down list will contain your search parameters e Search for All Errors finds frame errors as well as frames with byte level errors such as parity or CRC errors e Search for Frame Errors Only finds frame specific errors such as frame check errors e Search for Information Frame only searches information frames 1 Enter the search string 2 Check Ignore Case to do a case insensitive search 3 When you have specified the time interval you want to use click on the Find Next or Find Previous buttons to start the search from the current event The result of the search is displayed in the Decode pane in Frame Display 223 ComProbe Sodera User Manual Chapter 5 Navigating and Searching the Data Side Restrictions Side Restriction means that the analyzer looks for a pattern coming wholly from the DTE or DCE side If you 9 E
42. Hiding Protocols Dialog The box on the left is Protocols To Filter In When you select the checkbox for a protocol in the Protocols to Filter In the Summary pane will only display those frames that contain data from that protocol If you filter on more than one protocol the result are all frames that contain at least one of Quick Filter those protocols For example if you filter on IP and IPX NetBIOS you receive all frames that contain either IP or IPX NetBIOS or both A Quick Filter tab then appears on the Frame Display Changing the filter definition on the Quick Filter dialog changes the filter applied on the Quick Filter tab Quick filters are persistent during the session but are discarded when the session is closed The box in the center is the Protocols To Hide When you select the checkbox for a protocol in the Protocols To Hide data for that protocol will not appear in the Decode Binary Radix and Character panes The frames containing that type data will still appear in the Summary pane but not in the Decode Binary Radix and Character panes The box on the right is the Named Filters It contains filters that you create using the Named Filter and Set Condition dialogs When you select the Named Filters checkbox for the Name Filters a tab appears on the Summary Pane that gt File displays the frame containing the specific data identified in the filter The Filter named Filter tab remains on the Frame D
43. Just Works 0c9619dicec bee3bf686 na kbb Seld 11 13 2014 43 22 458777 AM Valid ra 11 13 2014 8 43 27 9959034 AM 5C F3 70 62 A9 BB b2 DE AT1 9B A7 3E rand n a 68dec n a e3 45d4624tb 8d 18af 11 13 2014 2 43 24 652559 AM Valid ial 11 13 2014 43 25 091315 AM 64 2B CD 69 F9 BE and 4A A0 04 FF C8 57 rand n a boc 768dec82Yade508 n a Ok2cBedd0DedSc8 11 13 2014 8 43 26 553837 AM Valid Figure 3 15 Bluetooth low energy Piconet Public Key and Private Key Encryption Legacy Passkey Pairing PIN is a six digit decimal number If a passkey is required by the device Enter passkey will appear in the device s PIN TK field Security wr x Status Time Master Slave PIN TK Link Key ACO IV D fal 11 13 2014 9 07 10 139572 AM 29 CD 00 99 FF 56 3C 2D 67 84 06 67 Enter passkey Enter link key n a bee Defb01d39705d3 D fal TA N49 13 27 746147AM 29 CD 00 99 FF 56 3C 2D B7 84 06 67 Enter passkey Enter link key na Oed5a2c01dOc23b Figure 3 16 Bluetooth low energy Passkey Decryption Not Enabled This example uses Passkey Pairing to enable decryption The user clicks on Enter passkey in the device PIN TK field Status Time Master Slave PIN TK Link Key ACO IV og 11 13 2014 9 07 10 139572 AM 29CD 00 99 FF 56 3C 2D B7 84 06 67 Enter link key n a beDefb01d9705d5 D fal 11 13 2014 9 13 27 746147AM 9 CD 00 99 FF 56 3C 2D B7 84 06 67 Enter passkey Enter link key na Qed 5a2c0ldOc2Sb Figure 3 17 Bluetooth low ener
44. Manual Appendicies ComProbe software s Virtual sniffing feature is a simple and easy way to perform HCl sniffing Virtual sniffing is not limited to just HCl sniffing but it is the most common use and this white paper will focus on the HCl sniffing application of Virtual sniffing It is also important to understand that ComProbe software is a multi mode product ComProbe software does support traditional air sniffing It also supports serial HCI sniffing for the H4 HCI UART H5 3 wire UART and BCSP BlueCore Serial Protocol protocols USB HCI H2 sniffing SDIO sniffing and Virtual sniffing So with ComProbe software nothing is sacrificed the product is simply more functional than other Bluetooth protocol analyzers B 6 3 Bluetooth Sniffing History Frontline has a strong appreciation for the importance of HCI sniffing because of the way we got involved with Bluetooth Because of our company history we are uniquely qualified to offer a multi mode analyzer that provides many ways to sniff and supports a wide variety of protocols This brief Bluetooth sniffing history should help you understand our approach to Bluetooth protocol analysis In the early days of Bluetooth there were no commercially available Bluetooth protocol analyzers so developers built their own debug tools and or used protocol analyzers that weren t built for Bluetooth Many developers built homegrown HCI analyzers basically hex dumps and crude traces because
45. Missing Channel Numbers 169 4 4 2 35 High Speed Live View 0 a 170 4 4 2 36 Coexistence View Spectrum Sodera Only 0 La 171 4 4 3 About The Message Sequence Chart MSC 2 eee cee eee cece eee c eee eee eeeeeeeeeees 173 4 4 3 1 Message Sequence Chart Search eee cee ec eee cee cece cece eee eeceeeeeeeeees 178 4 4 3 2 Message Sequence Chart Go To Frame eee eee cece cece eee ec ee eeeeees 179 4 4 3 3 Message Sequence Chart First Error Frame 22 eee eee cece cece ccc ecceeceeeeee 179 4 4 3 4 Message Sequence Chart Printing 2 222 eee ee eee cece eee cece eee eeeeeees 180 4 5 Bluetooth Audio Expert System 2 22 a 181 4 5 1 Supported Codec Parameters ccc eee cece cece cece cece eee eeceeeeceeeeees 183 4 5 2 Using Audio Expert System with ComProbe Sodera a 184 4 5 3 Starting the AudioExpert System ec cece cece eee c ee ee cece ee aonaran 184 4 5 4 Operating Modes eee cece eee cece eee e eee eee e cence cece cence eceeceeceeeeeeeees 184 4 5 4 1 Non Referenced Mode cee ee ee ee ee ce ee ee eee ee eee eens 184 4 5 4 2 Referenced Mode 2 ccc cece eee ce ce cece cece cece ee ceeeeeeeeeeeeeees 185 4 5 4 3 Referenced Mode Testing Processes _ 2 22 2 eee cece eee c eee e cece cece ee ceeeeceeceees 187 4 5 4 3
46. On or after the specified time 2 When you have specified the time interval you want to use click on the Go To Move Forward or Move Backward buttons to start the search from the current event When you select Absolute as Search for Go To is available When you select Relative as Search for Move Forward or Move Backwardis available There are a couple of other concepts to understand in respect to searching with timestamps e The analyzer skips some special events that do not have timestamps such as frame markers Data events that do not have timestamps because timestamping was turned off either before or during capture are also skipped 22 ComProbe Sodera User Manual Chapter 5 Navigating and Searching the Data e Timestamping can be turned on and off while data is being captured As a result the capture buffer may have some data with a timestamp and some data without When doing a search by timestamp the analyzer ignores all data without a timestamp e The raw timestamp value is the number of 100 nanosecond intervals since the beginning of January 1 1601 This is standard Windows time 5 1 4 Using Go To Searching with Go To allows you to go to a particular frame or event or to move through the data X number of events or frames at a time You can move either forward or backwards through the data To access the Go To function 1 Opena capture file to search 2 Open the Event Display PD or Frame Display window 3
47. Range of Automatically checked when taking any zoom Selected Packets Zoom To Throughput Graph action other than the fixed Viewport zoom Data Point or dragging Viewport Slide durations listed below 141 ComProbe Sodera User Manual Chapter 4 Capturing and Analyzing Data Table 4 9 Coexistence View Zoom Menu Selections continued The following 21 selections are mutually exclusive Each of these Zoom selections sets the Viewport and the Timeline to a fixed time duration 625 usec 1 Bluetooth slot 1 25 msec 2 Bluetooth slots 1 875 msec 3 Bluetooth slots 2 5 msec 4 Bluetooth slots 3 125 msec 5 Bluetooth slots 6 25 msec 10 Bluetooth slots 15 625 msec 25 Bluetooth slots 31 25 msec 30 Bluetooth slots 62 5 msec 100 Bluetooth slots 156 255 msec 250 Bluetooth slots 31 25 msec 500 Bluetooth slots 625 msec 1 000 Bluetooth slots 1 sec 1 600 Bluetooth slots 2 sec 3 200 Bluetooth slots 3 sec 4 800 Bluetooth slots 4 sec 6 400 Bluetooth slots 5 sec 8 000 Bluetooth slots 10 sec 16 000 Bluetooth slots 20 sec 32 000 Bluetooth slots Pi Note Right clicking anywhere in the Coexistence View window will open the Zoom menu ina pop up Table 4 10 Coexistence View Navigate Menu Selections Descriptior H When clicked the first packet in the session is Home selected and displayed in the Timeline Performs the same function as the First Packet button s142 Chapter 4 Capturing a
48. Retransmitted packets and bad packets packets with CRC or Header errors are excluded from throughput calculations 4 4 2 13 Tooltips Placing the mouse pointer on a data point shows a tooltip for that data point The tooltip first line shows the throughput the throughput type packet or payload and the technology Subsequent lines show the bit count the duration of the data point the packet range of that duration only packets of the applicable technology from that packet range are used for the throughput calculation and the number of the data point which is O for the first data point in each line ela TH F F L k 7 P LI a 2 880 bits s Packet Throughput Classic Bit Count 2585 pd Duration 100 ms Classic Packets in Packet Range 15 435 15 437 hk Data Point 12 Figure 4 47 Data point tooltip The Throughput graph tool tips can be shown in the upper left corner of your computer screen to provide an unobstructed view Refer to Relocating Tool Tips 4 4 2 14 Discontinuities A discontinuity is when the timestamp going from one packet to the next either goes backward by any amount or forward by more than 4 01 s This value is used because the largest possible connection interval in Bluetooth low energy is 4 0 s A discontinuity is drawn as a vertical dashed line A discontinuity for a 150 Chapter 4 Capturing and Analyzing Data ComProbe Sodera User Manual timestamp going backward is cal
49. Smart Ready LE amp BR EDR Cet Oe NGA AA AA Figure 4 5 Sodera Wireless Devices Pane In the Wireless Devices pane place a check in the row of each active device 7 can also be selected while the recording is in process 4 IRK Note Data filtered by the device selection is an OR function not an AND function When selecting device1 device2 device3 device1 OR device2 OR device3 OR NULL amp POLL or LE Empty packets is selected an AND function is included For example device2 AND NULL amp POLL packets OR device3 AND NULL amp POLL packets The following table lists some common data capture and device selection scenarios Analyzing traffic between a slave Device Under Test DUT and its master Table 4 1 Common Data Capture and Device Selection Scenarios Select only the slave D DUT for analysis analysis Analyzing all traffic on a piconet le m to be analyzed Active devices the recorded data filtered into the analyzer is data involving Howver if in the Options menu analysis of Inquiry Select the Master for analysis Analyzing all traffic involved in Inquiries In the ComProbe Sodera window select Analyze Inquiry Process Packets in the Options menu Sodera is now ready to begin protocol and event level analysis 4 1 2 3 Starting Analysis window Sodera will begin sending captured packets involving the selected device to the ComProbe software
50. There are three ways to access the Add Modfy Bookmark dialog a Select Add or Modify Bookmark from the Bookmarks menu on the Frame Display and Event Display b Select the Add or Modify Bookmark Li icon on one of the toolbars or c Right click on the frame event and choosing Modify Bookmark on the selection 3 Change the comment in the dialog box 4 Click OK The edited bookmark will be saved as a part of the cfa file 5 You can also select Display All Bookmarks O from the Frame Display and Event Display toolbar or the Bookmarks menu the Find window will open on the Bookmark tab Select the bookmark you want to modify and click the Modify button Change the comment in the dialog box and click OK Delete 1 Select the frame or event with the bookmark to be deleted 2 There are three ways to access the Add Modfy Bookmark dialog a Select Add or Modify Bookmark from the Bookmarks menu on the Frame Display and Event Display b Select the Add or Modify Bookmark a 1 icon on one of the toolbars or c Right click on the frame event and choosing Modify Bookmark on the selection 3 Click on the Delete button The bookmark will be deleted 4 You can also select Display All Bookmarks O from the Frame Display and Event Display toolbar or the Bookmarks menu the Find window will open on the Bookmark tab Select the bookmark you want to delete and click the Delete button 5 2 2 Displaying All and Moving Between Bookmarks
51. Type a file name in the As box at the bottom of the screen As Type lie name herd Click the Browse icon to browse to a specific directory Hote Na capturing wal be dana while the Otherwise your file is saved in the default capture file file is being saved directory When you are finished click OK 6 1 3 Save a Portion of Capture File with Save Selection 1 Open the Event Display PD or Frame Display window depending on whether you want to specify a range in bytes or in frames Select the portion of the data that you want to save Click and drag to select data or click on the first item move to the last item and Shift Click to select the entire range or use the Shift key with the keyboard arrows or the navigation icons in the Frame Display toolbar If the range you want to save is too large to select note the numbers of the first and last item in the range Right click in the data Select Save Selection or Save As from the right click menu Click on the radio button labeled Selection If you selected i a range make sure the starting and ending numbers are Entire File Mantang correct To specify a range type the numbers of the first Ce Selection h and last items in the range in the boxes C Events Frames Select either Events or Frames to indicate whether the k numbers are event or frame numbers Aa Type file name hend Type a file name in the As box at the bottom of the screen f ane ie Note No capt
52. a 16 digit hexadecimal code preceded by Ox which the devices exchange via a channel that is different than the le transmission itself This channel is called OOB For off the shelf devices we cannot sniff OOB data but in the lab you may have access to the data exchanged through this channel If a device requires OOB data the device Link Key field will show Enter OOB TK 3 1 2 5 Private Keys Pane For Sodera captures that include Bluetooth low energy Secure Connections Pairing between one or more pairs of devices users will be able to manually enter Private Keys for both legacy and Secure Connections The Private Public keys are stored for use by discovered Bluetooth low energy devices Duplicate keys cannot be stored When Debug key is not used during pairing the datasource will look for a matching Public key in the set of Private Public key pairs If a match is found the datasource will use the corresponding Private Key to compute the Diffe Hellman Key The Private Keys pane can be viewed or hidden from the View menu and can be docked like the other optionally viewable panes While operating in live mode Private Keys are saved to persistent storage when the ComProbe Sodera window is closed When the window is opened while in live mode saved Private Keys are loaded from persistent storage 49 ComProbe Sodera User Manual Chapter 3 Configuration Settings Private Keys rox awe GK Key Type Private Key Public Key P256 O
53. an underlying problem with clearing stacks or memory between streaming events This investigation is beyond the scope of this paper If there is interest in the Audio Expert System as an expansion of your ComProbe Bluetooth analyzer contact the Frontline sales at sales fte com or visit our web site at fte com Author John Trinkle amp Priyanka Gupta Publish Date 27 February 2015 282 ComProbe Sodera User Manual Appendicies 283 B 2 Getting the Android Link Key for Classic Decryption Bluetooth devices on an encrypted link share acommon link key used to exchange encrypted data For a Bluetooth sniffer such as the ComProbe BPA 600 to be able to decrypt the encrypted data it must also have this shared link key For obvious security reasons the link key is never sent over the air so either the user must get the key out of one of the devices being sniffed and supply the key to the sniffer or the sniffer must create the key itself Bluetooth devices using the Android operating system have a developer option that will provide the link key for Classic Bluetooth decryption This procedure will use the developer options to obtain the Android HCI Host Controller Interface log that contains the link keys for all active links B 2 1 What You Need to Get the Android Link Key The process applies to the Android 4 4 or later operating system e Android device with Bluetooth enabled and paired with another Bluetooth devi
54. ar ian When the ComProbe software captures data if there is audio content that must be debugged this data must be systematically examined when looking for the problem source The effort to identify and correlate the audio related data can be daunting because the problem source may be caused by protocol codec or the audio itself Using the Audio Expert System identifies events that are likely candidates for audio root cause analysis The expert system examines all captured frames in live capture or in capture file viewer and selects audio related protocol codec and audio events The events are time correlated to the audio stream and identified with specific frames In general a cluster of events suggests an area for investigation and in the presence of multiple event clusters the cluster with the most events suggests the best starting point Bluetooth Protocol The expert system works in conjunction with ComProbe Protocol Analysis System that is operating in live capture mode or in capture file viewer mode Selecting an event in the Audio Expert System will simultaneously highlight related packets in the ComProbe software Frame Display Coexistence View Message Sequence Chart Bluetooth Timeline and Packet Error Rate Statistics PER Stats windows Audio Expert System further provides methods for isolating testing to specific audio events by using two operating modes non referenced and referenced Table 4 18 Audio Expert System Ope
55. as new data is captured Event Display is synchronized with the Frame Display and Mesage Sequence Chart dialogs Selecting a byte in Event Display will also select the related frame in the Frame Display and the related message in the Message Sequence Chart 4 3 2 The Event Display Toolbar P Home Brings the Control window to the front a Home Brings the Control window to the front Start Analyze Begins data analysis Stop Analyze Stops the analysis and clears the data from the ComProbe analyzer 93 ComProbe Sodera User Manual Chapter 4 Capturing and Analyzing Data H BBEBEBRPC RBS EEN Save Prompts user for a file name If the user supplies a name a cfa file is saved Clear Discards the temporary file and clears the display Lock In the Lock state the window is locked so you can review a portion of data Data capture continues in the background Clicking on the Lock icon unlocks the window Unlock In the Unlock state the screen fills in the data captured since the screen lock and moves down to display incoming data again Clicking on the Unlock icon locks the window Duplicate View Creates a second Event Display window identical to the first Frame Display framed data only Brings up a Frame Display with the frame of the currently selected bytes highlighted Display Capture Notes Brings up the Capture Notes window where you can view or add notes to the capture file Add Modify Bookmark A
56. at the high volume end a value of 0 1 dB is acceptable a value of 0 1 dB is not The dynamic range of the audio path is important to understand because it has a direct impact on measurement accuracy Only levels at or above the minimum and at or below the maximum are examined for expected level and frequency 4 5 4 3 2 Adjusting for Optimal Volume Levels The exact steps that need to be taken depend on the exact devices being used and their device specific setup requirements and the speech or audio configuration under test For the simplest case where for example a music audio file is to be played by a smartphone to a set of Bluetooth speakers the typical steps would include the following 1 Choose an audio reference file to be played at DUT1 appropriate for the configuration to be tested The test files are stored on the users computer In the directory Frontline ComProbe Protocol Analysis System Development Tools Audio Expert Test Files For example Test 1 03 48kHz 16Bit 3Loops 2Ch wav Note Reference test files are periodically updated Shown here is an example Files Si delivered with your latest Frontline ComProbe software version may have changed Contact Frontline Technical Support for information on the latest reference file versions 2 Before establishing the Bluetooth connection play the file while listening to it on the DUT1 device itself and become familiar with the overall sound quality generally ignoring exac
57. audio for deviations from expected parameters Referenced Audio files are protocol specific The following events are reported whenever the system is operating in the Referenced mode e Test ID Found e Test Script Not Found e Invalid Test Script e Synchronization Lost e Unexpected Frequency e Unexpected Level e Unexpected Duration e Amplitude Fluctuation e Unexpected Phase Change e Clipping e Excess Noise e CVSD HF Level Too High e End of Test Reference Audio Test Files The Reference Audio files are specific audio files that exercise the system so that audio impairments can more efficiently and accurately be identified and reported The Reference Audio files are composed of a series of back to back and relatively short duration tones of changing amplitude frequency and duration 185 ComProbe Sodera User Manual Chapter 4 Capturing and Analyzing Data The test files are stored on the users computer In the directory Frontline ComProbe Protocol Analysis System Development Tools Audio Expert Test Files For example Test 1 03 48kHz 16Bit 3Loops 2Ch wav Note Reference test files are periodically updated Shown here is an example Files delivered H with your latest Frontline ComProbe software version may have changed Contact Frontline Technical Support for information on the latest reference file versions The test files have a set of tones forming a unique Test ID that lets the ComProbe analyzer know that it is capturing
58. be a field where the length is either 3 or 4 bytes and which length is being used is a system option There may be times when the context for decoding a frame is missing For example if the analyzer captures a response frame but does not capture the command frame then the decode for the response may be incomplete The Set Initial Decoder Parameters window allows you to supply the context for any frame The dialog allows you to define any number of parameters and save them in a template for later use The decoder template function provides the capacity to create multiple templates that contain different parameters This capability allows you to maintain individual templates for each Bluetooth network monitored Applying a template containing only those parameters necessary to decode transmissions particular to an individual network enhances the efficiency of the analyzer to decode data 57 ComProbe Sodera User Manual Chapter 3 Configuration Settings If you have decoders loaded which require decoder parameters a window with one tab for every decoder that requires parameters appears the first time the decoder is loaded For help on setting the parameters click the Help button on each tab to get help information specific to that decoder If you need to change the parameters later e Choose Set Initial Decoder Parameters from the Options menu on the Control and Frame Display windows Window Help Hardware Settings VO Setting
59. browser on the Make a call to 434 964 1407 or audioovera audio source device 434 964 1304 through a cellular cellular l ae network The phone number network https youtu be rmirD bikriM receiving the call playbacks recorded test signal Streaming Play the test in a browser on the Make a call to 434 964 1407 or audio overa audio source device 434 964 1304 through a VoIP Wi Fi network ae provider such as Skype The https youtu be rmirD bikrtM phone number receiving the call playbacks recorded test signal Potential problem The VoIP provider might use custom codecs and cause undesirable behavior A2DP Playing the test file locally The simplest way to perform music data testing is to directly play the reference file from DUT1 to DUT2 To do that save the reference file provided with the ComProbe software on the Source device Then connect the Bluetooth enabled devices and play the music file from one device to the other The software will automatically detect the mode and present analysis for the user Playing the test file via Internet If the user is testing a scenario where they need to analyze audio played through the internet either using Wi Fi or cellular data plan they may access the reference file on YouTube provided by Frontline https youtu be rmirDbikrtM Note that the software is only analyzing the Bluetooth link between the two DUTs Any abnormalities at the Wi Fi and cellular network level will affect
60. cee ceeeeeees 175 Figure 4 85 Control and Signaling Frames Summay 2 2 cee cece eee eee e cee e eee ceeeeeeeeees 176 Figure 4 86 Packet Layers Shown in Different Colors 00 2 cece cece c cece cece cececcecceeceees 176 Figure 4 87 Right Click in Ctrl Summary to Display Show in MSC 22 e eee eee eee ee ee eee 177 Figure 4 88 MSC View of Selected Packet from Ctrl Summary eee e cece ee ceeeceees 177 Figure 4 89 Return to Text View Using Right Click Menu _ 2 222 2 eee eee eee cece cece eeeeees 177 Figure 4 90 Highlighted First Search Result 22 22 c cece cee eee cece cece cece eceeceeceeceeees 178 Figure 4 91 Message Sequence Chart Print Preview _ 2 2 2 2 eee ec eee ee cee eee e cece ee eeeeeeees 180 Figure 4 92 Print Preview Toolbar cee cece eee cee cece cece cece cece eee eeeeceeceeceeeeeees 180 Figure 4 93 Test Cases for Referenced Mode Testing 222 20 o eee cece eee cee cece cece ee eeeeee 190 Figure 4 94 Test 1 02 44 1kHz 16Bit wav Waveform 22 ee cece eee cece cee eeceeceeeeeees 190 Figure 4 95 Test 1 02 Test ID Segment cee cc ee ccc ence ence ee nees 191 Figure 4 96 Dropout Measurement and Silence Threshold ce eee e cece cece eeceeceees 201 Figure 4 97 Audio Expert System Window 2 22 e ee eee eee ccc cece cece eee eeeee
61. d2 ab 2b 87 7e 55 65 67 8c 4c ac cb 89 95 55 55 9c bd 23 30 80 c0 00 00 00 00 00 00 00 47 da b2 ab 25 8a 45 54 54 95 a8 ca 8c Ya 67 1551 55 1 7a15al da f3 2a b2 ba 29 65 56 56 ce 7c aa ca c4 9d 59 55 95 c9 28 aa Da 71 41 25 52 49 91 Da a8 a9 50 01 55 15 Figure 6 Frame Display for A2DP Streaming at Frame 2839 with Audio Expanded In the ComProbe software the audio data is shown in the A2DP tab in the Frame Display see Figure 6 The frame 2839 which is the first audio frame is identified as being aptX encoded because of the successful codec negotiation At this frame the conventional audio data analysis methods do not show any issues Assuming the data is aptX encoded the AES software passes it to the AES aptX decoder However the data was not decoded correctly and is marked as a bad aptX frame On further analysis the AES software discovers that the frame is not aptX encoded but is actually SBC encoded Frame 2839 begins with Ox9C and all SBC audio frames begin with sync word Ox9c as shown in Figure 6 The AES cannot solely rely on the sync word to determine if it is a SBC frame To confirm the suspicion the AES passed the data through its SBC decoder and the data came out cleanly decoded The AES software not only showed that there is a problem in the audio data but also made it clear where the problem is 281 Appendicies ComProbe Sodera User Manual The Error that is identified by Event 4 the Severity red circle
62. data Error No output mSBC Codec generated no output due to corrupted data when PLC not configured Codec initialization Codec session started Codec tear down Codec session ended Information Bitstream type set The bitstream type has been set For Blueooth it should be LATM Warning Single frame error During decoding a single frame error was concealment triggered detected which triggered built in concealment processing Error Codec setting change The codec has been re initialized due to a setting change Error Unframed stream error A frame error was detected for an unframed stream The codec is being reset in order to continue processing Error Transport not initialized The codec cannot be initialized for the given transport Error Transport not supported The selected transport is not supported This could occur when an out of band LATM is selected opposed to in band Transport failure General failure in the transport Error Transport error This typically occurs when there isn t any configuration information available Codec initialization Codec session started Information Codec tear down tear down Codec session ended oO Codec session ended oO ended Sa Data Non stereo data has been detected for incoming data stream 195 ComProbe Sodera User Manual 4 5 5 3 Event Type Audio Chapter 4 Capturing and Analyzing Data Table 4 25 Event Type Audio Low Volume Alarm Hig
63. desired formats to export Table 4 36 Export Audio Data Format Options Encoded Audio Data Exports the selected files as raw format The audio data is in an encrypted format and user will need a codec to decode it Decoded Audio Data Exports the selected files as wav format that can be played ona wide variety of media players Event Table Data Exports a text csv file of all the detected events 216 Chapter 4 Capturing and Analyzing Data ComProbe Sodera User Manual Table 4 36 Export Audio Data Format Options continued Description Exports the Encoded Decoded or Event Data for the selected waveform This option is only active if a selection has been made in one of the Wave Panels Click on OK to save the waveform The dialog will close and a series of progress bars will Ps audiowebinar L raw 439 KB RAW File appear Each progress bar is associated with a audiowebinar 1 wav 14 052 KB Wave Sound file for each export option The exported files will have the following syntax lt filename gt _ n lt filetype gt where lt filename gt the name entered into the File Name field n the if audiowebinar 2 wav 22 KB Wave Sound stream id number 1 2 3 and lt filetype gt raw wav and csv The image shows an example where the user exported Stream Id s 1 and 2 in Encoded Audio Decoded Audio and Event Table data to filename audiowebinar EL audiowebinar 1 csv 9 KE Microsoft Excel C au
64. dialog Ensure that the filter name is displayed in the text box at the top of the dialog and click OK If you choose to create an additional filter then provide a new name for the filter condition or accept the default name provided by the system and click OK The Set Condition dialog box closes and the system applies the modified filter Note When a display filter is applied a description of the filter appears to the right of the toolbar in H the Frame Display windows Note The OK button on the Set Condition dialog box is unavailable grayed out until the H condition selections are complete Deleting a Condition in a Filter If a display filter has two or more conditions you can delete conditions If there is only one condition set in the filter you must delete the filter using Delete Display Filters from the Filters menu 128 Chapter 4 Capturing and Analyzing Data ComProbe Sodera User Manual 1 Click the Display Filters icon Y on the Frame Display window or select Apply Modify Display Filters from the Filter menu to open the Set Condition dialog box Click on the Advanced button to show the condition in Boolean format The dialog box displays the current filter definition To display another filter click the Open P3 icon and select the filter from the pop up list of all the saved filters Set Condition F3 ES Currently Active Condition Filters Include C Exclude Condition AND OR where the protocol Base
65. e ComProbe hardware with Audio Expert System license installed connected to the PC This is a requirement for both live capture and when viewing a saved capture file For live capture set up the ComProbe Sodera datasource and begin capturing data source DUT2 sink will contribute to effective data capture Air Sniffing Positioning Devices on page 75 For viewing a capture file load the saved file from the ComProbe Control window File menu yA Note Proper positioning of the ComProbe hardware relative to the devices under test DUT 1 When an audio stream is available the open the Audio Expert System Window by clicking on the Control window Audio Expert System button ry If the ComProbe analyzer is not licensed for Audio Expert System the button will not be present 4 5 4 Operating Modes The Bluetooth audio analysis can be accomplished in two modes 1 unreferenced mode and 2 referenced mode 4 5 4 1 Non Referenced Mode In Non Referenced Mode the system is typically processing audio of completely unknown program content e g arbitrary music or speech content Since the system does not have any prior knowledge of the audio being analyzed the types of audio analysis that can be performed is limited The following events are reported whenever the system is operating in Non Reference mode These are the meaningful audio analysis that the system can perform without reporting too many false positive results e Volume Level L
66. each SEPID there is an exchange of GET_CAPABILITIES AVDTP signals Examination of the Frame Display AVDTP Signaling protocol tab shows at frame 2116 the slave device request SEP Stream End Point characteristics for SEPID SEP Identifier 5 Details of the GET CAPABILITIES command are shown in the Figure 3 E AVDTP Baseband LMP PreConnection FHS Bluetooth FHS L2CAP SDP RFCOMM AYCTP AVDTP J eae Te elt AVDIP Media Hands Free AYRCP A2DP Data Non Captured Info inn Role Slave LE BB Dat inon Address 1 1EBB Data m AVDTP Type Signal B Framett ACP EmorCo Add INTS Packet Role Signal ID Trans AYOTP Signaling Linke 1 2 116 5 1 Single Slave GET_CAPABILITIES 1 Role Slave 2119 1 Single Master GET CAPABILITIES 1 Addes 2 138 2 1 Single Slave GET_CAPABILITIES 2 F z Transaction Label 1 2143 1 Single Master GET_CAPABILITIES 2 Packet Tupe Single Packet 2154 1 1 Single Slave GET CAPABILITIES 3 Message Type Command 2158 1 Single Master GET CAPABILITIES 3 Signaling Identifier AYDTP_GET_CAPABILITIES 2169 5 1 2 Single Slave SET CONFIGURATION 4 bd i ACP Stream Endpoint ID 5 alll a mT t Figure 3 Frame Display for AVDTP Signaling Frame 2116 At frame 2119 the remote device responds to the GET_CAPABILITIES for SEPID 5 reporting that this SEP codec is aptX with a Channel Mode Stereo 21 9 Appendicies ComProbe Sodera User Manual
67. energy Devices Radio Buttons LE Devices The radio buttons in the LE Devices group where LE means Bluetooth low energy Configured specify both visibility and inclusion in throughput calculations of Bluetooth low energy packets CD All The All radio button shows and uses all B uetooth low energy packets The Configured radio button shows and uses only Bluetooth low energy packets which come from a configured device 158 Chapter 4 Capturing and Analyzing Data ComProbe Sodera User Manual 4 4 2 25 Coexistence View Legend Selected Retrans mit Bad Packet Can t Decrypt Invalid IFS fe Discontinuity MB Unknown Click on any bold entry above to enable navigation Figure 4 59 Coexistence View Legend The legend describes the color coding used by packets in the timelines Selecting a packet in a timeline highlights the applicable entries in the legend An entry is bold if any such packets currently exist Clicking on a bold entry enables the black legend navigation arrows in the toolbar for that entry 4 4 2 26 Coexistence View Timelines Yuasa gg aa gc gt gt a 5 I P Pe EE E ga a 7 a jaria i B TE oer pe Figure 4 60 Coexistence View Timelines The Timelines show Classic Bluetooth Bluetooth low energy and 802 11 packets by channel and time 4 4 2 27 Packet information Packet information is provided in various ways as described be
68. family where the state of RI may not be captured accurately Normally when a control signal changes state from high to low or low to high an interrupt is generated by the UART and the analyzer goes to see what has changed and record it Ring Indicator works a little differently An interrupt is generated when RI changes from high to low but not when RI changes from low to high If Ring Indicator changes from low to high the analyzer does not know that RI has changed state until another event occurs that generates an interrupt This is simply the way the UART works and is not a deficiency in the analyzer software To minimize the chance of missing a Ring Indicator change the analyzer polls the UART every millisecond to see if RI has changed It is still possible for the analyzer to miss a Ring Indicator change if RI and only RI changes state more than once per millisecond UARTs in the 8250 family include 8250s 16450s 16550s and 16550 variants If you have any questions about the behavior of your UART and Ring Indicator please contact technical support 7 2 3 Progress Bars The analyzer uses progress bars to indicate the progress of anumber of different processes Some progress bars such as the filtering progress bar remain visible while others are hidden The title on the progress bar indicates the process underway 7 2 4 Event Numbering This section provides information about how events are numbered when they are first captured and
69. find your capture file 5 Click on your file and then click Open 6 4 2 Importing Capture Files 1 From the Control window Py go to the File menu and select Open Capture File or click on the Open icon on the toolbar 2 Left of the File name text box select from the drop down list Supported File Types box to All Importable File Types or All Supported File Types cfa log txt csv cap Select the file and click Open The analyzer automatically converts the file to the analyzer s format while keeping the original file in its original format You can save the file in the analyzer s format close the file without saving it in the analyzer s format or have the analyzer automatically save the file in the analyzer s format see the System Settings to set this option All of these options keep your original file untouched When you first open the file the analyzer brings up the Protocol Stack window and ask you what protocol decodes if any you want to use You must choose a protocol decode at this point for the analyzer to decode the data in the file If you open a file without using any decodes and decide later that you want to apply a decode choose Reframe from the File menu on the Control window At present the analyzer supports the following file types e Frontline Serialtest Async and Serialtest Com Probe for DOS requires the byt for data and the tim for timestamps see note on importing DOS timestamps e Greenl
70. for an event where o One or more control signals changed o One or more control signals changed from off to on o One or more control signals changed from on to off e Searching for an event where one or more signals changed means that the analyzer looks at every control signal that you checked and see if any one of those signals changed state at any time o If you want to look at just one control signal m Check the box for the signal m Uncheck all the other boxes m Choose to search for an event where one or more signals changed m The analyzer notes the state of the selected signal at the point in the buffer where the cursor is search the buffer and stop when it finds an event where RTS changed state m Ifthe end of the buffer is reached before an event is found the analyzer tells you that no matches were found e Searching for events where control signals changed state from off to on or vice versa is most useful if the signals are usually in one state and you want to search for occasions where they changed state For example o If DTR is supposed to be on all the time but you suspect that DTR is being dropped o Tell the analyzer to look only at DTR by checking the DTR box and unchecking the others o Doasearch for where one or more control signals changed from on to off o The analyzer would search the DTR signal and stop at the first event where DTR dropped from on to off e Searching for an Exact State To search for an exact
71. indicates whether the frame came from the DTE or the DCE device Frames with a white background come from the DTE device frames with a gray background come from the DCE device The ComProbe USB Summary pane in displays a one line summary of every transaction in a capture buffer or 113 ComProbe Sodera User Manual Chapter 4 Capturing and Analyzing Data file Whenever there is a transaction it is shown on a single line instead of showing the separate messages that comprise the transaction The Msg column in that case says Transaction Each message in a transaction contains a packet identifier PID All of the PIDs in a transaction are shown in the transaction line All IN transactions i e transactions that contain an IN token message are shown with a purple background All other transactions and all non transactions are shown with a white background IN transactions have special coloring because that is the only place where the primary data flow is from a device to the Host The protocol information included for each frame depends on the protocol selected in the summary layer box located directly below the main toolbar Frame numbers in red indicate errors either physical byte level or frame errors If the error is a frame error in the displayed protocol layer the bytes where the error occurred is displayed in red The Decode Pane gives precise information as to the type of error and where it occurred The Summary
72. ipl ppProfies EPPI Unknown Rename bo j Figure 4 38 Data and Audio Extraction Status If you selected Open Files s After Extraction the files open automatically 10 Ifyou did not select this option you can open a file by simply double clicking on the name Also if a file type is unknown you can select the file and it appears in the Rename to text box Data Extraction Staius BipBppFipOppProfiles cta Bip data eshaction started Fie C Documents and Setting Wab Decktop data extraction Bip2ppF pO ppProfiesBIPY2 ipg is Opened Figure 4 39 Rename To in the bottom section of Data Extraction Status Then you can rename the file adding a file type to attempt to open the file When you are finished select Close to close the dialogs 220 Chapter 5 Navigating and Searching the Data The following sections describe how to navigate through the data and how to find specific data or packet conditions of interest to the user 5 1 Find Capturing and decoding data within the ComProbe analyzer produces a wealth of information for analysis This mass of information by itself however is just that a mass of information There has to be ways to manage the information ComProbe software provides a number of different methods for making the data more accessible One of these methods is Find Decode Pattem Time GoTo Special Events Bookmark Seach fee imestan You Day Hou Go to
73. is applied a description of the filter appears to the right of the toolbar in the Frame Display windows Pi Note The OK button is unavailable grayed out until the condition selections are complete 4 4 1 13 1 6 The Difference Between Deleting and Hiding Display Filters If you wish to remove a filter from the system permanently then use the Delete procedure However if all you want to do is remove a filter as a means to un clutter the display then use the Hide procedure Deleting a saved filter removes the filter from the current session and all subsequent sessions In order to retrieve a deleted filter the user must recreate it using the Set Conditions dialog Hiding a filter merely removes the filter from the display A hidden filter can be reapplied using the Show Hide procedure 126 Chapter 4 Capturing and Analyzing Data ComProbe Sodera User Manual Deleting Saved Display Filters 1 Select Delete Display Filters from the Filter menu in the Frame Display 6 window to Delete Named Conditions open the Delete Named Condition dialog SA ox The system displays the Delete Named ted Cancel Condition dialog with a list of all user defined i Delete filters Hep 2 Select the filter to be deleted from the list 3 Click the Delete button 4 Click OK The Delete Named Condition dialog box closes and the system deletes the filter Hiding and Revealing Display Filters If a display filter is
74. layers 1 Click the All additional stack layers can be determined automatically button 2 If your protocol stack is complete and there are no additional layers click the There are no additional stack layers button 89 ComProbe Sodera User Manual Chapter 4 Capturing and Analyzing Data 3 If you select this option the analyzer uses the stack you defined for every frame Frames that do use this stack are decoded incorrectly Save the Stack 1 Click the Add To Predefined List button 2 Give the stack a name and click Add In the future the stack appears in the Protocol Stack List on the first screen of the Protocol Stack wizard Remove a Stack 1 Select it in the first screen and click Remove Selected Item From List 2 If you remove the stack you must to recreate it if you need to use it again Note If you do not save your custom stack it does appear in the predefined list but applies to the H frames in the current session However it is discarded at the end of the session 4 2 3 Reframing If you need to change the protocol stack used to interpret a capture file and the framing is different in the new stack you need to reframe in order for the protocol decode to be correct You can also use Reframe to frame unframed data The original capture file is not altered during this process Note You cannot reframe from the Capture File Viewer accessed by selecting Capture File Viewer or Load Capture File to start the sof
75. levels In particular there are three segments in this test whose peaks are at exactly 6 dBFS That is there is zero loss or gain through the chain 190 Chapter 4 Capturing and Analyzing Data ComProbe Sodera User Manual Table 4 21 Test 1 02 6 dBFS Segments These 6 dBFS segments are described in the Test 1 02 6dBFS Segments table These segments serve as a convenient and quick visual indicator that levels are appropriate especially the longer 3rd case which is evident at the 4 999 second reference time of the above image a little over 2 3 of the way through the test The first 0 500 seconds of Test 1 02 which contains the Test ID value 1 02 is shown below The three digits 1 0 and 2 are represented by the low frequencies 210Hz 200Hz and 220Hz respectively which are 100 milliseconds in duration and are separated by 1 kHz digit delimiters of 50 milliseconds duration The final tone is a 100 millisecond segment at 400 Hz defined as a Test ID Terminator Note that since the levels of all of these tones are at exactly 3 dBFS the peak levels should be exactly halfway between any available 6 dBFS 50 gridline NANANA MAA ANA ANA NN eee Figure 4 95 Test 1 02 Test ID Segment The three digits 1 0 and 2 are represented by the low frequencies 210 Hz 200 Hz and 220 Hz respectively which are 100 ms in duration and are separated by 1 kHz digit delimi
76. lihen nagan B O arg Marha 1 BO Seyna A LOCA Fi Go alls Loza Link I LAAF ihat ct ro baari Pagbaad Lengthy 16 O000101131 00000011 000010 611001400 00111112 Sara Seegi 8 mre Hooooooo 00000000 10011001 00011010 00000010 Dernpted by Buctooth Confeo Mo aa a a e a e E e 10007100 VO 1100 paa KU a g 000000 E LECAP ooog JW oo Li JOO FG SODA ON Bole Minibar ac ie Aa TMA le lt i a Gs ee AG divides g 2000000 bi Ni Na Mi Wi Wa Ki PULI Lem 12 Chanel ih hah Signaling A a b 83 Ob gd FE 9 1 00 na a 03 80 8d Code Infomation aipin o j gik S jdari A Leased Langit 5 A Intel ye Eaterded besue mgeceted 4 Femi Soren Extended Padure Mark E SO ak O oe oe oe a rea oni Sete Na Suggartad E Pama e My edabad n aoe si D5 Mat Pa F hanced Fletancmenion mode Sung sang magka puppa a H F i 3 je Fa DE DA o bb 64 af BI DO 9 9 la Oz Of 4 oc o O D1 ier Ob 2 O88 OO O8F GG bb OO NG GG mM fi A Tota fronts S000 Gremes Sltered in 10 256 Crame Ss Selected 27 217 1 oba For Help Press F1 Event Pane Character Pane Radix Pane Figure 4 14 Frame Display with all panes active Frame Display Panes The Frame Display window is used to view all frame related information It is composed of a number of different sections or panes where each pane shows a different type of information about a frame e Summary Pane The Summary Pane displays a one line summary of each frame for every protocol found in the data and c
77. minimum computer requirements and how to install the software e Chapter 2 Getting Started Here we describe how to set up and connect the hardware and how to apply power This chapter also describes how to start the ComProbe software in Data Capture Methods You will be introduced to the Control window that is the primary operating dialog in the ComProbe software e Chapter 3 Configuration Settings The software and hardware is configured to capture data Configuration settings may vary for a particular ComProbe analyzer depending on the technology and network being sniffed There are topics on configuring protocol decoders used to disassemble packets into frames and events e Chapter 4 Capturing and Analyzing Data This Chapter describes how to start a capture session and how to observe the captured packets frames layers and events e Chapter 5 Navigating and Searching the Data Here you will find how to move through the data and how to isolate the data to specific events often used for troubleshooting device design problems e Chapter 6 Saving and Importing Data When a live capture is completed you may want to save the captured data for future analysis or you may want to import a captured data set from another developer or for use in interoperability testing This chapter will explain how to do this for various data file formats e Chapter 7 General Information This chapter provides advanced system set up and configuration information t
78. negative discontinuity 167 ComProbe Sodera User Manual Chapter 4 Capturing and Analyzing Data View pe Peke Panga i Paes CO 15 ma ide PA maba PUGON HEH ALAT PA Figure 4 74 A positive discontinuity When there are one or more discontinuities the actual time encompassed by the visible timeline differs from the zoom level duration that would apply in the absence of any discontinuities The actual time referred to as absolute time is shown followed by abs The zoom level duration referred to as relative time is shown followed by rel When there are no discontinuities relative and absolute time are the same and a single value is shown Selected Packets 477 475 Gap 7199545 Timestamp Delta 7 20011 Spam 7 20038 Figure 4 75 Timeline header with discontinuity 15 625 ms rel 7 21484 s abs Figure 4 76 Timeline duration footer with discontinuity For example the timeline above has a zoom level duration of 15 625 ms the relative time shown in the footer But the discontinuity graphic consumes the width of a Bluetooth slot 625 us and that area is 7 19984 s of absolute time as shown by the Gap value in the header So the absolute time is 7 21484 s Zoom level duration Bluetooth slot duration Gap duration 15 625 ms 625 us 7 19984 s 0 015625 s 0 000625 s 7 199840 s 0 015000 s 7 199840 s 7 214840 s 7 21484 s 4 4 2 33 High Speed Bluetooth High speed Bluetooth pac
79. negotiate audio streaming parameters Sample Rate 44100 D EF 4 96 6E 1 wag Tat AE ta Mono Stereo Stereo M Bits Sample 16 EE 2 B0 79 94 82D 12 1E Figure 4 99 Audio Stream Info in the Wave Panel Table 4 30 Audio Stream Info Tags O Description SSS A system assigned index number that represents an audio waveform between a pair of Bluetooth devices This number appears in the Event Table for easy cross referencing Sample Rate Displays the sampling frequency used to digitize the original audio Mono Stereo Indicates if the audio data is monaural or stereophonic Bits Sample Displays the number of bits per sample of the audio data the number Displays the number of bits per sample of the audio data bits per sample of the audio data DUT1 Bluetooth address of one device in the connection Can be either sending or receiving the audio data DUT2 Bluetooth address of the other device in the connection Can be either sending or receiving the audio data Displays the Codec type used by the captured audio stream The supported codecs include SBC AAC aptX mSBC and CVSD SBC Codec Information Pop up When you hover over the Codec tag and the Codec SBC a pop up will appear that shows additional information about which SBC parameters can be used The pop up is visible as long as the cursor hovers over the Codec tag Figure 4 100 SBC Codec Information Pop Up on Cursor Hover Over 206
80. not available in Viewer mode Analyze Analyzing is available in Viewer mode allowing different analyses to be performed on previously recorded and saved captures 2 In the Wireless Devices pane select the active devices for analysis 3 Analyze Clickon Analyze button or click the Start Analyze button to begin capturing to a file This Start Analyze button is located on the Control window Event Display and Frame Display 4 Files are placed in My Capture Files by default and have a cfa extension Choose Directories from the Options menu on the Control window to change the default file location 5 Watch the Status Bar on the Control window to monitor how full the file is When the file is full it begins to wrap which means the oldest data will be overwritten by new data 86 Chapter 4 Capturing and Analyzing Data ComProbe Sodera User Manual 6 Click the Analyzing button or click the Stop Analyze button jj to stop analyzing 7 Toclear captured data click the Clear J icon e If you select Clear after stopping analysis a dialog appears asking whether you want to save the data o You can click Save File and enter a file name when prompted o If you choose Do Not Save all data will be cleared o Ifyou choose Cancel the dialog closes with no changes e If you select the Clear icon while a capture is occurring o The capture stops o A dialog appears asking if you want to save the capture o You can select Y
81. of 0x00 MASP 5 C5R Mesh MTP i Bearer LE HigherLaver Ox ac 97 1b 00 80 46 65 93 4a ez MAC Os ac Pe 25 e2 4a 05 46 2d Time to Live 255 Mesh Protocol Detected Error MAC doesn t match MASP or MCP Figure 3 41 CSRmesh Bad MAC e Anerror message will also be displayed saying MAC doesn t match MASP or MCP This error simply means that the generated MAC does not match the received MAC This error will also be generated in the case of a bad packet b Decryption Error e The error message associated with a decryption error will say Decryption Error c Payload Size e MTL payload lt 9 bytes MAC TTL o This error is implying that the Mesh Transport Layer MTL or MTP has a payload of less than 9 bytes o Message Authentication Code MAC is 8 bytes and Time to live TTL is 1 byte e HML payload is not available o This error indicates that MTP payload contains MAC and TTL but HLM payload is missing or is O bytes e MCP data has no encrypted payload o This error indicates that the MCP payload contains the nonce sequence number and source address but encrypted payload is missing from the packet Smart Mesh 73 ComProbe Sodera User Manual Chapter 3 Configuration Settings a Reserved Opcode e This is most likely the scenario when incorrect keys have been entered Correct the keys in the MeshOptions ini file and reload decoders b Decryption Error e Some of the possible decrypt
82. on the symbol and the analyzer displays which signal s changed at the bottom of the Event Display window O Data Capture Paused The Pause icon was clicked pausing data capture No data is recorded while capture is paused Ira Data Capture Resumed The Pause icon was clicked again resuming data capture Dropped Frames Some number of frames were lost Click on the symbol and the analyzer displays many frames were lost at the bottom of the Event Display window End of Frame Marks the end of a frame Flow Control Active An event occurred which caused flow control to become active i e caused the analyzer to stop transmitting data Events which activate flow control are signal changes or the receipt of an XON character Flow Control Inactive An event occurred which caused flow control to become inactive i e caused the analyzer to transmit data Events which deactivate flow control are signal changes or the receipt of an XOFF character Frame Recognizer Change A lowest layer protocol was selected or removed here causing the frame recognizer to be turned off or on pi I O Settings Change A change was made in the I O Settings window which altered the baud parity or other circuit setting lAn event is anything that happens on the circuit or which affects data capture Data bytes control signal changes and long and short breaks are all events as are I O Settings changes and Data Capture Paused and Resumed 99
83. q 8 00 02 00 Slave Captured Byte Master 4369 Slave RP 1b b c0 23 Ob 3d Se 00 01 07 17 21 50 Master 4385 Slave do 23 Ob Sd 5c 00 01 5a 01 amp FP 34 3 0b Master 4401 e 37 6a 0 23 Ob Bd Slave _ Event 4 338 of 4 831 Frame 188 5 3 2011 1 48 58 604388 PM Source ASCII Hex Dec Oct Binary Errors Master 27 393 47 00200111 7 For Help Press Fl Captured Byte Information Figure 4 2 Event Display Click on an event to find out more about it The three status lines at the bottom of the window are updated with information such as the time the event occurred for data bytes the time the byte was captured the value of the byte in hex decimal octal and binary any errors associated with the byte and more Events with errors are shown in red to make them easy to spot When capturing data live the analyzer continually updates the Event Display as data is captured Make sure the Lock icon a is displayed on the toolbar to prevent the display from updating Clicking on the icon again will unlock the display While locked you can review your data run searches determine delta time intervals between bytes and check CRCs To resume updating the display click the Lock icon again You can have more than one Event Display open at a time Click the Duplicate View icon g to create a second independent Event Display window You can lock one copy of the Event Display and analyze your data while the second Event Display updates
84. restore columns to their default locations their default widths and show any hidden columns 1 Right click on any column header and choose Restore Default Column Widths or select Restore Default Column Widths from the Format menu 4 4 1 11 3 Frame Symbols in the Summary Pane Table 4 6 Frame Symbols A green dot means the frame was decoded successfully and the protocol listed in the Summary Layer drop down box exists in the frame No dot means the frame was decoded successfully but the protocol listed in the Summary Layer drop down box does not exist in the frame A green circle means the frame was not fully decoded There are several reasons why this might happen e One reason is that the frame compiler hasn t caught up to that frame yet It takes some time for the analyzer to compile and decode frames Frame compilation also has a lower priority than other tasks such as capturing data If the analyzer is busy capturing data frame compilation may fall behind When the analyzer catches up the green circle changes to either a green dot or no dot Another reason is if some data in the frame is context dependent and we don t have the context An example is a compressed header where the first frame gives the complete header and subsequent frames just give information on what has changed If the analyzer does not capture the first frame with the complete header it cannot decode subsequent frames with partial header information A ma
85. that gives detailed information 161 ComProbe Sodera User Manual Chapter 4 Capturing and Analyzing Data Et Diii Packet 15 457 Classic DH1 oe Ff 2011 10 47 19 835783 AM Beginning Timestamp 671772011 10 41 19 836053 AM Ending Timestamp Duration 270 us Hole Master Channel 36 438 MHz Clock Ox011 3e610 Packet Status CAC Error L2CAP Flow Go Logical Link ID L CAP start or no fragmentation SEUN 1 ARON 0 Payload Length 9 534 of 17 bytes max Decmpted by Bluetooth ComProbe No Bad packet data Ox 45 02 02 00 Figure 4 66 A tool tip for a Classic Bluetooth packet 4 42 28 Relocating the tool tip You can relocate the tool tip for convenience or to see the timeline or throughput graph unobstructed while displaying packet information In the Format menu select Show Tooltips in Upper Left Corner of Screen and any time you mouse over a packet the tool tip will appear anchored in the upper left corner of the computer screen To return to viewing the tool tip adjacent to the packets deselect the tool tip format option in the menu 162 Chapter 4 Capturing and Analyzing Data ComProbe Sodera User Manual lal Coexistence View le Sniffer Capture GE69ODAA 2 cfa File Format Zoom Navigate Help l w Show Packet Number w Show Packet Type Show Packet Subtype Hide Packet Text Auto Hide Packet Text When Duration gt 31 25 ms Increase Auto Hide Packet Count From 4 000 to 20
86. the Classic tab is selected you will see Classic protocols If you select the LE tab you will see LE Protocols If there is only Classic or only LE the Classic and LE tabs will not appear AI Layers BB LMP L CAP AVDTP AVDTP Signaling AZDP Also along the top of the dialog are a series of protocol tabs The tabs will vary depending on the protocols Clicking on a tab displays the messaging between the master and slave for that protocol For example if you select RFCOMM you will see the messaging between the RFCOMMfM Master and the RFCOMM S Slave Channel Signaling Length 0 Channel Signaling Length 0 The Non Message Summary tab displays all the non message items in the data AFCOMM signaling channel created The Ctrl Summary tab displays the signaling packets for all layers in one window in the order in which they are received The information in the colored boxes displays general information about the messaging The same is true for each one of the protocols If you want to see the all the messaging in one dialog you select the All Layers tab 174 Chapter 4 Capturing and Analyzing Data ComProbe Sodera User Manual When you move the mouse over the message description you see an expanded tool tip Frame 13 Role Master Address 1 Opcode LMP_max_slot Transaction ID Initiated by master Max Slots 0x05 slots If you position the cursor outside of the message box the t
87. the bmesismp On or before the penhad ime On ot alter the pecihed time Figure 5 1 Find Dialog 221 ComProbe Sodera User Manual Chapter 5 Navigating and Searching the Data Find as the name suggests is a comprehensive search function that allows users to search for strings or patterns in the data or in the frame decode You can search for errors control signal changes bookmarks special events time and more Once the information is located you can easily move to every instance of the Find results 5 1 1 Searching within Decodes Searching within decodes lets you to do a string search on the data in the Decode Pane of the Frame Display window To access the search within decodes function 1 Opena capture file to search bag Open the Event Display PD or Frame Display window 3 Click on the Find icon or choose Find from the Edit menu 4 Click on the Decode tab of the Find dialog Note The tabs displayed on the Find dialog depend on the product you are running and the content H of the capture file you are viewing Decode Patten Time Search For Sting In Decode C Search Foe All Errore O Search Foe Fiame ST O Search Foe Indoemation Frames Figure 5 2 Find Decode Tab Search for String 222 Chapter 5 Navigating and Searching the Data ComProbe Sodera User Manual Oecede Patter Time GoTo 5pecid Event Signal Emor Bor O Search For Sting In Decode C lgnere cate C3 Seach
88. the selected event This selection will appear in all Wave Panels however the event severity icon will only appear in the Wave Panel associated with the event To assist the user with viewing events in detail the Event Timeline will zoom in and out in sync with the Wave Panel Event Timeline Example This example shows that event 159 was selected in the Event Table resulting in the severity icon being enlarged in the Event Timeline The system automatically selected the surrounding area the blue outline 01 32 47 320 PM 01 32 47 339 PM 01 32 47 357 PM 1 3247551PM dT 00 00 00 500 Samples Selected 8000 Frequency 2 Blueto Event Saray Stream ld Event ills Mode Frame Number Description 159 39561 Unexpected Level Measured 6 0 dB Expected 34 0 dE o MB fe FOQS Report FOGS Repot 1 83213 Fchg Fret 0 000 Fr Figure 4 108 Example Event Table Selection Shown in Event Timeline Event Pop Up When the cursor hovers over a selected event severity icon in the Event Timeline a pop up will display the event class severity and associated Bluetooth frame 211 ComProbe Sodera User Manual Chapter 4 Capturing and Analyzing Data 01 32 47 320 PM 01 32 47 339 PM T0 01 32 47 331 PM 71 01 32 47 331 PM_ dT 00 00 Ag r e Class of event Audio Seventy Eror Bluetooth Frame 39561 her db pis ama Figure 4 109 E
89. the total number of selected frames in parentheses e Total Frames The total number of frames in the capture buffer or capture file in real time e Frames Filtered In The total number of frames displayed in the filtered results from user applied filters in real time 4 4 1 3 Hiding and Revealing Protocol Layers in the Frame Display Hiding protocol layers refers to the ability to prevent a layer from being displayed on the Decode pane Hidden layers remain hidden for every frame where the layer is present and can be revealed again at any time You can hide as many layers as you wish Note Hiding from the Frame Display affects only the data shown in the Frame Display and not any information in any other window There are two ways to hide a layer 107 ComProbe Sodera User Manual Chapter 4 Capturing and Analyzing Data 1 Right click on the layer in the Decode pane and choose Hide protocol name Layer In All Frames 2 Click the Set Protocol Filtering button on the Summary pane toolbar In the Protocols to Hide box on the right check the protocol layer s you want hidden Click OK when finished To reveal a hidden protocol layer 1 Right click anywhere in the Decode pane 2 Choose Show protocol name Layer from the right click menu or click the Set Protocol Filtering button and un check the layer or layers you want revealed 4 4 1 4 Physical vs Logical Byte Display The Event Display window and Event Pane in the Fram
90. they recognized the need for visibility into the HCI interface and because it was too difficult to build air sniffers Several companies developed air sniffers because they saw a market need and because they realized that they could charge a high price USD 525 000 and higher Two Bluetooth chip companies Silicon Wave and Broadcom were using Frontline s Serialtest serial analyzer to capture serial HCI traffic and then they would manually decode the HCI byte stream This manual decoding was far too much work and so independently Silicon Wave and Broadcom each requested that Frontline produce a serial HCI Bluetooth analyzer that would have all the features of Serialtest In response to these requests Frontline developed SerialBlue the world s first commercially available serial HCI analyzer The response to SerialBlue was very positive When we asked our Bluetooth customers what they wanted next we quickly learned that there was a need for an affordable air sniffer that provided the same quality as SerialBlue We also learned that the ultimate Bluetooth analyzer would be one that sniff air and sniff HCI simultaneously As work was progressing on our combination air sniffer and HCI sniffer the functional requirements for Bluetooth analyzers were changing It was no longer good enough just to decode the core Bluetooth protocols LMP HCI L2CAP RFCOMM and OBEX Applications were beginning to be built on top of Bluetooth and therefore applic
91. will filter the captured data by selecting which devices the ComProbe software will use The Wireless Devices pane is a list populated by wireless devices that are e active e remembered from previous sessions or e added by the user A new device BD_ADDR is automatically added to the Device Pane when e For BR EDR the full BD ADDR encapsulated in the FHS Packet is added to the Wireless Devices pane when Sodera captures an FHS packet that is successfully dewhitened with the CRC checked e A partial BD ADDR just the Lower Address Part LAP and Upper Address Part UAP may be added when we do not observe paging such as when a conversation is already ongoing at the time capturing is started If Sodera is able to successfully dewhiten a BR EDR packet using the payload CRC to check repeated dewhitening attempts then the partial BD ADDR will be added e For Bluetooth low energy the full BD ADDR is always displayed The FHS packet is a special control packet containing among other things the Bluetooth device address and the clock of the sender The payload contains 144 information bits plus a 16 bit CRC code 34 Chapter 3 Configuration Settings ComProbe Sodera User Manual Added devices are retained by the ComProbe software When devices are added and appear in the Wireless Devices pane they must be removed by the user or in the case of a subsequent session the devices will appear again If not used in the current session the
92. 0 4 2 4 Unframing _ 2 222 eee ee cece cece ce ec eee ee cee eee eee eee e cence eee e eee eceeeeeeeeeeeeees 90 4 2 5 How the Analyzer Auto traverses the Protocol Stack 22 l eee eee cece cece cece eceeeeees 91 4 2 6 Providing Context For Decoding When Frame Information Is Missing 91 4 3 Analyzing Byte Level Data 20 2 lee eee eee eee cee eee eee naa cece cece eceeceeeeeeeeees 92 A sew EVO DIS ONG eso ee ye eee se eee ee i a ogee 92 4 3 2 The Event Display Toolbar a 93 4 3 3 Opening Multiple Event Display Windows 22 22 eee ee cece eee eee eee e cece ee eeeeeees 95 4 3 4 Calculating CRCs or FCSs AA 95 4 3 5 Calculating Delta Times and Data Rates _ 2 22 22 c eee eee ee eeeeeeeee 95 4 3 6 Switching Between Live Update and Review Mode 0 a 96 4 3 7 Data Formats and Symbols _ 2 222 2 ee eee cece eee cee eee eee ec eee cece eee eeeeeeeeeeees 96 4 3 7 1 Switching Between Viewing All Events and Viewing Data Events 96 4 3 7 2 Switching Between Hex Decimal Octal or Binary 2 ee eee eee eee eee eee cess 97 4 3 7 3 Switching Between ASCII EBCDIC and Baudot 2 22 eee eee eee eee cece eeeee 98 4 3 7 4 Selecting Mixed Channel Sides cece eee eee cece cece cece eee eect eee eeeeeeeeeeeee 98 iV ComProbe Sodera User Manual 4 3 7 5 List of all Ev
93. 0 62 B2 E7 Enter passke x3 7ab338cf74ee 10f855dda2179213a88 n a 0x8b55c8c3c2d0a D 3 11 2015 4 29 08 772918 PM Valid 2 3 11 2015 4 29 08 870189 PM 5C F3 70 62 A9 BB 5C F3 70 62 B2 E7 v a Enter link key n a Oxcdbf4d97c5ec54 Figure 3 6 Sodera Datasource Security Pane The Security pane shows events in the current capture When the Record button is clicked all devices with active traffic that require decryption are shown Security events Recod appear in starting time order with the most recent event at the bottom i e Status displays icons showing the pairing and encryption decryption status Description GD Pairing Authentication attempt observed but was unsuccessful o Devices successfully Paired Authenticated Encrypted traffic is encrypted but there is insufficient information to decrypt See Critical Packets and Information for Decryption on page 84 for a description of the critical packets e Decrypted e Time Beginning and end time of the security context No end time is indicated by an Beginning time is shown in the first row of the grouping End time is shown in the second row 44 Chapter 3 Configuration Settings ComProbe Sodera User Manual e Master The BD_ADDR of the master device in the link If the friendly name is available it will show on the second line e Slave The BD_ADDR of the slave device in the link If the friendly name is available it will show on the second line 4 N
94. 000 May Be Slow Use All Packets for Throughput Indicators Use Selected Packets for Throughput Indicators Use Viewport Packets for Throughput Indicators Set 802 11 Tx Address Show Packet Throughput Show Payload Throughput Show Both Packet and Payload Throughput Show 5 GHz Timeline Show 2 4 GHz Timeline Show Both 5 GHz and 2 4 GHz Timelines Show Timelines Which Have or Had Packets Auto Mode ie hann Show Low Energy Packets From Configured Devices Only Show All Low Energy Packets 2 4 GHz Large Throughput Graph Show Dots in Throughput Graph Dots Reveal Overlapped Data Points Show Zoomed Throughput Graph Show Tooltips in Upper Left Corner of Screen Figure 4 67 Coexistence View Format Menu Show Tooltips on Computer Screen 163 ComProbe Sodera User Manual Chapter 4 Capturing and Analyzing Data Packet 15 455 802 11 Management Beacon 6 17 2011 10 41 19 835783 AM Beginning Timestamp 6 17 2011 10 41 19 836799 AM Ending Timestamp Radio Timestamp n a Duration 1 016 ms Type Management FOO eo ea ea aE Subtype Beacon Channel 10 2457 MHz OAL Selected O Viewport Width 20 MHz Data Rate 1 0 Mb s Awg throughput 1 sec throughput Channel Type 802 11b Packet Len 128 bytes Payload Len 0 bytes Source Address Cisco Linksys LLC 72 b3 a6 SA Destination Address hittin DA mat Zoom Wavigate Spectrum Help Dirt EL m i ow Ka Figure 4 68 Coexistence
95. 01 NET KEY 00000000000000000000000000000002 For CSRmesh CSRmesh Passphrase Format Technology CSRMESH Identifier Passphrase PASSPHRASE character string identical to the one used in CSRmesh Android iOS App The following code is an example of CSRmesh decryption passphrase entry 71 ComProbe Sodera User Manual Chapter 3 Configuration Settings CSRMESH PASSPHRASE test Loading keys or passphrase Edit View Format Live Filter Bookmarks Options When the ComProbe software is initially loaded keys or the passphrase will be automatically read from the kaa ae Cir O MeshOptions ini file If the keys or the passphrase are pii modified while the ComProbe software is running decoders Save mn Ctrl must be reloaded and the companion files must be le al M An N pa recreated for the change to take effect Follow these steps esyd Y 7 to reload the decoders HTML Export 1 In the Frame Display click on the Reload Decoders Reload Decoders F L Recreate Companion File icon or select Reload Decoders from the File menu 2 From the File menu select Recreate Companion Files CSRmesh in Sodera Wireless Devices of ox ED ADOR Friendly Name lt Device Class Technology IRK oor 00 02 58 00 1B CD C5Rmesh Unknown Smart LE gt E4 B0 CF 04 73 A3 static Smart LE T yor 30 60 1 FAG 7A BREDR LJ E4 58 E7 02 BC D1 Phone Smat Ready LE 4 BR EDR Figure 3 40 Sodera Wir
96. 03 39 35 713 PM 10 Lock Event Table i Event Severity Stream Id Event Type Mode Frame Number Description Timestamp 1 E3 N A 2822 A2DP connection is starting between devices 00 18 6B 35 A2 86 and A0 82 1F F5 00 62 for stream 1 Dec 30 2014 03 39 35 371056 PM E i N A 2832 A2DP connection has started and data should follow between devices 00 18 6B 35 A2 86 and A0 82 1F F5 00 6 Dec 30 2014 03 39 35 386681 PM 1 N A 2839 Unable to process AptX data as extracted It appears that SBC encoded data is being sent over this stream Dec 30 2014 03 39 35 418557 PM A 1 2850 A 21 25 millisecond delay has been detected between this frame and the previous frame compared to the overall Dec 30 2014 03 39 35 422307 PM pn bi Processing Em Analysis os Event Table Event Timeline Figure 4 97 Audio Expert System Window Color Codes and Icons The Audio Expert System uses standard color codes and icons to assist the user in focusing on specific issues 202 Chapter 4 Capturing and Analyzing Data ComProbe Sodera User Manual Table 4 28 Audio Expert System Color Codes and Icons applying to a particular captured waveform The event is assigned to Stream 0 in the Event I Note If an Event Severity icon is surrounded by a dark line the event is a global event and not Table The following topics describe the Global Toolbar Wave Panel Event Timeline and Event Table in more detail 4 5 6 1 Global Tool
97. 1 Sodera Window 2 aa 26 Figure 3 2 Manage excursion mode captures Dialog _ 2 2 22 e eee eee eee eee eee e cece eeeeeeees 29 Figure 3 3 Sodera Wireless Devices Pane e cece cece c cece cece cece ccceecceeececcececceeceee 35 Figure 3 4 Edit Device Details Dialog acvccscccwccuewdbecseiiaceedaseaeeeveSanunooiceesades siecUveawecotuesuse 40 Figure 3 5 Piconet View Timeline 2 0 cceccccursccsncadssecocahcesecnncanhacauscecsuseueceuedecceusenuaucaads 43 Figure 3 6 Sodera Datasource Security Pane 0000000000000000 eee cece eee nnna 44 Figure 3 7 Role Switch Example 4 4k a0 mn AKDA mm Nak RAD NIKA LED ak E Dan NON KAN n hs hab sibat 45 Figure 3 8 Classic Bluetooth Link Key Entry lee ee ee cece ec eee cece cece cece eeeeeeee 46 Figure 3 9 Classic Bluetooth Valid Link Key Entered and ACO Automatically Calculated 46 Figure 3 10 Classic Bluetooth Invalid Link Key Entered 00022 e cece eee eee eee eee 46 Figure 3 11 Bluetooth low energy Static Address Link Key Required e eeeeeeeeee 47 Figure 3 12 Bluetooth low energy Enter Link Key eee eee cece cece c cece ee eeeeee 47 Figure 3 13 Bluetooth low energy Valid Link Key _ 2 22 a 48 Figure 3 14 Bluetooth low energy Invalid Link Key 222i eee ee eee cece eee eeeee 48 Figure 3 15 Bluetooth low energy Piconet Public Ke
98. 1 After making changes to parameter settings in a user defined template click the Save Ld button at the top of the Set Initial Decoder Parameters window to display the Template Manager dialog 2 Ensure that the name of the template is listed in the Name to Save Template As text box and click OK 3 The system displays a dialog asking for confirmation of the change to the existing template Click the Yes button The system saves the parameter changes to the template and closes the Save As dialog 4 Click the OK button on the Set Initial Decoder Parameters window to apply the template and close the window 3 2 1 3 Deleting a Template 1 After opening the Set Initial Decoder Parameters window click the Delete button in the toolbar The system displays the Template Manager dialog with a list of saved templates 60 Chapter 3 Configuration Settings ComProbe Sodera User Manual 2 Select click on and highlight the template marked for deletion and click the Delete button The system removes the selected template from the list of saved templates 3 Click the OK button to complete the deletion process and close the Delete dialog 4 Click the OK button on the Set Initial Decoder Parameters window to apply the deletion and close the dialog 3 2 2 Selecting A2DP Decoder Parameters Decoding SBC frames in the A2DP decoder can be slow if the analyzer decodes all the parts the header the scale factor and the audio samples of th
99. 1 Audio Video BR EDR a 5 6 2015 8 44 05 707997 AM 0061 71 BABFB7 T LAP corfict may cause unexpected resus for these devices AO F4 50 41 D9 06 and E we A88E 246C5B F3 iPhone Phone Smart Ready LE 8 BR EDR PULA VHON A LAP conflict may cause unexpected resuts for these devices 00 1E E1 08 0C 28 and 5 6 2015 8 44 06 125106 AM A8 30 AD F9 98 51 A LAP conflict may cause unexpected results for these devices 4 98 D6 2D 74 14 and 4 52 7E FS F 1 18 Wearable BR EDR ane gt amp 5 6 2015 9 43 03 156404 AM LAP conflict may cause unexpected resuks for these devices A0 F4 50 CB 58 12 and E F we B4 B6 76 B7 DF 12 FTE 8589PX1 Computer Smart Ready LE amp BR EDR 5 6 2015 8 44 16 205939 AM DO A6 37 EF C9 12 68 D9 3C 5F 49 21 LAP conflict may cause unexpected results for these devices E0 C9 7A 8C 1A 1B and f B8 09 8A F0 FA 07 Test Three s Ke Peripheral BR EDR a 5 6 2015 8 44 28 171266 AM Test One s Mouse A LAP conflict may cause unexpected resuks for these devices 00 1A 0E D5 D1 D9 and CJ vy 88 09 8A F2 05 74 Test One s Keyb Peripheral BR EDR ap a 2072015 844 17 707835 AM DOABSTEFC9 12 88 09 8AF2 D5 74 A LAP conflict may cause unexpected results for these devices 00 13 04 83 7D BE and 3 OF B8 09 84 F2 EA A5 Test Two s Key Peripheral BR DR 5 6 2015 8 44 25 728685 AM Test One s Keyboard oF BC 6A 29 1AE2 F5 Flas BR EDR oa inte A19 30HM 1C BE 18 A8 BC 6A 29 1A E2F5 16 201 ng s J BCCFCC 50 E5 C4 HTC Minis
100. 10 bytes of data are captured in 10 milliseconds at a rate of 1 byte per millisecond and the timestamp resolution is 10 milliseconds then only one timestamp needs to be stored for the 10 bytes of data If the resolution is 1 millisecond then 10 timestamps need to be stored one for each byte of data If you have two capture files both of the same size but one was captured using normal resolution timestamping and the other using high resolution the normal resolution file has more data events in it because less room is used to store timestamps You can increase the size of your capture file in the System Settings 7 1 4 4 Switching Between Relative and Absolute Time With Timestamping you can choose to employ Relative Time or Absolute time 1 Choose System Settings from the Options menu on the Control window and click the Timestamping Options button or click the click the Timestamping Options icon f3 from the Event Display O window 2 Go to the Display Options section at the bottom of the window and find the Display Relative Timestamps checkbox 3 Check the box to switch the display to relative timestamps Remove the check to return to absolute timestamps Note The options in this section affect only how the timestamps are displayed on the screen not Si how the timestamps are recorded in the capture file e Display Raw Timestamp Value shows the timestamp as the total time in hundred nanoseconds from a specific point in time
101. 2 11 in conjunction with other ComProbe devices or in a stand alone configuration a smaller version of the standard Coexistence View is available This High Speed Live View is essentially the Viewport from the standard Coexistence View When viewing High Speed Live only 802 11 traffic is visible Because Bluetooth packets are slow they are not visible in High Soeed mode 1 Click on the Control window File menu and select Close ComProbe Protocol Analysis System 802 11 SE Com View Live Options Window Help Open Capture File Ctrl O E Close N Save tri S apture Files Capture 2012 12 21_135337 cfa Close the active file 3 1 Capture 2012 pckets on h w 0 Packet Decoder 23 pps SES e WE Exit ComProbe Protocol Analysis System 2 The Control window will open again Click on the Control Window File menu and select Go Live High Speed Mode File Options Methods Help IPES For Help Press F1 J ComProbe Protocol Analysis System HSView cfa emp j Edit View Options Window Help Go Live kili G Go Live High Speed Mode Open Capture File N Ctrl O Close N Save gt lt _ Select High Speed Live Mode to see the Reframe Coexistence High Speed View Unframe Recreate Companion File 1 C Users HSView cfa Exit ComProbe Protocol Analysis System 3 Click on the Control window Start Capture button to begin capturing data Click on the Coexistence View button
102. 2 ComProbe Sodera Window 2 2 0 eee ee ee eee eee cece cece nrnna 25 3 121 NGO WOON AN dk maa Na esee ces Ge apa aaa aabang aa a GA EG naga 27 ComProbe Sodera User Manual l2 ek VIC soe oe eee ee eee ee a ee ee a a ee ee ee eee ee eee 27 3 41 2 1 2 Standard Toolbar 2 66 on seer ee cecenenaoee EA Ee EAA 32 3 1 2 1 3 Capture Toolbar aaa coc cceeerceceercutaundacvecdecesaceteceeed eouedecaecentaeeecedinees 33 3 1 2 2 Wireless Devices Pane 2 ccc ccc ee eee ce cece eee ce eroro erron 34 3 1 2 3 Piconet View Pane Experimental 0 o cee eee ccecee cee cece ee eeeeeeee 42 3 1 2 4 Security Pane saad kana aaa a haaha hd6 ELMO NE se dcesoceids eae cence en sA NEED katas eee 44 3 1 2 4 1 Classic Bluetooth Encryption 22 eee ee cece cece eee eee cece ee eeeeeeeees 45 3 1 2 4 2 Bluetooth low energy Encryption a 47 sa PASAY ELA KA PAC AA 49 ca UA a KA PA AEA 53 3 1 2 7 Pane Positioning and Control ieee eee cece cee eee eee e cece eeeeeeeeeeee 53 Bak Excursion MOOC foe jee cee AG kdar doe NAAN AA AA GATA seer a REEERE 56 3 2 Decoder Parameters ee eee ee ee eee en ee ee ee ee ee eee eee eee 57 3 2 1 Decoder Parameter Templates 0 0 020 occ ccc cee cece ce eee ccc cece cence eceeceecceeees 59 3 2 1 1 Select and Apply a Decoder Template _ 2 222 2 ieee eee eee c eee eee eeeeee 59 3 2 1 2 Adding a New or Saving an Existing Template
103. 24 3 640 11 57 15 348624 aling 3 645 11 57 15 351747 Command gt Channel Signaling Length 10 FC Sender Supports CF Parameter 3 650 11 57 15 354874 i ti 3 723 11 57 15 461124 Pascband cenneti eee ran RFCOMM SABM 3 730 11 57 15 465497 Open OBEX channel H i m For Help Press F1 Figure 4 81 Message Sequence Chart Window How do access the chart You access the Message Sequence Chart by selecting the icon H or MSC Chart from the View menu from the Control window or Frame Display What do I see on the dialog D D N At the top of the dialog you see four icons that you use to zoom in and out of the display vertically and horizontally The same controls are available under the View menu There are three navigation icons also on the toolbar 173 ComProbe Sodera User Manual Chapter 4 Capturing and Analyzing Data This takes you to the first Information Frame This takes you to first Protocol State Message This takes you to the first Error Frame Click here to learn more about this option If there is both Classic and low energy packets there will be a Classic and LE tab at the top of the dialog File Edit View Help ARARNANOSO Boe Classic LE All Layers Gi Summary Non Msg Summary LE BB LE ADV LE DATA LE LL Q Classic and LE Tabs shown if both Classic and LE packets are available NESN 0 a MD 0 Length 0 Figure 4 82 Classic and LE tabs If
104. 3 The system displays an information screen that may help you decide if you need to define your own custom stack Defining a custom stack means that the analyzer uses the stack for every frame Frames that do not conform to the stack are decoded Curent Protocal Stack Remove Selected tem From List incorrectly Click Next to continue telect a Protocol Stack Choose one at a time by Protocol Decode Stack double clicking or by using Ml additional stack laver Baseband Select Protocols aka Naguiat e AMP Manage automatically 1 Select a protocol from the list on the ARP There are no additional left stack layers 2 Click the right arrow button to move it gia to the Protocol Decode Stack box ee i i ignaling on the right or double click the AVRCP Mene HA protocol to move it to the right jaseband Move Down 3 Toremove a protocol from the stack BlueCore Serial Protocol 7 a double click it or select it and click the lama left arrow button 4 If you need to change the order of the protocols in the stack select the protocol you want to move and click on the Move Up and Move Down buttons until the protocol is in the correct position 5 The lowest layer protocol is at the top of the list with higher layer protocols listed underneath Auto traversal Have the analyzer Determine Higher Layers If you need to define just a few layers of the protocol stack and the remaining layers can be determined based on the lower
105. 37 260 262 Timestamping Disabled 100 Timestamping Enabled 100 Timestamping Options 253 260 Timestamping Resolution 261 Timestamps 260 262 Truncated Frame 100 U Underrun Error 100 Unframe 90 Unframe Function 90 Unframing 90 Unknown Event 100 V vendor specific decoder 267 Viewing Data Events 96 W Wrap Buffer File 253 Zooming 166 zooming cursor 156 324
106. 441 413 1 4 Using Compound Display Filters Compound filters use boolean logic to create complex and precise filters There are three primary Boolean logic operators AND OR and NOT The AND operator narrows the filter the OR operator broadens the filter and the NOT operator excludes conditions from the filtered results Include parentheses in a compound filter to nest condition sets within larger condition sets and force the filter processing order There are two steps to using a compound filter Define the filter conditions and then apply the filter to the data set The analyzer combines both filter definition and application in one dialog 1 Click the Display Filters icon Y on the Frame Display window or select Apply Modify Display Filters from the filter menu to open the Set Condition dialog box 2 Click the Advanced button on the Set Condition dialog box 3 Select Include or Exclude radio button Now you can set the conditions for the filter 4 Select the initial condition for the filter from the combo box at the bottom of the dialog for Select each frame Condition Select each frame where the protocol 5 Set the parameters for the selected condition in with the conversation the fields provided The fields that appear in the in the range dialog box are dependent upon the previous selection Continue to enter the requested parameters in the fields provided until the conditions statement is complete with the
107. 467 MHz Europe Japan 6 2426 2448 MHz centered at 2437 MHz USA Europe Japan 13 2461 2483 MHz centered at 2472 MHz Europe Japan 7 2431 2453 MHz centered at 2442 MHz USA Europe Japan 14 2473 2495 MHz centered at 2484 MHz Japan The row labels for 802 11 channels 1 13 are placed at the center frequency of each channel The row label for 802 11 channel 14 is in parentheses because that channel s center frequency is above the top of the graph Figure 4 71 2 4 GHz information windows 4 4 2 30 Bluetooth slot markers When zoomed in far enough Bluetooth slot markers appear in the 2 4 GHz timeline A Bluetooth slot is 625 us wide IRAH Cente LET Pe gand 15410 Gata 1 535 ma NAGA den Figure 4 72 Vertical blue lines are Bluetooth slot markers 4 4 2 31 Zooming There are various ways to zoom 166 Chapter 4 Capturing and Analyzing Data ComProbe Sodera User Manual 1 Drag one of the sides of the Throughput Graph viewport 2 Select a zoom preset from the Zoom or right click menus 3 Select the Zoom In or Zoom Out button or menu item 4 Turn the mouse wheel in the Timelines or the Zoomed Throughput Graph while the zoom cursor is selected The action is the same as selecting the Zoom In and Zoom Out buttons and menu items except that the time point at the mouse pointer is kept in place if possible 5 Select the Zoom to Data Point Packet Range menu item which zooms to the packet rang
108. 5a052923f4d8ba 06 7b04b 7eb0 1b 38eb55eb 3cb a i Valid Figure 3 9 Classic Bluetooth Valid Link Key Entered and ACO Automatically Calculated If the Link Key is correct the Link Key field for the devices in the encrypted link will appear green with valid below the link key If the Link Key is not correct the Link Key field will appear red with invalid below the link key To re enter the Link Key click on the Link Key field and follow the procedure above Security w PAX Status Time Master Slave PIN TK Link Key ACO D Q 11 20 2014 4 00 51 934571 PM 00 88 65 61 B7 27 00 07 62 0F 00 00 c123456783abc 11 20 2014 4 00 55 573965 PM T515 nvalid fal 11 20 2014 4 00 55 747163 PM 00 07 62 0F 00 00 00 88 65 61 B7 27 Enter EC i Figure 3 10 Classic Bluetooth Invalid Link Key Entered 46 Chapter 3 Configuration Settings ComProbe Sodera User Manual SSP Debug Mode If one of the Bluetooth devices is in SSP Debug Mode then the ComProbe Sodera analyzer can automatically figure out the Link Key under certain conditions To obtain the information for figuring out the Link Key the software must actively observe the SSP pairing process in the capture If the SSP pairing previously took place and encrypted data is later captured the software does not have the necessary information to figure out the Link Key The only alternatives are e to again pair the devices in SSP Debug Mode or e to independently determine the Link Key a
109. 639 Daai ees ha LL START ENC R5P T19 xal3akbdd HSS 5 LL START ENC RSP 23 hi Ph acl tal Pat Hi hi id PREP TIA NPMATE AET Figure 25 LE LL Tab Encryption Request Frame 39 617 from Initiator Side 1 B 4 7 3 Viewing Encryption in the Message Sequence Chart The ComProbe software Message Sequence Chart MSC links directly to a frames being viewed in the Frame Display Hi Veer Hay Similarly MSC will display the same ARAR ANOS O NN Bag information as the Frame Display Ali Layers ui Summary Mon king Semmery LE Bb LE ADY LE DATA LE LL L2CAP ATT SUP Decoder pane Frames are synchronized between the Frame Display Summary pane and the MSC so clicking on a frame in either window will select that same frame in the other window Also the al protocol tabs are the same in each Updated channel map used window To see the pairing process click on the SMP tab i Contin Valye x7H7569e1 Je97175730245a647567H9a SHF Pairing Costin In the image above we see Frame 35 539 Coniiem Vaker siaja d 7494004 Tcbedbbtlee 91990915 i initiating the pairing from the master os Hg Prana PL device The response SMP_Pairing Response is sent from the slave in Frame 35 545 SMP_ Pairing Confirm occurs Figure 26 MSC SMP Paring BPA 600 low energy capture 301 ComProbe Sodera User Manual Appendicies between the master and the slave devices at Frame 39 591 and 39 600 respectively Click
110. Air Sniffing Requires one ComProbe Sodera hardware Er Virtual Sniffing Used for capturing the full spectrum of Bluetooth data 44 CPAS Side k8 Bluetooth Classic low energy ComProbe Sodera Create Shortcut when Run Figure 2 10 Sodera Data Capture Method Select Wideband Bluetooth Bluetooth Classic low energy ComProbe Sodera Click on Run The ComProbe software will display the Sodera Control window 2 3 Control Window The analyzer displays information in multiple windows with each window presenting a different type of information The Control window opens when the Run button is clicked in the Select Data Capture Method window The Control window provides access to each ComProbe analyzer functions and settings as well as a brief overview of the data in the capture file Each icon on the toolbar represents a different data analysis function A sample Control Window is shown below 25 lt ComProbe Sodera User Manual Chapter 2 Getting Started 9 ComProbe Protocol Analysis System Sodera File View Live Options Window Help Ss O H X PP H TF LA LALA Slot eB Configuration Classic Bluetooth low energy Capture file C YWUsers Public Documents Frontline Test Equipment My Capture Files Capture 2014 12 02 071052 cfa Capture Status Paused Capture to Single File lt 1 used Packets on h w 0 For Help Press F1 Packet Decoder 0 pps 17408 100 Figure 2 11 ComProbe Analyzer Control Window
111. Audio Video BR EDR GAO MADAPA PAG KINANG 5 6 2015 8 44 40 539275 AM E8 99 C4 57 87 6F A4 15 66 4A 3E 16 E F 1 DO A6 37 ED DADA Computer Smart Ready LE amp BR EDR IN ASPIN Ee aaa DJ ve DDA637EFCS12 Computer Smart Ready LE 8 BR EDR Q 5 6 2015 8 4441126075AM A4 15 66 4A 3E 16 E8 99C4 57 876F DJ D0 A6 37 EF FC 50 Computer Smart Ready LE amp BR EDR m Piconet View wax BF D4 08 1A 05 38 C3 HTC MBSx Phone Smart Ready LE 4 BR EDR Private Keys sax Ll e mr UH E0 85 20 32 AA 00 01 01 045 Phone Smart Ready LE amp BR EDR re Pa GX CT GF we EDCS7ASCIAIB cakingers iPhone Phone Smart Ready LE amp BR EDR ng kay Tyee mane Ss Ce WF 4 98 06 2D 74 14 5s Phone Smart Ready LE 5 BR EDR P256 Oxaaaabbbbccccddddeeeef FF F11112222333344445555666677 oF E8 99 C4 34 ED 13 Phone BR EDR OF E8 99 C4 57 87 6F Phone BR EDR Lj P192 0x234567890123456123412 36acdefb5 6789012 34567899123 ae P192 0x14275 6980872451 3454151abdeff 346154bd311635487658 o so 11 8C 1A 1B BR EDR LJ xxx 10 C8 E8 32 BR EDR WF yc00 25 D5 D1 09 BR EDR at 100x 2A 00 3E 1A Nokia BH 504 BR EDR WF 10000 36 5E 54 18 BR EDR a wxo 3C 08 00 28 BR EDR lel 7 c2 3D F2 18 84 BR EDR 5 6 2015 6 44 41 121703 AM 75 o a 3FF5 2F 85 BR EDR si el 87 123 559 packets captured Status Bar Private Keys Pane Wireless Devices Pane Piconet View Experimental Figure 3 1 Sodera Window The Menus and Toolbars provide control of the window s view
112. Because the Control window can get lost behind other windows every window has a Home icon BP that brings the Control window back to the front Just click on the Home icon to restore the Control window When running the Capture File Viewer the Control window toolbar and menus contain only those selections needed to open a capture file and display the About box Once a capture file is opened the analyzer limits Control window functions to those that are useful for analyzing data contained in the current file Because you cannot capture data while using Capture File Viewer data capture functions are unavailable For example when viewing Ethernet data the Signal Display is not available The title bar of the Control window displays the name of the currently open file The status line below the toolbar shows the configuration settings that were in use when the capture file was created 2 3 1 Control Window Toolbar Toolbar icon displays vary according to operating mode and or data displayed Available icons appear in color while unavailable icons are not visible Grayed out icons are available for the ComProbe hardware and software configuration in use but are not active until certain operating conditions occur All toolbar icons have corresponding menu bar items or options Table 2 3 Control Window Toolbar Icon List aaa ia Open File Opens a capture file O Settings Opens settings Start Analyze data is being decoded from se
113. ComProbe Sodera User Manual Chapter 4 Capturing and Analyzing Data Table 4 4 Event Symbols continued Long Break KE Low Power The battery in the ComProbe is low 2 Short Break LE jp Event SPY Mode only SPY events are commands sent by the application being spied on to the UART Star of Frame Marks the start of a frame o banana akap CO Na aba CC Na aaa o iy Sync Hunt Entered Sync Lost Test Device Stopped Responding The analyzer lost contact with the ComProbe for some reason often because there is no power to the ComProbe Test Device Test Device Began Responding The analyzer regained contact with the ComProbe Responding The analyzer regained contact with the Test Device Began Responding The analyzer regained contact with the ComProbe T Timestamping Disabled Timestamping was turned off Events following this event are not timestamped Timestamping Enabled Timestamping was turned on Events following this event have timestamps Truncated Frame A frame that is not the same size as indicated within its protocol Unknown Event 4 3 7 6 Font Size The font size can be changed on several Event Display windows Changing the font size on one window does not affect the font size on any other window To change the font size 100 Chapter 4 Capturing and Analyzing Data ComProbe Sodera User Manual 1 Click on Event Display menu Options and select Change the Font Size
114. Conima Fang Random Pawa Faraon Enenapibon Inim Master ldertiic lderhiy Irama Siging riga ldertity Ir erty Adat Siging Inform Frame Sre Deia BSESSEERHR RRR RSS 00 00 00 0 OO O10 00 00 000 OO OS ngg Ii 00 DOC Di DO ODOO O DO OOO 2 0 00 O00 Dadada iki Oo OC 00 1 00 00 000 00 0000 0 Oo OC 00 0 Figure 22 SMP Pairing Request Frame 35 539 from Initiator Side 1 Tinetiamnp Dit 04 24 206463 00 D2 235700 0 04 38 335618 DO 04 38 65843 00 0801 706605 OO 0G 73835 DO CEO 765607 00 080 736633 DOS NG 06541 00 CEOS 125841 DOG 16554 DO OS 0S DOS 02 335613 OO Oe FPS OO Cite t On the left side of the figure above is the Frame Display Decoder pane that shows the decoded information supplied in the selected frame in the Summary pane Frame 35 539 Shown is the SMP data associated with and encrypted link MITM Protection Yes The requested keys are also shown Selecting Frame 35 545 would provide the response from the responder Side 2 and would contain similar information Selecting Frame 39 591 will display the Pairing Confirm from the initiator Side 1 in the Decoder pane The Confirm Value shown is the Mconfirm 128 bit random number that contains TK Pairing Request command Pairing Response command initiating device address and the responding device address Selecting Frame 39 600 would provide the Sconfirm random number from the responder Side 2 with similar infor
115. Data 4 4 1 13 1 5 Defining Node and Conversation Filters There are two steps to using Node and Conversation display filter Define the filter conditions and then apply the filter to the data set The analyzer combines both filter definition and application in one dialog 1 8 Click the Display Filters icon Y on the Frame Display window or select Apply Modify Display Filters from the filter menu to open the Set Condition dialog box From the Select each frame combo box choose frames with the conversation as the initial condition Select an address type IP MAC TCP UDB from the Typecombo box The address type selection populates both Address combo boxes with node address in the data set that match the type selection Select a node address from the first Address combo box Choose a direction arrow from the direction box The left arrow filters on all frames where the top node address is the destination the right arrow filters on all frames where the top node address is the source and the double arrow filters on all frames where the top node address is either the source or the destination If you want to filter on just one node address skip step 7 and continue with step 8 If you want to filter on traffic going between two address nodes i e a conversation select a node address from the second Address combo box Click OK The Set Condition dialog box closes and the analyzer applies the filter When a display filter
116. Data Hamed Filters Filtered ASC ow 7 Filter Filter Filter Hole Slave SCU link Supported Filters Figure 4 28 Using Named Filters Section of Quick Filters to Show Hide Filters not automatically appear in other Frame Display windows You must use the Hide Show dialog to display a filter created in one Frame Display in different Frame Display window 4 4 1 13 1 7 Editing Filters Pi Note When you have multiple Frame Display windows with a display filter or filters those filter do Modifying a Condition in a Filter 1 Click the Display Filters icon VW on the Frame Display window or select Apply Modify Display set Condition Ko Curentu Ache Condition Filteri Filters ASCI 3 Filters from the Filter menu to open the Set Condition dialog box The Set Condition dialog box displays the current filter definition at the top of the dialog To display another filter click the Open 2 icon and select the filter from the pop up list of all the saved filters 2 Editthe desired parameter of the condition Because the required fields for a condition statement depend upon previously selected parameters the Set Condition dialog box may display additional fields that were not present in the original filter In the event this occurs continue to enter the requested parameters in the fields provided until the condition statement is complete 3 Click OK The system displays the Save Named Condition
117. Devices pane are three tools for managing the devices in the 7 P ox pane You can add and edit devices and delete inactive devices During Analyzing this ma toolbar is not available for use Table 3 6 Wireless Devices Management Tools BD O Description O o Clicking this tool will open the Edit Device Details dialog Enter the new device s Bluetooth address and other related data and press OK Allows the user to edit partially known BD_ADDRs Technology type Identity Resolving Key IRK Device Class and Friendly Name discovered during capture Clicking this tool will open the Edit Device Details dialog This tool is inactive until a device is selected 38 Chapter 3 Configuration Settings ComProbe Sodera User Manual Table 3 6 Wireless Devices Management Tools continued emp CRescriton Hide Inactive Devices All inactive devices are hidden Favorite devices are always displayed without regard to their active inactive status If an inactive devices are selected and the control is toggled to Hide the selected devices are deselected o a Show Inactive Devices Inactive devices are shown This tool is grayed out until an inactive device is selected Once a device is selected by clicking anywhere in the device row you can delete the device by clicking on this tool When this tool is clicked a warning appears asking for confirmation of the action ComProbe Sodera Remove 83 selected inactive device
118. ES 84 low energy AES 85 Default File Locations 257 Delete aTemplate 60 Deleting Display Filters 126 320 ComProbe Sodera User Manual Delta Times 95 Direction 126 Directories 257 Disabling 253 Display Filters 121 127 129 Display Options 263 DL 266 Dots 117 Driver 267 Duplicate View 93 95 110 111 E E B 266 E C 266 Easy Protocol Filtering 136 EBCDIC 98 EBCDIC Codes 265 EIR 87 EM 266 EQ 266 Errors 233 259 ET 266 Event Display 92 110 249 Event Display Export 249 Event Display Toolbar 93 Event Numbering 264 Event Pane 119 Event Symbols 99 EX 266 Exclude 123 Exclude Radio Buttons 123 Expand All Collapse All 117 ComProbe Sodera User Manual Expand Decode Pane 111 Expert System 181 event 212 Export Export Baudot 251 Export Events 249 Export Filter Out 251 Extended Inquiry Response 87 F F F 266 FCSs 95 Field Width 116 File 241 244 253 File Locations 257 File Series 253 File Types Supported 244 Filtering 135 Filters 121 124 126 129 136 Find 222 225 226 228 229 233 Find Bookmarks 235 Find Introduction 221 Font Size 100 Frame Display 101 104 107 108 110 111 116 120 Audio Expert System 217 Frame Display Change Text Highlight Color 119 Frame Display Find 108 Frame Display Status Bar 107 Frame Display Toolbar 104 Frame Display Window 102 Frame Recognizer Change 99 321 Appendicies Frame Symbols 117 Frame Information on the Control Wi
119. Encrypting the Link The Short Term Key STK is used for encrypting the link the first time the two devices pair STK remains in each device on the link and is not transmitted between devices STK is formed by combining Mrand and Srand which were formed using device information and TKs exchanged with Pairing Confirmation Pairing Confirm B 5 5 Encryption Key Generation and Distribution To distribute the LTK EDIV and Rand values an LE LL encrypted session needs to be set up The Control Pkt LL ENC REQ initiator will use STK to enable encryption on the Random vector Randi 0kx277c021b15512393 link Once an encrypted link is set up the LTK is Encrypted diversiher EDIV Ox8 te distributed LTK is a 128 bit random number that Master session key identiher 5KDm Ox21db57dd0157d323 the slave device will generate along with EDIV Master iraiakzabon vector Mm b034efc33 and Rand Both the master and slave devices can distribute these numbers but Bluetooth low energy is designed to conserve energy so the slave device is often resource constrained and Figure 35 Encryption Request from Master Example ComProbe Frame Display BPA 600 low energy capture 308 Appendicies ComProbe Sodera User Manual does not have the database storage resources for holding LTKs Therefore the slave will distribute LTK EDIV and Rand to the master device for storage When a slave begins a new encrypted session with a previously linked master dev
120. EnorCo Add INTS Packet Fole Signal ID Trans nee Signal 2 089 1 Single Slave DISCOVER 0 El AVDTP Signaling 2 092 1 Single Master DISCOVER 0 ened 2 116 5 1 Single Slave GET CAPABILITIES 1 Pae Sie 2119 1 Single Master GET CAPABILITIES 1 i Address 1 2 138 2 1 Single Slave GET_CAPABILITIES 2 7 Transaction Label 4 2 143 1 Single Master GET_CAPABILITIES 2 Packet Tupe Single Packet 2154 1 1 Single Slave GET CAPABILITIES 3 iw Message Type Command 2159 1 Single Master GET CAPABILITIES 3 Signaling Identifier SYDTP SET CONFIGURATIO E 246g 5 1 2 Single Slave SET CONFIGURATION 4 ACP Stream Endpoint ID 5 2175 1 Single Master SET CONFIGURATION 4 ec INT Stream Endpoint ID 2 2 185 5 1 Single Slave OPEN 5 d Bee eee A a Pa 2190 1 Single Master OPEN 5 1 e OO Ma Sg sive START i Length Of Service Capability LOSC 9 ao aindlesa EMs all ba Media Type Audio mg Media Codec Type Vendor 5pecific Codec GE Codec Info Element e Apts codec data i Vendor ID APT Ltd Codec ID Classic e Sampling Frequency i 44 1Khz Supporbed i Channel Mode Stereo Ng jil 4 lb TM b ils II P t Figure 5 Frame Display for AVDTP Signaling Frame 2169 SET_CONFIGURATION So far the process of setting up an aptX audio connection between DUT1 and DUT2 appears normal correct and error free We now move from he AVDTP protocol to the A2DP protocol to observe the audio Problem Discovery
121. Enter Hex values as fx Ignore case Find Previous Binary values as kbbbbbbbb Control characters as e matches any byte or hex or binary digit To enter 5477 of prefix with character Figure 5 4 Find Pattern Tab Patten Erie Hew values at fo Binary value 53 Lbbbbbbbb Control characters at e matches any bets of hex of bry dg To enter 3k77 or preii wath chasacter Side Fetih O Search only there sides IDTE DCE Figure 5 5 Find Pattern Tab Side Restrictions Pattern allows you to enter a string in the text box You can use characters hex or binary digits control characters wildcards or a combination of any of the formats when entering your string Every time you type in a search string the ComProbe analyzer saves the search The next time you open Find the drop down list will contain your search parameters 1 Enter the search pattern 2 Check Ignore Case to do a case insensitive search 225 ComProbe Sodera User Manual Chapter 5 Navigating and Searching the Data 3 When you have specified the pattern you want to use click on the Find Next or Find Previous buttons to start the search from the current event The result of the search is displayed in the in Frame Display and Event Display Refer to Searching by Decode on page 222 for information on Side Restrictions 5 1 3 Searching by Time Searching with Time allows you search on timestamps on the data in Frame Display and E
122. File CFA Changes for more information 6 3 Confirm Capture File CFA Changes This dialog appears when you close a capture file after changing the Notes the protocol stack or bookmarks The dialog lists information that was added or changed and allows you to select which information to save and whether to save it to the current file or to anew one Changes made to the file appear in a list in the left pane You can click on each item to see details in the right pane about what was changed for each item You simply check the boxes next to the changes you want to keep Once you decide what changes to keep select one of the following e Save To This File Saves the changes you have made to the current capture file e Save As Saves the changes to a new file e Cancel the Close Operation Closes the file and returns you back to the display No changes are saved e Discard Changes Closes the file without saving any of the changes made to the notes bookmarks or protocol stack 6 4 Loading and Importing a Capture File 6 4 1 Loading a Capture File From the Control Window 243 ComProbe Sodera User Manual Chapter 6 Saving and Importing Data 1 Goto the File menu 2 Choose a file from the recently used file list 3 If the file is not in the File menu list select Open Capture File from the File menu or simply click on the Open icon on the toolbar 4 Capture files have a cfa extension Browse if necessary to
123. Filter from the Frame Display Menu __ 2 2 eee cece eee ee eeee 131 Figure 4 32 Connection Filter from the Frame Display Toolbar right click 2 131 Figure 4 33 Connection Filter from the Frame Display Pane right click _ 2 22 22 22 132 Figure 4 34 Connection Filter from frame selection right click e eee cece eee cee ce eee 133 Figure 4 35 Front Display Filtered on Access Address Ox8e89bed6 _ _ 2 22 lee eee eee eee eee 134 Figure 4 36 Unfiltered Capture File with Classic low energy and 802 11 _ 2 2 2 135 Figure 4 37 Connection Filter selecting All 802 11 frames front 2 22 eee eee eee eee eee 135 Figure 4 38 Frame Display Quick Filtering and Hiding Protocols Dialog _ 2 2 2 0 136 Figure 4 39 Coexistence View Window 22 2 cece eee cece eee cece eee e cece eee oaoaraa 137 Figure 4 40 Coexistence View Toolbar cece cece eee e cece cece cece eceecececceceececceeceees 145 Figure 4 41 Coexistence View Throughput Indicators 2 22 22 cece cece cee eee cece ee eeeeeee 146 XIV ComProbe Sodera User Manual Figure 4 42 Throughput Graph viewport anaa aaa aaa aoaaa aaa aoaaa aaa eee eee cece eee eeeeeeeee 148 Figure 4 43 Average throughput indicators show a plus sign when the indicator width is exceeded 148
124. Frames If you need to compare frames you can open additional Frame Display windows by clicking on the Duplicate View icon dg You can have as many Frame Display windows open at a time as you wish Frame Wrapping and Display In order to assure that the data you are seeing in Frame Display are current the following messages appear describing the state of the data as it is being captured e All Frame Display panes except the Summary pane display No frame selected when the selected frame is in the buffer i e not wrapped out but not accessible in the Summary pane This can happen when a tab is selected that doesn t filter in the selected frame e When the selected frame wraps out regardless of whether it was accessible in the Summary pane all Frame Display panes except the Summary pane display Frame wrapped out of buffer e When the selected frame is still being captured all Frame Display panes except the Summary pane display Frame incomplete 4 4 1 1 Frame Display Toolbar The buttons that appear in the Frame Display window vary according to the particular configuration of the analyzer For controls not available the icons will be grayed out Table 4 5 Frame Display Toolbar Icons Control Brings the Control window to the front Open File Opens a capture file a I O Settings Opens the I O Settings dialog Start Analyze Begins data analysis Stop Analyze Stops the analysis and clears the data from the ComProbe
125. GAP service change the 1 to some other number e If you want to comment out the entire service comment out the base handle If no A is defined the software will ignore A1 A2 and so on 7 3 Contacting Technical Support Technical support is available in several ways The online help system provides answers to many user related questions Frontline s website has documentation on common problems as well as software upgrades and utilities to use with our products On the Web http fte com support supportrequest aspx Email tech_support fte com If you need to talk to a technical support representative about your ComProbe Sodera product support is available between 9 am and 5 pm U S Eastern Time zone Monday through Friday Technical support is not available on U S national holidays Phone 1 434 984 4500 Fax 1 434 984 4505 Instructional Videos Frontline provides a series of videos to assist the user and may answer your questions These videos can be accessed at fte com support videos aspx On this web page use the Video Filters sidebar to select instructional videos for your product 269 ComProbe Sodera User Manual Chapter 7 General Information 270 Appendicies Appendix A Sodera Technical Specifications Service Information Appendix B Application Notes 271 ComProbe Sodera User Manual Appendicies 272 Appendix A Sodera Technical Specifications Service Infor
126. Hz 32 KHz 64 KHz 88 2 KHz 96 KHz Channels 1 and 2 Variable Bit Rate and Specified Bit rate Audio Analysis not supported Although user will be able to play back the audio live Supported Parameters for aptX Object Types aptX classic aptX LL both content protected and non content protected Audio Format 16 bit 44 1kHz Data Rates 352 kbps Supported Parameters for CVSD Channel Mode Mono Sampling Rate 64 kHz Supported Parameters for mSBC codec Channel Mode Mono Sampling Rate 16 kHz Allocation method Loudness Subbands 8 183 ComProbe Sodera User Manual Chapter 4 Capturing and Analyzing Data e Block Length 15 e Bitpool 26 4 5 2 Using Audio Expert System with ComProbe Sodera When analyzing audio data using the ComProbe Sodera Wideband Bluetooth Protocol Analyzer the Audio Expert System supports from 1 to 4 slave devices All the slave devices must be in the same piconet that is they all have the same master device The slave devices are selected in the Wireless Devices pane anaye After selecting the devices and if necessary providing the key in the Security pane click O onthe Sodera Analyze button When an audio stream is detected the Audio Expert System window will automatically open and display the steam information 4 5 3 Starting the AudioExpert System To use the Audio Expert System the user must have e Current Premium Maintenance purchased from Frontline
127. Hz 7 2409 MHz 8 2410 MHz 9 2411 MHz 10 2412 MHz 11 2413 MHz 12 2414 MHz 13 2415 MHz 14 2416 MHz 15 2417 MHz 16 2418 MHz 17 2419 MHz 18 2420 MHz 19 2421 MHz 20 2422 MHz 21 2423 MHz 22 2424 MHz 23 2425 MHz 24 2426 MHz 25 2427 MHz 26 2428 MHz 27 2429 MHz 28 2430 MHz 29 2431 MHz 30 2432 MHz 31 2433 MHz 32 2434 MHz 33 2435 MHz 34 2436 MHz 35 2437 MHz 36 2438 MHz 37 2439 MHz 38 2440 MHz 39 2441 MHz The row labels are placed at the center frequency of each channel Bluetooth low energy LE There are 40 LE channels Each channel is 2 MHz wide and has the indicated center frequency Channels do not overlap Channels 0 through 36 are Data channels Channels 37 through 39 are Advertising channels 37 2402 MHz D 2404 MHz 1 2406 MHz 2 2408 MHz 3 2410 MHz 4 2412 MHz 5 2414 MHz 6 2416 MHz 7 2418 MHz 8 2420 MHz 9 2422 MHz 10 2424 MHz 38 2426 MHz 11 2428 MHz 12 2430 MHz 13 2432 MHz 14 2434 MHz 15 2436 MHz 16 2438 MHz 17 2440 MHz The row labels are placed at the center frequency of each channel 802 11 2 4 GHz In the 802 11 2 4 GHz frequency range there are 11 channels in the USA 13 in Europe and 14 in Japan Each channel is 22 MHz wide Channels overlap 40 2442 MHz 41 2443 MHz 42 2444 MHz 43 2445 MHz 44 2446 MHz 45 2447 MHz 46 2448 MHz 47 2449 MHz 48 2450 MHz 49 2451 MHz
128. I LF WT FF Casa 1x DLE 001 002 003 OCA NAK SYN ETB CAN EM sugjesc Fs 6s Rs us xj els el lol l4 l A 3 0 1 2 3 4 5 6 7 6 9 lila EEA IG AIBICIDIE F S H I MINJO 7 2 5 2 Baudot Codes ETERS FIGURES 0 00 BLANK NUL BLANK NUL a gt FIGURES FIGURES Ei a eee LETTERS 2 02 a ga 15 D5 6 06 8 09 10 OA 12 OC 13 0D 14 DE 15 OF 16 10 18 12 19 13 20 a ali 15 AL 18 2 1D L30 IF nm 265 ComProbe Sodera User Manual 7 2 5 3 EBCDIC Codes best x0 Ee eee Ox NULISOH ST4 ETX PF HT LC DEL SMM VT FF CR SO si lx JOLELOC1 DC2 TM RES NE LES IL CAN EM CC cut ES JIGS IRS 10S SYN EOT maki Es o ats Lod Pd 3 8 T aod SOS am Sea Baa kapa es ee al a Ef a a ae iam E ae KEN NA b Let fig h Lk info p pw w x m Jo pl a uf v EFA E IG SS a Ga a GA ALet tote et eta d ps KT PMN oO ett ste eee HA Fx O 1 2 3 4 5 6 7 819 EEH ae E Ea LT a tt es Ka kaa Ea pat bie ki Ea Pit ky f es aa Ea ae ae 4 Sees lee i E E E ee O ze o i T 7 2 5 4 Communication Control Characters Chapter 7 General Information Listed below in alphabetical order are the expanded text meanings for common ANSI communication contr
129. M traverses to from the following o OBEX o SPP o encap asyncPPP o Headset o FAX o Hands Free o SIM Access o VCP o UDI o Raw Data Adding Deleting and Saving RFCOMMParameters 1 2 From the Set Initial Decoder Parameters window click on the RFCOMMtab Set or select the RFCOMMdecoder parameters Click ont he ADD button The Intial Connection window displays the added parameters Initial Connections in effect from beginning of capture onward until redefined In the piconet 2 on the Slave side with the LACAP CID 0x0000 and with the remote side TSID 0 the AVDTP is canying Signalling packets Modified by user In the piconet 2 on the Master side with the L2CAP CID 0000 and with the remote side TSID 1 the AVDTP is carying Reporting packets Modified by user In the piconet 2 on the Master side with the L2CAP CID Gx0000 and with the remote side TSID 0 the AVDTP is carying Unknown Modified by user Figure 3 38 Parameters Added to Decoder To delete a parameter from the Initial Connections window select the parameter and click on the Delete button Decoder parameters cannot be edited The only way to change a parameter is to delete the original as described above and recreate the parameter with the changed settings and selections and then click on the Add button RFCOMM parameters are saved when the template is saved as described in Adding a New or Saving an Existing Template on page 60 3 2 5 2 RFCOMM Mis
130. New Name Filter0 1 Apply Figure 4 30 Rename Filters Dialog 2 Select the filter to be renamed from the combo box 3 Enter anew name for the filter in the New Name box Optionally click the Apply button and the new name will appear in the Filters combo box and the New Name box will empty This option allows you to rename several filters without closing the Rename Filter dialog each time 4 Click OK The Rename Filter dialog box closes and the system renames the filter 4 4 1 13 2 Connection Filtering Connection Filtering allows the user to view a subset of the total available packets within the Frame Display The subset can include data from a single Bluetooth connection or all of the BR EDR packets all of the low energy packets all of the 802 11 packets or all of the HCI packets Bluetooth Applicability A connection device pair is identified by 1 A Link for Classic Bluetooth 2 An Access Address for Bluetooth low energy The link ID is a number that the ComProbe software assigns to identify a pair of devices in a BR EDR connection In the Frame Display details pane the Baseband layer contains the link ID field if the field s value is not O An Access Address is contained in every Bluetooth low energy packet The Access Address identifies a connection between a slave and a master or an advertising packet Connection filtering displays only the frames protocols summary details and events for the sele
131. Options The Timestamping Options window allows you to enable or disable timestamping and change the resolution of the timestamps for both capture and display purposes To open this window Choose Set Timestamp Format from the Options menu on the Frame Display and Event Display window or click on the Timestamping Option ga icon in the Event Display toolbar The Timestamping Options window will open 260 Chapter 7 General Information ComProbe Sodera User Manual Timestamping Options Store Timestamps This item takes effect immediately Capture Options storage Resolution 0 50 Microseconds high resolution 7 Cancel Note 1 To apply resolution changes you must restart the program Help Note 2 Finer resolutions increase the capture file size Click Help for more information on how timestamps affect sistem performance Display Options Display Raw Timestamp Value Display Relative Timestamps Number of digits to display to the right of the decimal point Figure 7 1 Timestamping Options dialog 7 1 4 2 Enabling Disabling Timestamp To enable timestamping click to make a check appear in the check box Store Timestamps This time takes effect immediately Removing the check will disable timestamping 7 1 4 3 Changing the Timestamp Resolution This option affects the resolution of the timestamp stored in the capture file The default timestamp is 10 milliseconds This value is determine
132. Out gt O lt FadeOQut gt lt StartTime gt 0 1 lt StartTime gt lt Segment gt lt Segment gt lt SegID gt 2 lt SegID gt lt Opcode gt F lt Opcode gt mode to Referenced mode g Tri Ci ea T VST rt LIME ne Table 4 ie Sample Test ee Lab Tar To Ta Ta Ce em e oo o o os e e ao e oom 0 o o r e o as ao oom o o 0x0 e e ow o o oom 0 w 0x0 4 5 4 3 Referenced Mode Testing Processes In the Referenced mode the devices under test use a specific audio file called reference file or test file provided by Frontline whose contents are already known to the ComProbe software The software compares the parameters of the received audio data against its parameters and presents analysis for the user Commonly in Bluetooth technology the music sent via A2DP and speech sent via HFP There are a few ways users can conduct referenced mode testing depending upon what profile they are using The figure 17 shows the source of the audio and the medium through which it can be accessed by Source device to send to sink device via Bluetooth 187 ComProbe Sodera User Manual Chapter 4 Capturing and Analyzing Data bia 4 ue Aia Mosa e Testing Process owe ING abaka me ig ry p f gt TC sil I 1C J f IF P A file stored Es the locally stored file onthe Play using the third party App on the audio source device that transmits music data on device s local HFP memory Streaming Play the test ina
133. Panel amp Event Table Pop up Menu on page 214 213 ComProbe Sodera User Manual Chapter 4 Capturing and Analyzing Data Lock Event Table Lock Event Table The Lock Event Table checkbox is available in live mode only Clicking to check the box will prevent the Event Table Event Event Type from scrolling during live capture Un checking the box will 17 resume scrolling of events as they are detected When analyzing a capture file the checkbox has no effect 18 4 5 6 4 Wave Panel amp Event Table Pop up Menu Additional Wave Panel and Event Table options are available by right clicking the mouse with the cursor anywhere in the Wave Panel or in the Event Table Wave Panel Pop up Menu Actions Right clicking anywhere in the Wave Panel will provide you with a Clear Selection selection of the following actions Copy Selection Export Audio Data Loop Zoom to Selection Select Area Select All Table 4 34 Wave Panel Pop up Menu Selections Clear Selection Clears the current selection in the viewer Copy Selection Saves a copy of the selection to the computer clipboard The clipboard can be pasted into a Word document an e mail or other Windows clipboard compatible application Export Audio Data Opens the Export pop up menu with options to export the waveform as a raw wav or Event Data For additional details on exporting refer to Waveform Display Export Loops through the audio selected on the
134. Parameters 64 Chapter 3 Configuration Settings ComProbe Sodera User Manual Override of Frame Information Rules in effect from frame 94 onward until redefined here for a later frame On the Slave side with the L2CAP CID 0x7401 the AVDTP is carrying Signalling packets overridden by user On the Master side with the L2CAP CID 0x0042 the AVDTP is carrying Signalling packets discovered by analyzer Change the Selected Item to Carry Figure 3 33 AVDTP Override of Frame Information Item to Carry change the Selec Tem to Carry Change the See Codec to Cay Seen r Codec selection SBC appears when MPEG 1 2 Audio aay AAC Media selected to ATRAC family CAITY AFT X man ASEC RE Codec x Figure 3 34 AVDTP Override of Frame Information Media Codec Selection Each entry in the Set Subsequent Decoder Parameters dialog takes effect from the specified frame onward or until redefined in this dialog on a later frame If you are unhappy with your changes you can undo them by simply choosing your override from the dialog box and pressing the Remove Override button After pressing OK the capture file will recompile as if your changes never existed so feel free to experiment with desired changes if you are unsure of what configuration to use CPAS Info anan Note If the capture has no user defined overrides V4 then the system displays a dialog stating that no user defined overrides exist This
135. RC Method 4 Inthe CRC dialog box click on the down arrow to show the list of choices for CRC algorithms Sum 1 s comp Lancel 5 Enter a Seed value in hexadecimal if desired Cum Comp LAC OR Hep 6 Click OK to generate the CRC It appears in the byte information AOR T s comp i i AUR 2 s com lines at the bottom of the Event Display window Whenever you select a range of data a CRC is calculated automatically CA CAC CCIT Trev CRE HOLE Calculating CRC for interwoven data 4 3 5 Calculating Delta Times and Data Rates 1 Click on the Event Display icon PD on the Control window to open the Event Display window 2 Use the mouse to select the data you want to calculate a delta time and rate for 3 The Event Display window displays the delta time and the data rate in the status lines at the bottom of the window 95 ComProbe Sodera User Manual Chapter 4 Capturing and Analyzing Data Event Display Homer cfa File Edit View Format Bookmarks a Window Help a e EIH 8a 00 41 00 Ob ef ld 0d 0a 7b 43 49 A 76 57 00 74 0 2c 30 Od 0a Sa amp Co CO AN DO ne G mW oe U U 4 UOD Se m y Ti m m m m NG 05 agd EC 00 i my 5c m P aa Fz lt A yo HE 48 70 IT Tr Ti Tr Trt Li Figure 4 3 Delta fields 4 3 6 Switching Between Live Update and Review Mode The Event Display and Frame Display windows can update to display new data during live capture or be frozen to allow dat
136. REE Layer 16 Abed BREE Figure 4 23 Frame Display Protocol Layer Color Selector 4 4 1 13 Filtering Filtering allows the user to control the display which capture frames are displayed Filters fall into two general categories 120 Chapter 4 Capturing and Analyzing Data ComProbe Sodera User Manual 1 Display filters allow a user to look at a subset of captured data without affecting the capture content Frames matching the filter criteria appear in the Frame Display frames not matching the criteria will not appear 2 Connection filters Two options are available a A Bluetooth connection Displays only the frames associated with a Classic Bluetooth link or a Bluetooth low energy access address A new Frame Display will open showing only the protocol tabs frames summary and events associated with that particular Bluetooth connection b Aspecific wireless or wired technology Displays all of the frames associated with e Classic Bluetooth e Bluetooth low energy e 802 11 e HCI A new Frame Display will open showing only the protocol tabs frames summary and events associated with the selected technology 4 4 1 13 1 Display Filters A display filter looks at frames that have already been captured It looks at every frame in the capture buffer and displays those that match the filter criteria Frames that do not match the filter criteria are not displayed Display filters allow a user to look at a subset of captu
137. S AA APP PE 282 B 2 Getting the Android Link Key for Classic Decryption _ 2 2 2 222 eee eee eee ce eee ee eeeeee 284 B 2 1 What You Need to Get the Android Link Key eee ee eee eee eee eee eeeee 284 B 2 2 Activating Developer options 2 22 eee cece cee cee cece cece cece eee eeeceeeeeeees 284 B 2 3 Retrieving the HCI Log aa 285 B 2 4 Using the ComProbe Software to Get the Link Key 02 0 o eee eee eee eee eee 286 B 3 Bluetooth Conductive Testing lsolating the Environment eee cece ceeeeeeeee 290 B 3 1 Bluetooth Transmitter Classes lee ee eee ce ee ce ee ee eee eee eee ee 290 B2 TeS HA 290 B 3 3 Test Setup Bl etoOth sents cease essen cece boos eee eset eee e a aa a a AE a ala 291 ComProbe Sodera User Manual BOA FSU PROC CSS AA PA 293 B 4 Decrypting Encrypted Bluetooth low energy 22 cece cece eee e ccc e cee ceeceeeeeeees 295 B 4 1 How Encryption Works in Bluetooth low energy 2 eee eee eee eee e cece e cee eeeeees 295 BAA PONV oo Sates ee teehee ead ed eee eee ee nee ek oe hs eee eee Bowe eeeeeenetenes 295 Baa Parine Methods sc ace oe yon a ese na GA se 296 B 4 4 Encrypting the Link aa 297 B 4 5 Encryption Key Generation and Distribution _ 0 2 eee eee cece cece eee eeee 297 B 4 6 Encrypting The Data Transmission 22 cece eee cece eee e cece cece cece eceeceeceecee
138. Scanner Barcode Scanner Blood Pressure Blood Pressure Arm Blood Pressure Wrist Card Reader Clock Computer Cycling Cycling Cadence Sensor Cycling Cycling Computer Cycling Power Sensor Cycling Speed Cadence Sensor Cycling Speed Sensor Digital Pen Digitizer Tablet Display Eye Glasses Gamepad AudioVideo TX Barcode Scanner TX Barcode Scanner LX Blood Pressure LX BloodPressue Arm X Blood Pressure Wrist x CardReader X Clock CT ES Computer CT XX eying CT ES Cycling Cadence Sensor X Cycling Cycling Computer x Cycling Power Sensor X Cycling Speed Cadence Sensor x Cycling Speed Sensor oOo X DigtlPen R ES Digitizer Tablet TX Display CT ao EyeGlesses TX Gamepad CTX GiucoseMeter X Glucose Meter 36 Chapter 3 Configuration Settings ComProbe Sodera User Manual Table 3 5 Device Classes continued Health Heart Rate Sensor Heart Rate Sensor Heart Rate Belt Human Interface Device HID Imaging Joystick Keyboard Keyring LAN Network Access Point Media Player Miscellaneous Mouse Outdoor Sports Activity Outdoor Sports Location and Navigation Display Outdoor Sports Location and Navigation Pod Outdoor Sports Location Display Outdoor Sports Location Pod Peripheral Phone Pulse Oximeter Pulse Oximeter Fingertip Pulse Oximeter Wrist Remote Control Reserved Running Walking Sensor Running Walking Sensor On Shoe Running Walk
139. Second 1 10000000 I Note Month and Year are not available if you select Relative 3 When you have specified the time interval you want to use click on the Go To Move Forward or Move Backward buttons to start the search from the current event Note When you select Absolute as Search for Go To is available When you select H Relative as Search for Move Forward or Move Backwardis available Go to the timestamp On or before On or after The analyzer searches for an event that matches the time specified If no event is found at the time specified the analyzer goes to the nearest event either before or after the specified time Choose whether to have the analyzer go to the nearest event before the specified time or after the specified time by clicking the appropriate radio button in the Go to the timestamp box If you are searching forward in the buffer you usually want to choose the On or After option If you choose the On or Before option it may be that the analyzer finishes the search and not move from the current byte if that byte happens to be the closest match When you select Absolute as Search for the radio buttons are On or before the specified time or On or after the specified time When you select Relative as Search for the radio buttons are On or before the specified time relative to the first selected item or On or after the specified time relative to the last selected item 1 Select On or before the specified time or
140. There are three ways to move between bookmarks 1 Press the F2 key to move to the next frame or event with a bookmark 2 Select Go to Next Bookmark from the Bookmarks menu 3 Click the Display All Bookmarks icon Ll Select the bookmark you want to move to and click the Go To button or simply double click on the bookmark Click the Move Forward and Move Back buttons to cycle through the bookmarks 238 Chapter 5 Navigating and Searching the Data ComProbe Sodera User Manual Find dual mode capture 01 cfa Figure 5 13 Find Window Bookmark tab Used to Move Around With Bookmarks To delete a bookmark select it and click the Delete button To modify a bookmark select it and click the Modify button Click Remove All to delete all the bookmarks 239 ComProbe Sodera User Manual Chapter 5 Navigating and Searching the Data 240 Chapter 6 Saving and Importing Data 6 1 Saving Your Sodera Data You can save all or part of the data that you have captured You can also load a previously saved capture file and save a portion of that file to another file This feature is useful if someone else needs to see only a portion of the data in your capture file On the Control window toolbar you can set up to capture a single file Click here to see those settings There are two ways to save portions or all of the data collected during a data capture Click here to see how to capture data to disk 6 1 1 Savi
141. This access address connection is not using five of the protocols From any open Frame display the user can set another Connection Filter based on the original data set Display Example 2 All 802 11 data filtered in In this example there is a capture file with Classic Bluetooth Bluetooth low energy and 802 11 To view just the 802 11 data set 802 11 All is selected from the right click pop up menu 134 Chapter 4 Capturing and Analyzing Data ComProbe Sodera User Manual O Frame Display BTAmp80211FTPwLE cfa File Edit View Format Filter Bookmarks Options Window Help 2 6 VE S20 90 PUUSumMe rem OE amp Cooo RR P ser iow LE AD Ad wD ata Field Tromeated or blot Present Unfiltered Info Errors o This is the Decode Pane Baseband LMP PreConnection FHS Bluetooth FHS L2CAP AMP Manager SDP OBEX FTP Non Captured Info LE BB LE PKT LE ADY aah 802 1 Badio 202 11MAC LLE B02 2 SHAE 80211 AMP 80218 LLAP OBEX End Rata V Expand Decode Pane Copy Selection to Clipboard B Frame ASCII Hex Fram Delta Timestamp S Collapse All Nodes 1 63 4 10 2012 3 54 29 68448 Expand All Nodes 2 23 00 00 29 8 4 10 2012 3 54 59 50800 a 23 00 00 00 0 41072012 3 54 59 50800 Connection Filter gt Classic 23 00 00 00 0 4 10 2012 3 54 59 50800 Bluetooth low energy p 23 00 00 00 0 42072012 3 54 59 50800 Set Subsequent Decode
142. This topic provides a description of the vA anticipated Piconet View functionality Devices and connections detected by the Sodera hardware are displayed graphically on the Piconet View pane for further configuration and selection for analysis by the user Devices and connections are displayed on the Piconet View pane only when data to or from those devices or connections has been detected by the Sodera hardware while the appearance of devices in the Wireless Devices pane includes detected devices user entered devices and remembered devices Piconet View hx DO A6 37 EF2C9 12 B 09 8 4 F2 D5 74 00 56 76 44 43 61 O 68 D9 3C 5F 49 21 Bl F4 50 F5 1B EE 00 00 FO 29 BP 19 6C 98 F3 5 6 2015 8 44 17 617835 AM Sodera Piconet View Adjacent to each device in the view is the devices BD_ADDR Attached to each dot is a labe Ithat displays BD ADDR The tab is colored either blue or green to indicate that the related device is Classic or low energy Bluetooth 42 Chapter 3 Configuration Settings ComProbe Sodera User Manual A blue ring surrounds the device that is either paging or serving as the master device in the piconet In the event of arole switch this blue ring will shift position to the new piconet master In the event of scatternet where one piconet master Bluetooth Device Q that is also a slave of a secondary piconet the blue ring is broken in that roughly 2596 of the ring is cut
143. View Timeline Tool Tip Shown Anchored to Computer Screen 4 4 2 29 The two Timelines There are two Timelines available for viewing one for the 5 GHz range and one for the 2 4 GHz range Classic Bluetooth and Bluetooth low energy occur only in the 2 4 GHz range 802 11 can occur in both 164 Chapter 4 Capturing and Analyzing Data ComProbe Sodera User Manual ka 7 KI View port Packet Range 85 Pack etal T Selected Packet Hons AMEN 32205 96705 P AMAG 22211 455160 PH Figure 4 69 5 GHz and 2 4 GHz 802 11 packets The y axis labels show the channels for each technology and are color coded Blue Classic Bluetooth Green Bluetooth low energy Orange 802 11 The 5 GHz timeline has only 802 11 channel labels and the rows alternate orange and white one row per channel The 2 4 GHz timeline has labels for all three technologies The rows alternate blue and white one row per Classic Bluetooth channel The labels going left to right are 802 11 channels Bluetooth low energy advertising channels Bluetooth low energy regular channels and Classic Bluetooth channels The Viewport Packet Range above the timelines shows the packet range and packet count of packets that would be visible if both timelines were shown i e hiding one of the timelines doesn t change the packet range or count This packet range matches the packet range shown above the viewport in the Throughput Graph as it must since the viewport defines the
144. Wave Panel Zoom to Selection Expands or compresses the selection to fill the Wave Panel view 214 Chapter 4 Capturing and Analyzing Data ComProbe Sodera User Manual Table 4 34 Wave Panel Pop up Menu Selections continued Select Area When the mouse cursor is positioned over data not fill pause or gaps in the Wave Panel and selecting this option will select all the data between and fills pauses or gaps Select All Selects the entire waveform Event Table Pop up Menu Actions Right clicking in the Event Table will provide you with a selection of the following actions 1 Clear Selection Export Event Table Go Loop 39 A oom to Selection pr f Select Area pr w Select All 35 Table 4 35 Event Table Pop up Menu Selectioin Copies the selected events to Windows clipboard as text Clear Selection Clears the current event selection in the table Export Event Table Copies the current event selection and saves it as a csv file For additional details on exporting refer to Event Table Export Loops through the audio selected on the Wave Panel Zoom to Selection Expands the Event Table selection to fill the Wave Panel view Select Area Expands the selection Select All Selects all events 4 5 6 5 Export Audio Data There are two ways to export audio data 1 Clicking the Audio Expert System window Global Toolbar Export button rx 2 Right click in a Strea
145. _s and the High Speed View will appear Ww 170 Chapter 4 Capturing and Analyzing Data ComProbe Sodera User Manual ComProbe Protocol Analysis System 802 11 File View Live Options Window Help 2S Qa Si Configuration Con be 802 11 SN 0102120052 N Capture file Ciusa SADocuments Frontine Test Equi Ney Capture Files Capture 2012 12 21_140206 cfa Captur eFile 1496 Packets on h w 0 ForHe 1 Click on Start Capture bs and then 2 Click on Coexistence View to see the High Speed View The Coexistence View High Speed Live Mode window will appear m Coexistence View High Speed Live Mode CI 8 File Format Zoom Navigate Help COCO D a gt a gt E a a O O Captured Packets Dropped Packets Graph Info m 2 325 packets 100 m O packets 096 m 0 01 24 624649 m 60 packets s 27 avg Packets dropped at m 212 data points 103 048 bits s 62 084 avg MM Bluetooth driver 0 0 m 400 ms point m Bluetooth datasource 0 0 802 11 driver 0 0 802 11 datasource 0 0 Throughput Over Time High Speed Live Mode For Help Press F1 Figure 4 14 High Speed Live Window 4 4 2 36 Coexistence View Spectrum Sodera Only Sodera has the option to sample the 2 4 GHz RF spectrum at the Sodera unit antenna connector The spectrum data represents the Received Signal Strength Indicator RSSI The spectru
146. a SN A1507 00021 Date created UTC T Date created focal Size 9 9 2015 9 16 30 PM 5 9 2015 5 16 30 PM 450 KB 9 9 2015 9 16 29 PM 9 9 2015 5 16 29 PM 2 390 KB 9 9 2015 9 15 04 PM 9 9 2015 5 15 04 PM 121 KB 9 8 2015 3 08 32 PM 9 8 2015 11 08 32 AM 134 KB 9 8 2015 3 08 26 PM 9 8 2015 11 08 26 AM 175 KB 9 8 2015 3 08 23 PM 5 8 2015 11 08 23 AM 142 KB 9 8 2015 3 08 02 PM 9 8 2015 11 08 02 AM 181 KB 9 8 2015 3 07 58 PM 9 8 2015 11 07 58 AM 283 KB 9 8 2015 3 07 45 PM G 8 2015 11 07 45 AM 710 KB 9 8 2015 3 07 40 PM 9 8 2015 11 07 40 AM 269 KB 9 8 2015 3 07 16 PM 9 8 2015 11 07 16 AM 377 KB 9 4 2015 3 01 16 PM 9 4 2015 11 01 16 AM 151 KB 9 1 2015 8 03 45 PM 9 1 2015 4 03 49 PM 107 KB 9 1 2015 8 02 36 PM S 1 2015 4 02 36 PM 136 KB 5 1 2015 8 02 22 PM 5 1 2015 4 02 22 PM 192 KB 6 31 2015 8 59 01 PM 6 31 2015 4 59 01 PM 290 KB 4 captures selected Delete Record Figure 3 2 Manage excursion mode captures Dialog If a Sodera hardware unit is connected to the computer the dialog displays e The serial number of the Sodera hardware e A listing of all Excursion mode capture files stored on the currently connected Sodera hardware If no files are stored the list will be empty The listed files display the following information 29 ComProbe Sodera User Manual Chapter 3 Configuration Settings e Date Created UTC the date and time in the UTC time zone that the excursion mode capture was started e Date Created local The capture
147. a analysis By default the Event Display continually updates with new data and the Frame Display is locked 1 Make sure the Lock icon A is active so the display is locked and unable to scroll 2 Click the Unlock a icon again to resume live update The analyzer continues to capture data in the background while the display is locked Upon resuming live update the display updates with the latest data You can have more than one Event Display or Frame Display window open at a time Click the Duplicate View icon g to open additional Event or Frame Display windows The lock resume function is independent on each window This means that you can have two Event Display windows open simultaneously and one window can be locked while the other continues to update 4 3 7 Data Formats and Symbols 4 3 7 1 Switching Between Viewing All Events and Viewing Data Events By default the analyzer on the Event Display dialog shows all events that include e Data bytes e Start of frame e End of frame characters e Data Captured Was Paused lAn event is anything that happens on the circuit or which affects data capture Data bytes control signal changes and long and short breaks are all events as are I O Settings changes and Data Capture Paused and Resumed 96 Chapter 4 Capturing and Analyzing Data ComProbe Sodera User Manual Click on the Display All Events icon to remove the non data events Click again to display all events See Li
148. a device is marked as a Favorite it will not be deleted even if it is inactive If Hide Inactive Devices is active S this menu selection is inactive Selects all active and inactive devices in the list Add Selected Used to globally designate a group of selected devices as Favorites If devices Devices as Favorites Remove Selected Devices as Favorites Add New device in the selection are already designated as Favorites their designation will not change Used to globally change the Favorite designation for a group of selected devices If devices in the selection are already not designated as Favorites their designation will not change Clicking this tool will open the Edit Device Details dialog Enter the new device s Bluetooth address and other related data and press OK Same function as the 9 tool in the Device Management Tools 41 ComProbe Sodera User Manual Chapter 3 Configuration Settings Table 3 7 Right Click Pop Up Menu Selections continued Edit Device Active when a single device has been selected Detail ee Allows the user to edit partially known BD_ADDRs Technology type Identity Resolving Key IRK Device Class and Friendly Name discovered during capture Clicking this tool will open the Edit Device Details dialog Same function as the tool in the Device Management Tools 3 1 2 3 Piconet View Pane Experimental Note At this time the Piconet View is in experimental
149. a test file instead of an arbitrary audio stream There is no need for special configuration of the ComProbe analyzer The Test ID will have the identifier notation N vv where N the file number and vv a two digit version for example 1 02 Using the Test Files The analysis of the received audio results in a series of Audio Events being reported by comparing changes in the received audio to expected changes of the Reference Audio and reporting deviation events when they occur The system starts up in Non Referenced mode and is continuously looking for a valid Reference Audio file by measuring frequency and amplitude of the received over the air audio Transitioning to Referenced mode requires the successful detection of a Test ID tone sequence of proper frequency duration and value Once the Referenced Mode state is achieved the expectation is that all tones encountered will conform to the script identified by the Collected Digits the Test ID The system remains in the Referenced Mode state until either the end of test is reached or a loss of synchronization occurs The synchronization of the received audio from the Reference Audio files versus the internal Test Script is achieved based on changes in frequency of the tones in the Reference Audio file Frequency changes are used because this parameter is relatively immune to the configuration of the network For a comparison of reference mode detectable problems to unreferenced de
150. ackets All Selected Viewport Figure 4 42 Throughput Graph viewport 4 4 2 9 Indicator width The width of each indicator is the largest 1 second throughput seen up to that point for that technology Classic Bluetooth Bluetooth low energy or 802 11 where the 1 second throughput is calculated anew each time another packet is received The 1 second throughput indicator will never exceed this width but the average throughput indicator can For example the image below has a large average throughput because the Selected radio button was selected and a single packet was selected and the duration in that case is the duration of the single packet which makes for a very small denominator in the throughput calculation When the average throughput exceeds the indicator width a plus sign is drawn at the right end of the indicator Packets CO All Selected C0 Viewport Awg throughput bits Figure 4 43 Average throughput indicators show a plus sign when the indicator width is exceeded 148 Chapter 4 Capturing and Analyzing Data ComProbe Sodera User Manual et Cti Figure 4 44 A single selected packet 4 4 2 10 Coexistence View Throughput Graph Chops Lam 1 15 108 ETH am Yew Pot Src peed Wen Zoomed Throughput Graph and Timelines 802 17 Packet Classic Packet Throughput Throughput Bi PE 802 11 Payload Thought Classic Payload Throughput Figu
151. active connections within range of the analyzer Once a session is started the capture is initiated and the data is recorded The analysis mode can begin The user must select specific devices The user can select from all devices that are actively communicating The user can also select devices from a prior capture when available before recording The data captured only from selected devices is sent to the ComProbe software for event and protocol level analysis 4 1 2 1 Record Begin Capture When starting a capture session e the active status of all devices is cleared in the Wireless Devices pane e the Security pane is emptied and e the Event Log pane retains all prior logged events On the Capture Toolbar click on the Record button or select Record from the Capture Recod menu option When the Record button changes to Recording Sodera hardware is capturing data from all active Bluetooth devices within range On the Capture Toolbar clicking on the Recording button or selecting Recording from the Capture menu options will halt live capture Now the Wireless Devices pane populates with any newly discovered devices Selecting devices for analysis can be done while recording Note The Capture Toolbar Analyze button will be grayed out until some wireless devices have H been selected for analysis The Security pane will show all encrypted Bluetooth links The Event Log pane will begin to populate with information warnings and
152. age and the field background displays red The OK button is disabled e Entering a valid IRK displays a green background and the OK button is enabled e Valid IRK entries are persisted to the Sodera devices database 40 Chapter 3 Configuration Settings ComProbe Sodera User Manual Right Click Pop Up Menu After selecting a device or devices right clicking the mouse will MA Remove Selected Inactive Devices open a pop up menu that includes functions identical to the Remove All Inactive Devices Select All Device Management Tools and other functions The menu active selections will vary depending on the status of the selected devices For example selecting inactive devices will activate the inactive devices menu selections Add Selected Devices as Favorites Remove Selected Devices as Favorites Add New Device Edit Device Details Remove Selected Inactive Devices Remove All Inactive Devices Select All Table 3 7 Right Click Pop Up Menu Selections Deletes the selected inactive devices from the wireless devices list Only active when inactive devices are selected Same function as the x tool in the Device Management Tools If a device is marked as a Favorite it will not be deleted even if it is inactive If Hide Inactive Devices is active S this menu selection is inactive Deletes all selected inactive devices from the wireless devices list Only active when inactive device is selected If
153. age the Bluetooth low energy devices can now begin transmitting and receiving encrypted data B 4 7 Decrypting Encrypted Data Using ComProbe BPA 600 low energy Capture Note The following discussion uses the ComProbe BPA 600 in low energy capture mode to H illustrate how to identify the encryption process and to view decrypted data However any of the ComProbe devices BPA 500 BPA low energy that are low energy capable will accomplish the same objectives although the datasource setup will be slightly different for each device 298 Appendicies ComProbe Sodera User Manual B 4 7 1 Setting up the BPA 600 1 Run the ComProbe Protocol Analysis Software 24600 datasource and select Bluetooth Classic low energy r T a BPA 600 This will bring up the BPA 600 datasource window This is where the parameters are set for sniffing including the aaa devices to be sniffed and how the link is to be S _ Devices Under Test Device Database LE Device Database BPA 600 Information LE Only Classic Only Single Connection Dual Mode Classic Only Multiple Connections decrypted LE Device i Classic Device amp 00025b00aae0 UGO 2 Select Devices Under Test tab on the Datasource window Classic Encryption T R Enter New Long Tem Key 3 Click select LE Only TZE Enter New PIN OOB data 4 Todecrypt encrypted data transmissions Curent Link Key eee between the Bluetooth low energy devices the ComProbe analyzer need
154. ain Clicking Find Previous will search backwards from the current postion The analyzer takes the current selected byte as its initial condition when running searches that rely on finding events where error conditions changed The analyzer searches until it finds an event where error conditions changed or it reaches the end of the buffer at which point the analyzer tells you that there are no more events found in the buffer If you are searching for an exact match the analyzer asks you if you want to continue searching from the beginning of the buffer Searching for Exact Error Conditions 234 Chapter 5 Navigating and Searching the Data ComProbe Sodera User Manual To search for an exact state means that the analyzer finds events that exactly match the error conditions that you specify k3 Find BPA500 cfa Decode Paitem Time Go To Special Events Error Bookmark Select the This exactly describes the search for event where i state radio button y One or more of these changed ik oc Next i One or more of these occured GN exactly lel ane in Find Previous One or more of these was off describes the state Find Previous e This changes the normal check boxes to a elp series of radio buttons labeled On Off On Off Don t Care SS and Don t Care for each error Reserved COC Side Restriction Search without regard to data origin o On means that th
155. alog to move vertically and horizontally You can also click and hold while moving the pointer within dialog that brings up a directional arrow that you can use to move left right and up down Ctrl Summary tab When you select the Ctrl Summary tab you will see a summary of the control and signaling frames in the order that they are received transmitted from and to devices maa EN eR INITAN AT a TSIT AA AA AA Km MA CANAANITA AT All Layers Ctl Summary Non Msg Summary BB LMP L CAP SDP RFCOMM HF AVDTP AVDTP Signaling mannaa J Figure 4 85 Control and Signaling Frames Summay The frame numbered is shown whether the message comes from the Master or Slave the message Address the message itself and the timestamp Additionally the control signaling packets for each layer are shown in a different background color be Piconet1 Piconet 2 Figure 4 86 Packet Layers Shown in Different Colors If you right click within the Ctrl Summary you can select Show in MSC 176 Chapter 4 Capturing and Analyzing Data ComProbe Sodera User Manual All Layers Ctrl Summary NomMsg Summary BE LMP L2CAP SDP RFCOMM HF AVDTP AVDTP Signaling 4 Figure 4 87 Right Click in Ctrl Summary to Display Show in MSC The window then displays the same information but in the normal MSC view All Layers Ctrl Summary Non Msg Summary BB MP L2CAP SDP RFCOMM HF AVDTP AVDTP Signaling For Help Press FL Panes NG
156. an Existing Template on page 60 3 2 4 2 L2CAP Override Decode Information The Set Subsequent Decoder Parameters dialog allows the user to override an existing parameter at any frame in the capture where the parameter is used If you have a parameter in effect and wish to change that parameter 67 ComProbe Sodera User Manual Chapter 3 Configuration Settings 1 Select the frame where the change should take effect Bl law fifi Signaling 2 Select Set Subsequent Decoder Parameters from the aaa ea Options menu or by selecting a frame in the frame display Copy Selection te Clipboard and choosing from the right click pop up menu and make the Save Selection needed changes Refer to Go To w Show Frame Size Column 3 Change the L2CAP parameter by selecting from the rule to Show Timestamp Column change and click on the listed parameters J Show Delta Column Add New Column Help 4 If you wish to remove an overridden rule click on Remove Override button If you want to remove all decoder parameter settings click on Remove All Remove New Column Change Column Order Help Restore Default Columns 5 Click OK Add Bookmark Export Provide L CAP Rules Each entry in the Set Subsequent Decoder Parameters dialog Provide RECOMM Rules takes effect from the specified frame onward or until redefined in SS SS this dialog on a later frame i Show Hidden Panes b system d
157. an be sorted by field for every protocol Click here for an explanation of the symbols next to the frame numbers 102 Chapter 4 Capturing and Analyzing Data ComProbe Sodera User Manual e Decode Pane The Decode Pane displays a detailed decode of the highlighted frame Fields selected in the Decode Pane have the appropriate bit s or byte s selected in the Radix Binary Character and Event panes e Radix Pane The Radix Pane displays the logical data bytes in the selected frame in either hexadecimal decimal or octal e Binary Pane The Binary Pane displays a binary representation of the logical data bytes e Character Pane The Character Pane displays the character representation of the logical data bytes in either ASCII EBCDIC or Baudot e Event Pane The Event Pane displays the physical data bytes in the frame as received on the network By default all panes except the Event Pane are displayed when the Frame Display is first opened Protocol Tabs Protocol filter tabs are displayed in the Frame Display above the Summary pane e These tabs are arranged in separate color d coded groups These groups and their Noes ai Classic Bluetooth blue colors are General white Classic Bluetooth oe bi rama 502 11 orange USB purple NEC orown Laan Bluetooth low energy green B Frame CLE 4 and SD teal The General group applies to _ en Ee all technologies The other groups are agaw Uu 802 11 orange
158. analyzer Save Save the currently selected bytes or the entire buffer to file Clear Discards the temporary file and clears the display Oo Event Display Brings the Event Display F window to the front 104 Chapter 4 Capturing and Analyzing Data ComProbe Sodera User Manual Table 4 5 Frame Display Toolbar Icons continued Peon Description Duplicate View Creates a second Frame Display window identical to the first W Apply Modify Display Filters Opens the Display Filter dialog Quick Protocol Filter brings up a dialog box where you can filter or hide one or more protocol layers Protocol Stack brings up the Protocol Stack Wizard where you can change the stack used to decode framed data Reload Decoders When Reload Decoders is clicked the plug ins are reset and received frames are re decoded For example If the first frame occurs more than 10 minutes in the past the 10 minute utilization graph stays blank until a frame from 10 minutes ago or less is decoded Find Search for errors string patterns special events and more Display Capture Notes Brings up the Capture Notes window where you can view or add notes to the capture file Add Modify Bookmark Add a new or modify an existing bookmark Display All Bookmarks Shows all bookmarks and lets you move between bookmarks Audio Expert System Opens Audio Expert System Window Reload Decoders When Reload Decoders is c
159. analyzer looks for SDP Service Attribute Responses or Service Search Attribute Responses carrying protocol descriptor lists If the analyzer sees L2CAP listed with a PSM it stores the PSM and the UUID for the next protocol in the list After the SDP session is over the analyzer looks at the PSM in the L2CAP Connect frames that follow If the PSM matches one the analyzer has stored the analyzer stores the source channel ID and destination channel ID and associates those channel IDs with the PSM and UUID for the next protocol Thereafter when the analyzer sees L2CAP frames using those channel IDs it can look them up in its table and know what the next protocol is In order for the analyzer to be able to auto traverse using a dynamically assigned PSM it has to have seen the SDP session giving the Protocol Descriptor Lists and the subsequent L2CAP connection using the PSM and identifying the source and channel IDs If the analyzer misses any of this process it is not able to auto traverse It stops decoding at the L2CAP layer For L2CAP frames carrying a known PSM 0x0001 for SDP for example or 0x0003 for RFCOMM the analyzer looks for Connect frames and stores the PSM along with the associated source and destination channel IDs In this case the analyzer does not need to see the SDP process but does need to see the L2CAP connection process giving the source and destination channel IDs 4 2 6 Providing Context For Decoding When Frame Informat
160. and the 5GHZ Timeline is visible Performs the GHz and 5 same function as the Timeline Both radio button GHZ Timelines Show When check shows only timelines which have had packets at some point during this Timelines session If no packets are present the 2 4 GHz Timeline is visible Performs the same Which Have or function as the Timeline Auto radio button Had Packets Auto Mode 139 ComProbe Sodera User Manual Chapter 4 Capturing and Analyzing Data BLAST Table 4 8 Coexistence View Format Menu Selections continued J i The following two selections are mutually exclusive Show Low Energy Packets From Configurated Devices Only Show All Low Energy Packets Large Throughput Graph Show Dots in Throughput Graph Dots Reveal Overlapped Data Points Show Zoomed Throughput Graph Freeze Y Scales in Zoom Throughput Graph When checked shows in the 2 4 GHz Timeline only packets from Bluetooth low enegry devices configured for this session and uses these packets for throughput calculations Performs the same function as the LE Devices Configured radio button When checked shows in the 2 4 GHz Timeline all Bluetooth low energy packets captured in this session and uses these packets for throughput calculations Performs the same function as the LE Devices All radio button When checked the Throughput Graph appears in the bottom half of the window swapping position with the ti
161. anumeric ASCII characters or a hexadecimal value that the user enters When entering a hexadecimal value it must include a Ox prefix for example Ox1234ABCD Link Key If you know the Link Key in advance you may enter it directly To enter the Link Key click on the device row Link Key field and enter the Link Key in hex followed by the keyboard Enter key If the link key has previously been entered it is automatically entered in the edit box after the Master and Slave have been selected Once the Link Key is entered the ACO automatically appears in the Security pane for the devices in the link J Note The Link Key does not have to be prefixed with 0x because the Link Key field will only accept hex format and the 0x prefix is added automatically Entering 0x will result in an invalid entry result Security vIX Status Time Master Slave PIN TK Link Key ACO D fal 11 20 2014 2 34 57 115571 PM 00 88 65 61 B7 27 00 07 62 0F 00 00 11 20 2014 2 35 00 754965 PM T515 al 11 20 2014 2 35 00 928163 PM 00 07 62 0F 00 00 00 88 65 61 B7 27 Enter link key S TORN Figure 3 8 Classic Bluetooth Link Key Entry Status Time Master Slave PIN TK Link Key ACO D fal 11 20 2014 2 34 57 115571 PM 00 88 65 61 B7 27 00 07 62 0F 00 00 05d306875603c4f 1e065a052923f4d8ba Oo 67b04b 7eb0 1b 38eb55eb 3cb 11 20 2014 2 35 00 718090 PM T515 Valid fad 11 20 2014 2 35 00 928163 PM 00 07 62 0F 00 00 00 88 65 61 B7 27 05d306875603c 4 1e06
162. any time 7 1 1 2 Advanced System Options These parameters affect fundamental aspects of the software and it is unlikely that you ever have to change them If you do change them and need to return them to their original values the default value is listed in parentheses to the right of the value box Most technical support problems are not related to these parameters and as changing them could have serious consequences for the performance of the analyzer we strongly recommend contacting technical support before changing any of these parameters To access the Advanced System Options 1 Go to the Control A window 2 Choose System Settings from the Options menu 3 On the System Settings window click the Advanced button 255 ComProbe Sodera User Manual Chapter 7 General Information Advanced System Options warmy Be catebul when changing Ihese paameler Please read the onde help Met or contact Technical Support Selechons do not take effect unti FTS and ary datasources are Hated Diver Recent Buie Size in Ebates Dine Schon Queue See m Operating Suslem Pages Fiame Complebon Timea m Seconds Figure 7 2 Advanced System Options dialog e Driver Receive Buffer Size in Kbytes This is the size of the buffer used by the driver to store incoming data This value is expressed in Kbytes e Driver Action Queue Size In Operating System Pages This is the size of the buffer used by the driver to store data to be t
163. apter A 12V DC auxiliary vehicle outlet system could be used PC HOST USB 2 0 port for connecting Sodera to the host computer where the ComProbe software resides This connector provides host computer command control and data transfer P Note At this time all other rear panel connectors are inactive 2 1 3 Attach Antenna Figure 2 3 Antenna Attachment Point Remove the ComProbe Sodera hardware from the box and attach the antenna to the SMA connector on the front panel Chapter 2 Getting Started ComProbe Sodera User Manual 2 1 4 Applying Power ComProbe Sodera is powered by three methods the Frontline supplied AC to DC adapter an external DC power source that can include power from an automobile auxiliary power source and an optional internal battery To apply power to Sodera use one of the three methods 1 Connect the provided AC to DC power adapter to the 12VDC connector on the rear panel and then connect the adapter into an AC source 2 Connect a DC power source supplying 12 VDC directly to the 12VDC connector on the rear panel 3 Install the battery To start Sodera depress the Power button on the front panel for at least 1 2 second and then release This action will provide a clean start for Sodera hardware The battery charge state indicator LEDs will repeatedly flash in sequence while the unit powers up The front panel Power indicator LED will be green Should the front panel Power indicator b
164. ate attenuator value to limit the input power to 20 dBm 10 uW maximum B 3 4 Test Process After connecting DUT1 DUT2 and the ComProbe Sodera or ComProbe BPA 600 follow these steps to capture Bluetooth data 1 Pair DUT 1 and DUT 2 2 Establish data transmission between DUT 1 and DUT 2 3 Begin capture of the data with the ComProbe Sodera or ComProbe BPA 600 Refer to the ComProbe User Manuals at fte com 4 Conduct protocol analysis with the ComProbe software on the personal computer or save the capture file for future analysis For any questions concerning conductive testing contact Frontline technical support at 434 984 4500 or email tech support fte com Author John Trinkle with Sean Clinchy Publish Date 22 June 2015 2935 Appendicies ComProbe Sodera User Manual 294 B 4 Decrypting Encrypted Bluetooth low energy B 4 1 How Encryption Works in Bluetooth low energy Data encryption is used to prevent passive and active man in the middle MITM eavesdropping attacks ona Bluetooth low energy link Encryption is the means to make the data unintelligible to all but the Bluetooth master and slave devices forming a link Eavesdropping attacks are directed on the over the air transmissions between the Bluetooth low energy devices so data encryption is accomplished prior to transmission using a shared secret key B 4 2 Pairing A Bluetooth low energy device that wants to share secure data wi
165. ation level protocol decoding was becoming a requirement For example people were starting to browse the Internet using Bluetooth enabled phones and PDAs therefore a good Bluetooth analyzer would need to support TCP IP HTTP hands free A2DP etc For Frontline to support for these higher levels protocols was no problem since they were already in use in other Frontline analyzer products People have been using Frontline Serialtest serial analyzers and Ethertest Ethernet analyzer to troubleshoot TCP IP and Internet problems for many years As we continued to work closely with the Bluetooth community we also came across one other requirement sniffing itself had to be made easier We took a two pronged approach to this problem We simplified air sniffing and we continue to work on simplifying the process of air sniffing and we invented Virtual sniffing B 6 4 Virtual Sniffing What is it Historically protocol analyzers have physically tapped the circuit being sniffed For example an Ethernet circuit is tapped by plugging into the network A serial connection is sniffed by passively bridging the serial link A Bluetooth air sniffer taps the piconet by synchronizing its clock to the clock of the piconet Master 913 Appendicies ComProbe Sodera User Manual Not only is there a physical tap in traditional sniffing but the sniffer must have some knowledge of the physical characteristics of the link being sniffed For example a Bluetooth ai
166. away to accommodate the slave s position in primary piconet The remaining 7596 of the blue ring connects aOR to the secondary piconet slave device Within the Piconet View rolling the mouse over an icon will highlight that device or security information in the Wireless and Security panes Timeline 1 29 2015 11 58 42 610143 AM 40s Figure 3 5 Piconet View Timeline As device connections appear over time the Timeline on the bottom of the Piconet View displays circles representing events over time where the piconet view has changed Classic Bluetooth events appear as blue circles and Bluetooth low energy events appear as green circles These events appear when devices e Connects solid circles e Role Switches sold circles e Disconnects hollow circles Select an event on the time line by clicking on an event circle The display on the Piconet View will change to the piconet configuration active at the selected event time allowing the user to trace piconet activity A timeline cursor a white vertical line will appear behind the selected timeline event Above the timeline cursor appears the event capture date and time Note The timeline event cursor is always positioned in the center of the display A selected event V4 will move to the cursor thus the selected event is always position in the center of the Piconet View 43 ComProbe Sodera User Manual Chapter 3 Configuration Settings 3 5m On the timeline right
167. band field LT ADDR Is Egu AND In the range 178 to 43 Delete selected condtion Figure 4 29 Set Condition Dialog in Advanced View 2 Select the desired condition from the filter definition 3 Click the Delete Selected Line fye icon 4 Edit the Boolean operators and parentheses as needed 5 Click OK The system displays the Save Named Condition dialog Ensure that the filter name is displayed in the text box at the top of the dialog and click OK If you choose to create an additional filter then provide anew name for the filter condition or accept the default name provided by the system and click OK The Set Condition dialog box closes and the system applies the modified filter Note When a display filter is applied a description of the filter appears to the right of the toolbar in the Frame Display windows Note The OK button on the Set Condition dialog box is unavailable grayed out until the condition selections are complete Renaming a Display Filter 1 Select Rename Display Filters from the Filter menu in the Frame Display window to open the Rename Filter dialog The system displays the Rename Filter dialog with a list of all user defined filters in the Filters combo box 129 ComProbe Sodera User Manual Chapter 4 Capturing and Analyzing Data Rename Filters Filters Filter0 Description Indude each frame where the protocol Baseband field LT ADDR Is Equal To 6
168. bar The global toolbar provides audio play controls audio play cursor positioning controls waveform viewing controls and volume controls Global toolbar controls apply simultaneously to all waveform panels n n a a a Table 4 29 Global Toolbar Controls _ Home Moves play cursor to beginning of the waveform Play Start playing the audio from the current play cursor position Toggles to Pause when clicked Pause Stops audio play back at its current position toggles to Play when clicked End Moves the play cursor to the end of the waveform 203 ComProbe Sodera User Manual Chapter 4 Capturing and Analyzing Data Table 4 29 Global Toolbar Controls continued a a re Loop Loops waveform playback continuously If the Play button is visible it will toggle to the Pause Clicking the Pause button will stop Loop playback Clicking on the Loop button will stop the loop and the playback If there is a selection on the waveform only the selection will loop Horizontal Zoom Out Increases the amount of data that is visible on the screen however less detail is discernable Horizontal Zoom In Decreases the amount of data that is visible on the screen however more detail is discernable Lock Unlock Operational in live mode only Selecting Lock will freeze the waveform display however the Audio Expert System will still continue to analysis new audio data Selecting Unlock will jump to the wavefor
169. border in the timelines Performs the same function as the SET button Refer to Coexistence View Set Button on page 157 The following three selections are mutually exclusive Show Packet When checked the Throughput Graph and Throughput Indicator shows data based on Throughput packet throughput Performs the same function as the Throughput Packet radio button Show Payload When checked the Throughput Graph and Throughput Indicator shows data based on Throughput payload throughput Performs the same function as the Throughput Payload radio button Show Both When checked the Throughput Graph will graph both the data based on packets Packet And throughput in darker colors and payloay throughput in lighter colors The Throughput Payload Indicator will show calculations based on packet throughput Performs the same Throughput function as the Throughput Both radio button The following four selections are mutually exclusive Show 5 GHz When checked the 5 GHz Timeline is visible and the 2 4 GHz Timeline is not visible Timeline Only 802 11 5 GHz packets are shown Performs the same function as the Timeline 5 GHz radio button Show 2 4 GHz When checked the 2 4 GHz Timeline is visible and the 5 GHz Timeline is not visible Timeline The timeline will show Classic Bluetooth Bluetooth Low Energy and 802 11 2 4 GHz packets Performs the same function as the Timeline 2 4 GHz radio button Show Both 2 4 When checked the 2 4 GHz Timeline
170. buffer contains no user overridden items 65 ComProbe Sodera User Manual Chapter 3 Configuration Settings 3 2 4 L2CAP Decoder Parameters 3 2 4 1 About L2CAP Decoder Parameters Each entry in the Set Initial Decoder Parameters dialog takes effect from the beginning of the capture onward or until redefined in the Set Subsequent Decoder Parameters dialog AVDTP Security L2CAP RFCOMM A2DP USB iPx Tce UDP Initial Connections in effect from beginning of capture onward until redefined in the Set Subsequent Decoder Parameters dialog Stream Master m Channel ID Address DataSource DS No set 0 for Single DS Caries PSM Raw Data x Figure 3 35 L2CAP Decoder parameters tab The L2CAP Set Initial Decoder Parameters dialog requires the following user inputs to complete a Parameter e Stream This identifies the role of the device initiating the frame master or slave e Channel ID The channel number 0 through 78 e Address This is the physical connection values for the devices Each link in the net will have an address A piconet can have up to seven links The Frame Display can provide address information ee Frame 37 slave Len 2 Baseband e Data Source DS No When only one data source is employed set L2CAP this parameter to O zero otherwise set to the desired data source ke Role Slave number 3 Address 1 POL Length 14 i Channel ID Ox0040 SDP Gl SDP Ca
171. c Key X and Y fields are automatically calculated and filled in 4 Click the OK button the dialog will close and the added Private and Public keys appear in the Private Keys pane If the key enterd already matches a key in the local storage a dialog will be displayed indicating the issue and the window will not close To Remove PAN a Private Key 1 In the Private Keys pane click on the Private Key to be remove to select it 2 Remove the Private Key by one of the following methods a Click on the Remove Private Key K tool in the Private Key Management toolbar The key is removed from the list b Right click on the selected Private Key and select Remove Private Key from the Private Key Management tools pop up menu The key is removed from the list ay NG Chapter 3 Configuration Settings ComProbe Sodera User Manual 3 1 2 6 Event Log Pane The Event Log is a record of significant events that occurred at any time the Sodera datasource software is running The log is recorded in time sequence using the computer clock Log event descriptions provide information warnings and error notifications The Event Log provides the user with a history of their analysis process This history may be useful for process documentation or for troubleshooting capture issues and problems Information messages can include the starting and stopping of recording and the time that this event took place Warnings in the log could be notifying th
172. c application 2 2 1 Opening ComProbe Data Capture Method On product installation the installer creates a folder on the windows desktop labeled Frontline ComProbe Protocol Analysis System lt version gt 1 Double click the Frontline ComProbe Protocol Analysis System desktop folder This opens a standard Windows file folder window di b Frontline ComProbe Protocol Analysis System 12 11 662 0 F w Include in library Share with Burn New folder A 2 te Name sktop E di Development Tools wnloads J Documentation cent Places JE Maintenance Tools ogle Drive 6f Capture File Viewer 6f ComProbe 802 11 with Wireshark gets as aa cuments Select to open Capture Methods Figure 2 9 Desktop Folder Link 2 Double click on Frontline ComProbe Protocol Analysis System and the system displays the Select Data Capture Method dialog ComProbe Protocol Analysis System Version gt Frontline ComProbe Protocol Analysis P Note You can also access this dialog by selecting Start gt All Programs gt Frontline System Three buttons appear at the bottom of the dialog Run Cancel and Help When the dialog first opens Cancel and Help are active and the Run button is inactive grayed out Bur starts the selected protocol stack 143 ComProbe Sodera User Manual Chapter 2 Getting Started closes the dialog and exits the user back to the desktop takes the user to this help file as does pressi
173. cal zoom buttons will turn gray and become inactive when the maximum and minimum values are reached Collapse Expand Control Collapse Expand button toggles between two views The top image indicates that the Wave Panel is 2 expanded When the bottom image is visible it indicates that the Wave Panel is collapsed T When the top image is visible clicking on it will collapse the Wave Panel to the minimum size that shows only the Stream Info and the Local Controls When the bottom image is visible clicking on it expands the Wave Panel to full size 207 ComProbe Sodera User Manual Chapter 4 Capturing and Analyzing Data K Bits Sample 16 tt See Figure 4 102 Collapsed Wave Panel 4 5 6 2 3 Audio Waveform Panel The Audio Waveform Panel displays the captured audio waveform If the waveform is stereo both channels are visible in the Wave Panel The user can view the entire waveform or can zoom to view a portion of the waveform in more detail 01 32 37 351 PM 01 32 37 386 PM 01 32 37 420 PM 01 32 37 455 PM 01 32 37 489 PM Figure 4 103 Audio Waveform Panel in the Wave Panel Table 4 31 Global Toolbar Waveform Horizontal Zoom Controls Horizontal Zoom Increases the amount of data that is visible on the screen however less detail is discernible Horizontal Zoom Decreases the amount of data that is visible on the screen however more detail is discernible The audio waveform is plotted as amplitud
174. cceeeeceeeee 75 4 1 1 Air Sniffing Positioning Devices a 75 4 1 2 Sodera Capturing Data Introduction 2 2 eee eee eee cece cece cece eee eeeeeeeees 79 4 1 2 1 Record Begin Capture cece ccc cee eee cece aan naona cence eceeceeeeeeeeeees 79 4 1 2 2 Selecting Devices for Analysis cece ec ee cece cece eee cece cece aooaa 79 4 1 2 3 Starting Analysis 2 2 occ cece cc ec ccc ec eee cece cece cece ee ceeceeceeceeeeeeceeees 80 4 1 2 4 Signal Too Strong Indication 22 2 eee cece cece cece cece eee ceeeeeeeeees 81 4 1 2 5 Excursion Mode Capture amp Analysis cece ccc cece cece eee eceeceeeeeeceeees 82 4 1 2 6 Spectrum Analysis 22 22 eee cece cece eee eee eee e ccc eee e aooo oaao ononon 83 4 1 2 7 Critical Packets and Information for Decryption 2 c eee eee eee cece eee eeeeeeees 84 4 1 2 8 Capturing Sodera Analyzed Data to Disk 00 c cece cece ee eeeeeee 86 4 1 3 Extended Inquiry Response cece ccc cece nannaa cece cece cece cence eeeeceseceeceeceeees 87 A PE OUOC ON AA 88 4 2 1 Protocol Stack Wizard ad cop eveschddaccucceduseneseccdecdand sentacecuneendedienedsesetcdcces used 88 4 2 2 Creating and Removing a Custom Stack cece cee cece cece cece cece eeeeeeees 89 A223 REMAINS lt lt c5354 2c caeadesunccsad ecandadscesseesuaiesncesenesesecnceneseuaeeseereetesacebeavseeesecss 9
175. ce e ComProbe Protocol Analysis System installed on your computer e Android Debug Bridge optional directions in this paper are based on known typical Android device Refer to the manufacturer s I Note Each Android device model can vary in screen organization layout and format The manual on line help or technical support for detailed information about your particular device B 2 2 Activating Developer options The Android HCI log will contain the link key for an active Bluetooth link 1 On the Android device go to Settings 2 Select About 3 Inthe About screen tap on Build number eight times At some point you will see a notice similar to You are now a developer Note On some devices the build information may be under one or more sub screens below H the About screen Also the number of taps may vary in most cases the screen will provide 284 ComProbe Sodera User Manual Appendicies A status of your tap count 4 Return to the Settings screen and you will see Developer options B 2 3 Retrieving the HCI Log Now that Developer options have been activated on the Android device you can retrieve the HCI log 1 On the Android device go to Settings 2 Select Developer options 3 Click to enable Bluetooth HCI snoop logging 4 Return to the Settings screen and select Developer options 5 In the Developer options screen select Enable Bluetooth HCI snoop log The log file is now enabled pa On I EW Or Developer opt
176. ce can cause loss of packets and poor captures In a laboratory or testing 76 Chapter 4 Capturing and Analyzing Data ComProbe Sodera User Manual environment do not place the DUTs and ComProbe hardware in close proximity with Wi Fi transmitting sources such as laptops or routers Turning off Wi Fi on the computer running the ComProbe software is recommended Positioning for wideband capture Frontline s Wideband Bluetooth Protocol Analyzer Sodera can capture from multiple devices which requires a different approach to position the DUTs and the analyzer When testing more than two devices arrange the DUTs on the perimeter of acircle 1 2 meters in diameter for Bluetooth transmitter Class 1 and 2 devices For transmitter Class 3 DUTs the circle should be 1 2 meter in diameter Equally space the DUTs on the perimeter Place the Sodera in the center of the circle If not using the Sodera Excursion mode connect the computer and place it outside the circle as far away from the DUTs as possible Figure 4 2 Wideband Capture Devices Equally Spaced in the Same Horizontal Plane Positioning for audio capture The Bluetooth Audio Expert System provides analysis of audio streams and can assist in identifying problems with capture methods including positioning and environment because it will point out missing frames For hands free profile data captures both DUTs send and receive data Therefore position the devices following the equilateral tr
177. ce ceeceeeeees 263 IX ComProbe Sodera User Manual 7 2 Technical Information 0 22 2 l eee eee cee ee eee eee ee eee ee ence cece cece eee eeeeeeeeees 263 12 LPEMOrmance Notes cece ce as BG Nam NKK NG NN AUANLG ND EN ees EE N S r eE 263 APAN aa AA 264 PA Propre ot Bale A 264 AA ANA 264 7 2 0 Useful Character Tables cic cnccrannduconcacsacaduatanseddencawelaresadencaewaseacedieededessadacass 264 729 A ASC CODGS oo ceteeete ne becareutucscccabecetiebceudoessscdecsesuedlscecebavdidenuceteseebuseseacsedes 265 k20 BAU OR OOE usr sete ete cadena bisa hens JAAN NAE D TANAN NASA E maka G Oa 265 723 3 EBCDIC COQOS AA AA 266 7 2 5 4 Communication Control Characters cee eee eee eee eee eeeeee 266 PA AA AP AAP 267 7 2 7 DecoderScript Overview a 267 7 2 8 Bluetooth low energy ATT Decoder Handle Mapping 0 0 eee eee eee eeeeeeeees 268 7 3 Contacting Technical Support _ 2 220 oe eee cee cee cee cece cece cece cece cece eceeceeeeeeeeees 269 a AA 271 Appendix A Sodera Technical Specifications Service Information eee eeeeeeeeeeees 273 Appendix B Application Notes c cece eee e cece eee e cece eceeeeeeeceeceees 276 B 1 Audio Expert System aptX hiccup Detected eee eee eee eee e cece eeeeeeeees 277 B 1 1 Background ae a ANG LA a nv mee ee ee AN 277 Dili SE CUD esr r ied oe deere e O E ences 277 BLS DEUS AA 278 B 14 COME WSION
178. cecceceeeee 238 Chapter 6 Saving and Importing Data XU 241 viii ComProbe Sodera User Manual 6 1 Saving Your Sodera Data enc cee ee eee eee cece e eee e eee eeeeeeeeee 241 6 11 Saving the Capture Fil scence maa nana tecmewcusteehseseceeebbcakieenermaceceuctadeusellackes 241 6 1 2 Saving the Entire Capture File with Save Selection 0 222 e eee eee eee eee 242 6 1 3 Save a Portion of Capture File with Save Selection 2 2 eee cece eee eee e cece ee ceeeeeeee 242 6 2 Adding Comments to a Capture File c ccc eee ee ec eeceeeeeees 243 6 3 Confirm Capture File CFA Changes c cece ce cee cece cece cece eee ceeceeceeeeceeceeceees 243 6 4 Loading and Importing a Capture File cece cece cece cece ee eeeeeeeees 243 6 4 1 Loading a Capture File ara cae oe re es ee glow eeies eaweeee en dete eece eaten 243 6 4 2 Importing Capture Files 2 22 lee cece ccc eee cece oaaao aaoo ornoo araona 244 ro PIONS aaa tle a ama a NAA ASA SAU ede oe LALA NIDO TAG AYE se ee one eee 244 6 5 1 Printing from the Frame Display HTML Export 222 2 eee eee eee eee eee cee eeceeeeeeee 245 6 5 2 Printing from the Event Display 2 22 22 cece eee ec ec eee cece eee eee ee ceeceeeeeeeeees 247 GE DONG ip sce cope coset ee esate KANA nG DUTI NAGA ADA G aed eee io eee noe NAG NE MANNA ee neee meses 248 6 6 1 Frame Display Export a
179. cetane ned idan ARA AAO DASAL teed aaah AkO 9 Zila Battery POW OM ees tec e eee AA ee eee a 9 PAS SA heat ences ESE E A AE as Sa E ere spice dauueeea aes uetectome ct 9 2 2 Data Capture Methods _ 2 22 2 ie ee enc ccc ee LLALL aLL aLaaa Laaa anaana 13 2 2 1 Opening ComProbe Data Capture Method 2 2 2 ee cece eee cece cece cece eeeeeees 13 2 2 2 Sodera Data Capture Method ___ 0 222 2 eee cece eee eee aaa aaa aana 14 PACKAGE 15 2 3 1 Control Window Toolbar c cece cece cece ee eee eee cece cece ee eee eeeeeees 16 2 3 2 Configuration Information on the Control Window 2 22222 eee eee eee eee cece cece eeeee 17 2 3 3 Status Information on the Control Window 0 22 2 eee eee eee eee cece cece cece eee 17 2 3 4 Frame Information on the Control Window 222 e eee eee eee ee ee ee eee eee eee 18 2 3 5 Control Window MENUS ncn secon nnerecaboandeknsed ve Apa KANG dedscawades eieunseecadebaecdeemeredews 18 2 3 6 Minimizing Windows oaaao aoaaa 2 eee eee eee cee cee cece cee cece ee eee eee eee eee eeeeeeeeeeeeeeeeee 23 Chapter 3 Configuration Settings 25 3 1 Sodera Configuration and I O _ 2 2 2 2 aoaaa aaa aa eee eee ee eee eee eee eee eeeeeeeeeeees 25 3 1 1 User Configuration Overview eee adaa aa ee ee cee cee eee cece eee eee e ee anaana 25 3 1 1 1 Standard Capture Scenario ieee cece eee cc cece cee eee cence ee ceeeeeeeeeeeee 25 3 1
180. ch message in the detail pane ends with the word Message or Messages The latter is used because data and handshake messages are shown as a single color coded entry Each protocol layer is represented by a color which is used to highlight the bytes that belong to that protocol layer in the Event Radix Binary and Character panes The colors are not assigned to a protocol but are assigned to the layer The Event Radix Binary Character and Decode panes are all synchronized with one another Clicking on an element in any one of the panes highlights the corresponding element in all the other panes Click the Toggle Expand Decode Pane icon IF to make the Decode pane taller This allows for more of a lengthy decode to be viewed without needing to scroll 4 4 1 11 5 Radix or Hexadecimal Pane The Radix pane displays the logical bytes in the frame in either Ria E 3T JE Ob GA hexadecimal decimal or octal The radix can be changed from ot This k the Radir Pane the Format menu or by right clicking on the pane and i choosing Hexadecimal Decimal or Octal z Copy Selection to Clipboard A Because the Radix pane displays the logical bytes rather than N Select Entire Frame the physical bytes the data in the Radix pane may be different E Change Text Highlight Color from that in the Event pane See Physical vs Logical Byte Display t E i for more information a3 Hexadecimal A Decimal Colors are used to show which protocol lay
181. ck or in excursion mode playback Conditions for too strong RF signal The software will determine that a received signal is too strong based on the following conditions e Normal Gain Capture Options setting see Capture Options dialog on page 31 5 or more packets with RSSI greater than or equal to 20 dBm within the past 5 seconds e Reduced Gain Capture Options settings see Capture Options dialog on page 31 5 or more packets with RSSI greater than or equal to 0 5dBm or higher within the past 5 seconds Signal too Strong reset When the ComProbe software has determined that the RF signal has returned to a safe condition from a too strong condition the following will occur e Event Log Pane on page 53 Displays Received Signal Strength OK with an Information icon i The event is added to the log as soon as the conditions for a safe signal have been detected e Status Bar No display of signal strength Conditions for Signal too Strong reset The software will determine that a too strong signal has returned to a safe status based on the following conditions e Normal Gain Capture Options setting see Capture Options dialog on page 31 No packets with RSSI greater than 24 dBm within the last 5 seconds e Reduced Gain Capture Options settings see Capture Options dialog on page 31 No packets with RSSI greater than 4 5 dBm within the last 5 seconds 81 ComProbe Sodera User Manual Chapter 4 Capturing and Analyzi
182. ck the Duplicate View icon dg on the Frame Display toolbar This creates another Frame Display window You can have as many Frame Displays open as you wish Each Frame Display is given a number in the title bar to distinguish it from the others e To navigate between multiple Frame Displays click on the Frame Display icon O in the Control window toolbar A drop down list appears listing all the currently open Frame Displays e Select the one you want from the list and it comes to the front Note When you create a filter in one Frame Display that filter does not automatically appear H in the other Frame Display You must use the Hide Reveal feature to display a filter created in one Frame Display in another S Note When you have multiple Frame Display windows open and you are capturing data you may receive an error message declaring that Filtering cannot be done while receiving data this fast If this occurs you may have to stop filtering until the data is captured 4 4 1 9 Working with Panes on Frame Display When the Frame Display first opens all panes are displayed except the Event pane To view all the panes select Show All Panes from the View menu e The Toggle Expand Decode Pane icon iE makes the decode pane longer to view lengthy decodes better e The Show Default Panes icon i returns the Frame Display to its default settings e The Show only Summary Pane icon gE displays on the Summary Pane To close a pane r
183. ckbox is checked then the system automatically changes the default location for saving capture files each time you open a file from or save a file to a new location For example let s say the default location for saving capture files is Drive A gt Folder A Now you select the Use Last Opened Folder for Capture Files checkbox The next time however you open a capture file from a different location Folder B gt Removable Flash Drive for example Now when you save the capture file it will be saved to Folder B gt Removable Flash Drive Also all subsequent files will be saved to that location This remains true until you open a file from or save a file to a different location There is one caveat to this scenario however Let s say you have selected Use Last Opened Folder for Capture Files and opened a file from a location other than the default directory All subsequent capture files will be saved to that location Suppose however the next time you want to save a capture file the new file location is not available because the directory structure has changed a folder has been moved a drive has been reassigned a flash drive has been disconnected etc In the case of a lost directory structure subsequent capture files will be saved to the default location ComProbe software will always try to save a file to the folder where the last file was opened from or saved to if Use Last Opened Folder for Capture Files is checked If however the locatio
184. cket button Next Legend When clicked selects the next legend packet in time from the current selection and Packet displays it in the Timeline This control is enabled when a bold packet type is selected in the Coexistence View Legend Refer to Coexistence View Legend on page 159 Performs the same functions as the Next Legend Packet button Last Legend When clicked selects the last legend packet in the session and displays it in the Packet Timeline This control is enabled when a bold packet type is selected in the Coexistence View Legend Refer to Coexistence View Legend on page 159 Performs the same functions as the mi Last Legend Packet button Toggle This selection is active during Live capture mode only Checking this selection will lock Display Lock the Throughput Graph and the Timeline in its current position however the capture will continue Not checking this selection will cause the Throughput Graph and the Timeline to scroll as data is collected Note Navigate menu selections are context sensitive For example If the first packet is selected the Next Packet and the Last Packet selections are active but the Previous Packet selection is inactive Table 4 11 Coexistence View Spectrum Menu Selections When checked spectrum data is shown in the Timeline If spectrum data is not available this selection is inactive The following three selections are active only if Show Spectrum is active Show Packets
185. col Laver 4 Once you select the Protocol Message click Protocol Message Pam OK AYDOTP Signaling The Search dialog disappears and the first search result is highlight in the Message Sequence Chart 3P AFCOMM OBEX BIP FIP OBEX connection for the BIP Basic Imaging Image Push profile created Profile BIP Typescbtfimg capabilities Figure 4 90 Highlighted First Search Result If there is no instance of the search value you see this following dialog Once you have set the search value you can 1 use the Search Previous aa A The message Abort was not Found and Search Next 4 buttons or 2 F2 and F4 to move to the next or previous frame in the chart 178 Chapter 4 Capturing and Analyzing Data ComProbe Sodera User Manual 4 4 3 2 Message Sequence Chart Go To Frame The Message Sequence Chart has a Go To Frame function that makes it easy to find a specific frame within the layers In addition to Search you can also locate specific frames by clicking on the Go To Frame FI toolbar icon Saga 200 1 Click Go To Frame in the toolbar boo Enter frame number 2 Enter a frame number in the Enter frame No text box 4 Enter Frame No 3 Click OK The Go To Frame dialog disappears and the selected frame is highlighted in the chart Once you have identified the frame in Go To you can 1 use the Search Previous aa and Search Next i buttons or 2 F2 and F4 keys to m
186. col occurs in more than one of the technology specific tab groups For example if L2CAP occurs in both Classic Bluetooth and Bluetooth low energy there will be L2CAP tabs in the General group the Classic Bluetooth group and the Bluetooth low energy group Select the Unfiltered tab to display all packets There are several special tabs that appear in the Summary pane when certain conditions are met These tabs appear only in the General group and apply to all technologies The tabs are 114 Chapter 4 Capturing and Analyzing Data ComProbe Sodera User Manual e Bookmarks appear when a bookmark is first seen e Errors appear when an error is first seen An error is a physical error in a data byte or an error in the protocol decode e Info appears when a frame containing an Information field is first seen The tabs disappear when the capture buffer is cleared during live capture or when decoders are reloaded even if one of the tabs is currently selected They subsequently reappear as the corresponding events are detected The tabs disappear when the capture buffer is cleared during live capture or when decoders are reloaded even if one of the tabs is currently selected They subsequently reappear as the corresponding events are detected Use the navigation icons keyboard or mouse to move through the frames The icons and o move you to the first and last frames in the buffer respectively Use the Go To icon Ha to move to a s
187. criteria for each radio button as described below 4 4 2 6 All radio button All packets are used for average throughput and packets Packets All Selected Viewport occurring in the last 1 second of the session are used for 1 second throughput except that Bluetooth low energy packets from non configured devices can be excluded as noted above 4 4 2 7 Selected radio button Selected packets the selected packet range is shown in the timeline header are used for average throughput and packets in the 1 second duration ending at the end of the last selected packet are used for 1 second except that Bluetooth low energy packets from non configured devices can be excluded as noted above Packets All Selected Viewport Selected Packets 15434 15 437 Gap 44 7 me Timestamp Delta 45 922 ms Span 46 192 ms Figure 4 13 Timeline Header Showing Selected Packets 147 ComProbe Sodera User Manual Chapter 4 Capturing and Analyzing Data 4 4 2 8 Viewport radio button The viewport is the purple rectangle in the Throughput Graph and indicates a specific starting time ending time and resulting duration Packets that occur within that range of time are used for average throughput and packets in the 1 second duration ending at the end of the last packet in the viewport time range are used for 1 second throughput except that Bluetooth low energy packets from non configured devices can be excluded as noted above P
188. cted connections S Note Connection Filters are not persistent across sessions 4 4 1 13 2 1 Creating a Connection Filter In the Frame Display there are four ways to create a connection filter From the Frame Display Filter menu Click on the Frame Display Filter menu Connection Filter selection From the drop down menu select Classic or Bluetooth low energy The options are 130 Chapter 4 Capturing and Analyzing Data ComProbe Sodera User Manual e Classic Bluetooth o All will filter in all Classic Bluetooth frames You are in effect filtering out any Bluetooth low energy frames and are selecting to filter in all the Classic Bluetooth links o Links displays all the master slave links You can select only one link to filter in The selected link will filter in only the frames associated with that link e Bluetooth low energy o All will filter in all Bluetooth low energy frames You are in effect filtering out any Classic Bluetooth frames and are selecting to filter in all Bluetooth low energy access addresses o Access Addresses displays all the low energy slave device s access address You can select only one access address to filter The selected link will filter in only the frames associated with that access address e 802 11 o All will filter in all 802 11 frames You are in effect filtering out any other technology frames e HCI o All will filter in all HCI frames You are in effect filtering out any other tech
189. ction event 115 ComProbe Sodera User Manual Chapter 4 Capturing and Analyzing Data we cannot use the absolute timing to correct this error there would still be cases where we get it wrong Therefore we always assign 1 to the first packet in a connection event So even though it is rare there are connection events where packets sent by the slave device are labeled 1 and packets sent by the master are labeled 2 Finally in a noisy environment it is also possible that the sniffer does not capture packets in the middle of a connection event If this occurs and the sniffer cannot determine the side for the remaining packets in that connection event the side is labeled U for unknown 4 4 1 11 2 Customizing Fields in the Summary Pane You can modify the Summary Pane in Frame Display Summary pane columns can be reordered by dragging any column to a different position Fields from the Decode pane can be added to the summary pane by dragging any Decodepane field to the desired location in the Summary pane header If the new field is from a different layer than the summary pane a plus sign is prepended to the field name and the layer name is added in parentheses The same field can be added more than once if desired thus making it possible to put the same field at the front and back for example of along header line so that the field is visible regardless of where the header is scrolled to An added field ca
190. ctively being captured These graphs allow you to keep an eye on what is happening on the circuit without requiring you to capture data 2 3 4 Frame Information on the Control Window Frame Decoder information is located just below the Status bar on the Control window It displays two pieces of information For Help Press F1 e Frame Decoder 233 fps displays the number of frames per second being decoded You can toggle this display on off with Ctrl D but it is available only during a live capture e 132911 displays the total frames decoded e 10096 displays the percentage of buffer space used 2 3 5 Control Window Menus The menus appearing on the Control window vary depending on whether the data is being captured live or whether you are looking at a cfa file The following tables describe each menu Table 2 4 Control Window File Menu Selections 18 Chapter 2 Getting Started ComProbe Sodera User Manual Table 2 4 Control Window File Menu Selections continued Capture GoLive Returns to Live mode mile Reframe If you need to change the protocol stack used to interpret a capture file and the framing is different in the new stack you need to reframe in order for the protocol decode to be correct See Reframing on page 90 Removes start of frame and end of frame markers from your data SeeUnframing on page 90 Recreate This option is available when you are working with decoders If Companion File you chang
191. cts the next invalid Bluetooth low energy IFS packet from the current IFS Packet selection and displays it in the Timeline Performs the same function as the Bp Next Invalid IFS Packet button Previous When clicked selects the first prior packet Ctrl Left Arrow Error Packet with an error from the current selection and displays it in the Timeline Performs the same function as the a Previous Error Packet button Next Error When clicked selects the next packet with an Ctr Right Arrow Packet error from the current selection and displays it in the Timeline Performs the same function as the gt Next Error Packet button 143 ComProbe Sodera User Manual Chapter 4 Capturing and Analyzing Data Table 4 10 Coexistence View Navigate Menu Selections continued PIG I First Legend When clicked selects the first legend packet in the session and displays it in the Packet Timeline This control is enabled when a bold packet type is selected in the Coexistence View Legend Refer to Coexistence View Legend on page 159 Performs the same functions as the lagn First Legend Packet button Previous When clicked selects the first prior legend packet in time from the current selection and Legend displays it in the Timeline This control is enabled when a bold packet type is selected in Packet the Coexistence View Legend Refer to Coexistence View Legend on page 159 Performs the same functions as the da Previous Legend Pa
192. d as a source device DUT1 was streaming an AES Reference file 277 Appendicies ComProbe Sodera User Manual DUT2 was used asa sink device After establishing a valid Bluetooth link DUT2 played the AES Reference file The audio test file was played from the Bluetooth smart phone to the Bluetooth headphone The data captured by the ComProbe BPA 600 hardware was sent to the analysis computer running ComProbe software with AES As the data was captured it was analyzed by the AES module and displayed live in the AES window The AES software automatically detected the test ID tones in the captured audio and operated in the referenced mode The figure 1 below shows the test setup ComProbe BPA 600 PC running AES a ba a Hali Figure 1 The Test Setup B 1 3 Discussion The test began without any issue DUT1 and DUT2 negotiated a Bluetooth connection suitable for transmitting the audio When the Reference Audio was played there were no obvious audio distortions or anomalies heard by the tester The tester used a ComProbe BPA 600 configured for capturing Classic Bluetooth over a single connection In Frame Display AVDTP Signaling tab we see the start of the negotiation between DUT1 and DUT2 to establish an audio connection see Figure 2 At frames 2089 and 2092 the initiating or local device sends an AVDTP__ DDISCOVER command The remote device responds by identifying the ACP Stream Endpoint IDs In this case the remote device i
193. d by the operating system and is the smallest normal resolutions possible Note The raw timestamp value is the number of 100 nanosecond intervals since the beginning of H January 1 1601 This is standard Windows time It is also possible to use high resolution ag E l l timestamping High resolution timestamp V Store Timestamps This item takes effect immediately values are marked by an asterisk as high Capture Options resolution in the drop down list To change Storage Resolution 0 50 Mictoseconds high resolution mi timestamping resolutions Note 1 To apply resolution changes you must restart the program 1 Goto the Capture Options section of the window Note 2 Finer resolutions increase the capture file size 2 Change the resolution listed in the Storage Resolution box 261 ComProbe Sodera User Manual Chapter 7 General Information Note If you change the resolution you need to exit the analyzer and restart in order for the H change to take effect 7 1 4 3 1 Performance Issues with High Resolution Timestamp There are two things to be aware of when using high resolution timestamps The first is that high resolution timestamps take up more space in the capture file because more bits are required to store the timestamp Also more timestamps need to be stored than at normal resolutions The second issue is that using high resolution timestamping may affect performance on slower machines For example if
194. d not included with the analyzer the Remove Selected Item From List button becomes active 2 Click the Remove Selected Item From Listbutton to remove the stack from the list You cannot remove stacks provided with the analyzer If you remove a custom stack you need to define it again in order to get it back If you are changing the protocol stack for a capture file you may need to reframe See Reframing on page 90 for more information You cannot select a stack or change an existing one for a capture file loaded into the Capture File Viewer the Capture File Viewer is used only for viewing capture files and cannot capture data Protocol Stack changes can only be made from a live session 88 Chapter 4 Capturing and Analyzing Data ComProbe Sodera User Manual 4 2 2 Creating and Removing a Custom Stack To create a custom stack Ye PA 1 Choose Protocol Stack from the Select a protocol stack Options menu on the Control Build Your Own window or click the Protocol Stack 802 11 MAC 802 11 Radio icon on the Frame Display Air Sniffer 7 BlueCore Serial Protocol BCSP from Cambridge Silicon Radio with autotraverse Bluetooth HC UART H4 with autotraverse toolbar Bluetooth HCI USB with autotraverse Bluetooth virtual transport with autotraverse E Fictitious Protocol with autotraverse 2 Select Build Your Own from the list H4DS with autotraverse and click Next MWS Wireless Coexistence Interface 2
195. d of this frame and other frames with the same channel as hex data or assist the analyzer by selecting a protocol using this dialog gathered during the capture session may help you decide how to respond to the request for P Note You may use the rest of the analyzer without addressing this dialog Additional information decoding information If you are not sure of the payload carried by the subject frame look at the raw data shown data in the Decoder pane on the Frame Display You may notice something that hints as to the profile in use In addition look at some of the frames following the one in question The data may not be recognizable to the analyzer at the current point due to connection setup but might be discovered later on in the capture Frame 93 Slave Len 19 7 ro Eng Alaga Baseband a I GO O D A 8B 8 a L2CAP figured BT low energy devices SCO link Supported Errors a AVDTP Connection FHS Bluetooth FHS L2CAP SDP RFCOMM ADG A ole Slave eadset Non Captured Info Address 5 AVDTP Type Signal B Framett AVDTP Type A Role Frame Size De Timestamp AVDTP Signalin Aiea ii 92 Signal 5 Master 15 5 3 2011 1 47 26 596810 Ad nani E 93 Signal 5 Slave 19 00 54372011 1 47 26 811181 Transaction Label 14 94 Signal 5 Master 16 00 5 3 2011 1 47 26 833066 ansaction Labe Packet Type Single Packet 95 Signal 5 Slave 25 00 5 3 2011 1 47 26 952430 TRC Sey ae 96 Si
196. d packet is displayed in the timeline header Selected Packet 15 457 Timestamp 6 4 7 2017 10 47 19 835783 AM Technology Classic Type DMI Bluetooth Clock 02011386610 Payload Len 3 bytes Figure 4 63 Timeline header for a single selected packet 160 Chapter 4 Capturing and Analyzing Data ComProbe Sodera User Manual When multiple packets are selected by dragging the mouse with the left button held down clicking one packet and shift clicking another or clicking one packet and pressing shift arrow the header shows Gap duration between the first and last selected packets Timestamp Delta difference between the timestamps which are at the beginning of each packet and Span duration from the beginning of the first selected packet to the end of the last selected packet Selected Packets 15434 15437 Gapi 947 me Timestamp Delta 45 922 ms Span 46 192 ms Figure 4 64 Timeline header for multiple selected packets Text can be displayed at each packet by selecting Show Packet Show Packet Number Number Show Packet Type and Show Packet Subtype Show Packet Type from the Format menu Show Packet Subtype Hide Packet Text x Auto Hide Packet Text When Duration 3 31 25 ms SSS zzzrpqjpkprzzHauQ 15 455 Marmt 15 456 Data 15 459 Data 15 460 Data 15 456 DN 15 457 DM1 Figure 4 65 Descriptive text on timeline packets Placing the mouse pointer on a packet displays a tooltip color coded by technology
197. d the functionality of your ComProbe protocol analyzer DecoderScript displays protocol data checks the values of fields validates checksums converts and combines field values for convenient presentation Decoders can also be augmented with custom C coded functions called methods to extend data formatting validation transformations and so on A decoder defines field by field how a protocol message can be taken apart and displayed The core of each decoder is a program that defines how the protocol data is broken up into fields and displayed in the Frame Display window of the analyzer software 267 ComProbe Sodera User Manual Chapter 7 General Information This manual provides instruction on how to create and use custom decoders When reading the manual for the first time we encourage you to read the chapters in sequence The chapters are organized in such a way to introduce you to DecoderScript writing step by step Screenshots of the ComProbe protocol analyzer have been included in the manual to illustrate what you see on your own screen as you develop decoders But you should be aware for various reasons the examples may be slightly different from the ones that you create The differences could be the result of configuration differences or because you are running a newer version of the program Do not worry if an icon seems to be missing a font is different or even if the entire color scheme appears to have changed T
198. dd a new or modify an existing bookmark Display All Bookmarks Shows all bookmarks and lets you move between bookmarks Find Search for errors string patterns special events and more Go To Opens the Go To dialog where you can specify which event number to go to CRC Change the algorithm and seed value used to calculate CRCs To calculate a CRC select a byte range and the CRC appears in the status lines at the bottom of the Event Display Mixed Sides Serial data only By default the analyzer shows data with the DTE side above the DCE side This is called DTE over DCE format DTE data has a white background and DCE data has a gray background The analyzer can also display data in mixed side format In this format the analyzer does not separate DTE data from DCE data but shows all data on the same line as it comes in DTE data is still shown with a white background and DCE data with a gray background so that you can distinguish between the two The benefit of using this format is that more data fits onto one screen Character Only The analyzer shows both the number hex binary etc data and the character ASCII EBCDIC or BAUDOT data on the same screen If you do not wish to see the hex characters click on the Character Only button Click again to go back to both number and character mode Number Only Controls whether the analyzer displays data in both character and number format or just number format Click once to show
199. de Patten Time Golo Specis Evens Sigal Bookmark Search for eveni where cna or mons ofthese One of more of these changed changed trom on bo off joy One or noone of these y Thee ect changed from of bo on desonbes the Aae vy Pint fe Pin 2 fv Pin 3 fv Pin Figure 5 9 Find Signal tab You will choose one qualifier Searching for event where then choose one or more control signals Control Signals The section with the check boxes allows you to specify which control signals the analyzer should pay attention to when doing the search The analyzer pays attention to any control signal with a check mark e Click on a box to place a check mark next to a control signal e Click again to uncheck the box e By default the analyzer searches all control signals which means all boxes start out checked For example if you are only interested in finding changes in RTS and CTS you would check those two boxes and uncheck all the other boxes This tells the analyzer to look only at the RTS and CTS lines when running the search The other signals are ignored The control signals types include e USB Pin 1 e USB Pin2 e USB Pin3 e USB Pin4 Click here to learn more about the Breakout Box and Pins 1 4 231 ComProbe Sodera User Manual Chapter 5 Navigating and Searching the Data Searching for event where e The first three options are all fairly similar and are described together These options are searching
200. dentifies three audio media type devices that are SNK sink devices currently not in use SEPID Stream Endpoint Identification 5 2 and 1 278 ComProbe Sodera User Manual Appendicies Rei aa AYO TP Media Hands Free AYRCP A DP Data Hon Captured Info Link 1 LE BB Data Poog B Framett ACP Eror Co Add INTS Packet Role Signal ID Trans 7 AN Ee 2 089 1 Single Slave DISCOVER o z Packet Type Single Packet 2 092 1 1 Single Master DISCOVER Message Type Response Accept 2 116 5 1 Single Slave GET_CAPABILITIES 1 Signaling Identifier AVDTP_DISCOVER 2 119 1 Single Master GET_CAPABILITIES 1 El ACP Stream Endpoint ID 5 2 138 2 1 Single Slave GET_CAPABILITIES 2 i Use Ho 2143 1 Single Master GET_CAPABILITIES 2 iw Media Type Audio 2154 1 1 Single Slave GET CAPABILITIES 3 E r TRER SNE 2158 1 Single Master GET CAPABILITIES 3 El ACP Stream Endpoint ID 2 l 2 169 5 1 2 Single Slave SET CONFIGURATION 4 tv ruse No 2 175 1 Single Master SET CONFIGURATION 4 iy Media Type Audio 2185 5 1 Single Slave OPEN 5 e TSEP SNE 2190 1 Single Master OPEN 5 i Had 2 823 5 1 Single Slave START 6 D Meda Tinerii 2 033 1 Single Master START B a kas TSEP SHE 4 IT j Figure 2 Frame Display for AVDTP Signaling Frame 2089 amp 2092 S Note ACP is AVDTP terminology for the remote device The next step in the negotiation is to get the audio capabilities of each SEPID For
201. devices will be inactive otherwise it will be active Retaining past added devices allows the user to select devices prior to starting a session with the Record button When using a capture file e g using the Viewer the set of devices shown will only be the devices in that capture file Any device changes made can be saved to that file but do not affect the live capture database of devices Wireless Devices BF OK ED ADDR Friendly Name Device Class Technology IRK 5 de 00 23 01 31 29 34 BeatsPil Audio Video BR EDR 2 oof 28 42 4C DA FF 05 Matt s iPhone Phone Smart Ready LE amp BREDR Z 2 oie B0 34 95 65 23 7A Matt s iPad Computer Smart Ready LE 4 BR EDR E F 00 00 FD 29 BD 19 Audio Video BR EDR LJ 00 13 04 83 7D BE udio Video BR EDR LJ F 00 14 0E D5 D1 D9 Audio Video BR EDA LJ 00 1E E1 08 00 2B Samsung SBH O0O Audio Video BR EDR LJ 00 24 1C BE 18 A8 Motorola Roadst Audio Video BR EDR Ls la 00 26 64 50 3B 71 Audio Video BR EDR 00 58 76 A4 43 61 MiiBox mini Pudio Video BREDA LF 00 61 71 BA BF B7 01 01 0395 Phone Smart Ready LE 4 BR EDR 00 EE BD 08 1E CO iskupniewitz Phone Smart Ready LE 4 BR EDR PM fae ee ee ee ee nA mb me Pa a AG mam Figure 3 3 Sodera Wireless Devices Pane Table 3 4 Wireless Devices Pane Columns Co mn Pri TT A rn Filter The filter is an on off selection When checked the device is selected for data analysis Selection that is the data is filtered into the ComPr
202. dialog to make some of these selections When printing your data the analyzer creates an html file and prints the path to the file at the bottom of the page This file can be opened in your browser however it may appear different than the printed version 1 Select Print Preview from the File menu on the Frame Display window to display the Frame Display Print Preview 246 Chapter 6 Saving and Importing Data ComProbe Sodera User Manual Frame Display Print Preview Provide information to export data from the currently selected filter tab Include Detail Section 3 Summary C Mo decode section Data Bytes CJ All layers Selected layers only Frame Range SIM Application All SIP Selection oME SMTP Chiat FE W Delete File ResetThe Selected Layer Note Browser print options may affect whether any gray background is printed See Help for info OK Cancel Help Figure 6 2 Frame Display Print Preview Dialog 2 From this point the procedure is the same as steps 2 through 5 in How to Print Frame Display Data above 3 Click the OK button and after a brief wait a browser window will appear 6 5 2 Printing from the Event Display The Event Display Print feature provides the user with the option to print either the entire capture buffer or the current selection When Print Preview is selected the output displays in a browser print preview window where the user can select from th
203. diowebinar_2 csw 19 K Microsoft Excel C Ps audiowebinar 2 raw 299 KE RAW File Click on Cancel to close the window without exporting 4 5 6 6 Export Event Table Right clicking in the Event table will open a pop up menu with the option to Export Event Table This option will export selected events in the in comma separated variable csv format for used in Microsoft Excel or any other Windows csv compatible application First select the events to export Multiple events are selectable by selecting an event then holding the Shift key while clicking on another event This will select all events between the two selections If the selections are not adjacent you can hold the Ctrl control key while clicking events Next right click anywhere int he Event Table to open the pop up menu and click on the Export Event Table option A Windows Save As dialog will open Enter a file name and select a file location and click on Save A confirmation dialog will open Click OK to close the confirmation dialog If you have not selected an event in the table before exporting a warning to Please select an event row first appears 4 5 7 Frame Packet and Protocol Analysis Synchronization The Audio Expert System module integrates seamlessly with ComProbe software with common timestamping of Bluetooth protocol data audio events audio waveform display and codec events The audio expert data and results are synchronized and coordinated with the exis
204. dow Help a PHS YESZT apan A LA LA S la hin p Frame 1 Len 53 LE BB Header Length 13 Header Version 3 CP 1 Channel Index 37 2402 MHz Meets Predefined Filter Criteria for BT low energy devi Receive Status Received without errors Decryption Initiated No i Signal Strength 7 medium e PDU Length 37 B LE PKT 3 Preamble Oxaa Access Address Dx8e83bed6 CRC Oxfe96e6 LE ADY H PDU Type ADY_IND H Advertiser Address Type random be Payload Length 35 Advertiser Address Dx712500000002 B AD Data E AD Element Length 2 H AD Type Flags B AD Data H BR EDR Not Supported Yes i LE General Discoverable Mode Yes AD Element i Length 11 i AD Type Complete list of 16 bit UUIDs AD Data UUID Health Thermometer JUD Heart Rate Monitor UUID Blood Pressure Monitor H UUID Weight Scale UUID Body Composition AD Element i Length 13 4 m r CEE Info Errors Filtered Data Set note protocol tabs DOES 6009 RR srry Data LE BB LE PKT LE ADY Data B Framet ASCII Hex Delta Timestamp 1 27 2015 10 02 04 6235 00 00 00 0 1 27 2015 10 02 04 6285 00 00 00 0 1 27 2015 10 02 04 6335 00 00 00 0 1 27 2015 10 02 04 6479 00 00 00 0 1 27 2015 10 02 04 6529 00 00 00 0 1 27 2015 10 02 04 6534 00 00 00 0 1 27 2015 10 02 04 6537 00 00 00 0 1 27 2015 10 02 04 6579 00 00 00 0 1
205. dy 1 A Bluetooth mobile phone maker had been using a homemade HCI trace tool to debug the link between the Host CPU in the phone the Bluetooth chip They also were using an air sniffer They replaced their entire sniffing setup by moving to ComProbe software In the original test setup the Host CPU in the phone would send debug messages and HCI data over a serial link A program running on a PC logged the output from the Host CPU To implement the new system using Virtual sniffing a small change was made to the PC logging program and it now sends the data to ComProbe software using the Live Import API The HCI traffic is fully decoded and the debug messages are decoded as well The decoder for the debug messages was written using ComProbe software s DecoderScript feature DecoderScript allows ComProbe software user to write custom decodes and to modify decodes supplied with ComProbe software DecoderScript is supplied as a standard part of ComProbe software In this case the customer also created a custom decoder for HCI Vendor Extensions The air sniffer that was formerly used has been replaced by the standard ComProbe software air sniffer Case Study 2 A second Bluetooth mobile phone maker plans to use Virtual sniffing in conjunction with a Linux based custom test platform they have developed Currently they capture serial HCI traffic on their Linux system and use a set of homegrown utilities to decode the captured data They plan to send
206. e 248 Chapter 6 Saving and Importing Data ComProbe Sodera User Manual 6 6 2 Exporting a File with Event Display Export With the Event Display Export dialog you can export the contents of the Event Display dialog as a test txt CSV csv HTML htm or Binary File bin You also have the option of exporting the entire capture buffer or just the current selection of the Event Display dialog Event Display Export File name C Users Frontline Desktop NPC Wifi Save as type CSW File cs r Event range Side All Selection Both HME DCE 1 to 2000 Events Per How CS Headers Multiple Events Per Row No Timestamps E Show Preamble One Event Per Row Show Timestamp3 Show Column Headings Help Cancel Save Figure 6 4 Event Display Export Example csv file How to Export Event Display Data to a File 1 Select Export Events from the File menu on the Event Display window to display the Event Display Export dialog 2 Enter a file path and name or click the browser button to display the Windows Save As dialog and navigate to the desired storage location 3 Selecta file type from the Save as type drop down List Menu on the Event Display Export dialog Select from among the following file formats Text File txt CSV File csv HTML File html Binary File bin 4 Select the range of events to include in the file from either All or Selection in the Event Range section
207. e 243 Changing Default File Locations 257 Character 225 266 Character Pane 118 Character Set 98 264 265 Choosing a Data Capture Method 13 Clear Capture Buffer 253 CN 266 Coexistence View 137 Audio Expert System 217 le Devices Radio Buttons 158 Legend 159 Set Button 157 Throughput Graph 149 Discontinuities 150 Dots 153 319 Appendicies Swap Button 152 Viewport 151 Zoom Cursor 156 Zoomed 154 Freeze Y 155 Unfreeze Y 155 Y Scales Frozen 155 Throughput Indicators 146 Throughput Radio Buttons 158 Timeline Radio Buttons 158 Timelines 159 discontinuities 167 high speed 168 packet 159 two timelines 164 Toolbar 145 Tooltip 150 relocate 150 162 Color of Data Bytes 120 Colors 120 Comma Separated File 248 Compound Display Filters 124 Confirm CFA Changes 243 Context For Decoding 91 Control Characters 266 Control Signals 99 259 Control Window 23 253 Configuration Information 17 Conversation Filters 126 CPAS Control Window Toolbar 16 CR 266 Appendicies CRC 95 CSV Files 248 Custom Protocol Stack 88 89 Custom Stack 88 89 Customizing Fields in the Summary Pane 116 D D 1 266 D 2 266 D 3 266 D 4 266 D E 266 Data 95 241 Data Byte Color Denotation 120 Data Errors 233 Data Extraction 218 Data Rates 95 Debug Mode 47 Decimal 97 Decode Pane 117 decoder 267 Decoder Parameters 58 DecoderScript 267 Decodes 57 88 92 101 107 117 222 decryption BR EDR 84 Legacy Encryption EO 84 Secure Encryption A
208. e Chart likewise calculate and verify Sconfirm SMP Pairing B 4 4 Encrypting the Link The Short Term Key STK is used for encrypting the link the first time the two devices pair STK remains in each device on the link and is not transmitted between devices STK is formed by combining Mrand and Srand which were formed using device information and TKs exchanged with Pairing Confirmation Pairing Confirm B 4 5 Encryption Key Generation and Distribution To distribute the LTK EDIV and Rand values an LE LL encrypted session needs to be set up The Control Pkt LL ENC REO initiator will use STK to enable encryption on the Random vector Rand 0x27 c02ib15512909 link Once an encrypted link is set up the LTK is Enciypted diversiher EDN Ox838e distributed LTK is a 128 bit random number that Master session key identiher SKO Mm Dx21db57dd0157d32a the slave device will generate along with EDIV Master iniiskzabon vector Vint Ox034efes9 and Rand Both the master and slave devices can distribute these numbers but Bluetooth low energy is designed to conserve energy so the slave device is often resource constrained and does not have the database storage resources for holding LTKs Therefore the slave will distribute LTK EDIV and Rand to the master device for storage When a slave begins a new encrypted session with a previously linked master device it will request distribution of EDIV and Rand and will regenerate LTK Figure 18 Enc
209. e ComProbe software Saving the Event Log The Event log is automatically saved to appdata Frontline Test Equipment Sodera Logs as a txt file Logs are retained for each session 3 1 2 7 Pane Positioning and Control Terhnnlnay 53 ComProbe Sodera User Manual Chapter 3 Configuration Settings ComProbe Sodera window Security and Event Log panes can be customized to suit the user s requirements At the top of each pane on the right is a set of pane positioning controls e Clicking on Close x will close the pane Once the pane is closed it can be displayed again by selecting the pane in the View menu AWNIas e Clicking on Auto Hide a will pin the pane to the right border as a tab The title of the hidden pinned pane will appear at the border Ee m Hovering over the hidden pane title will expand the pane and the Auto Hide icon appears rotated a PIN TK a G C 06 07 15 aro Clicking on the Auto Hide will unhide or unpin the a ind pane A9 11 11 a AD Keyboard e Clicking on Window Position opens a menu of positioning options The currently selected option is shown with a check mark Right clicking in the pane header will also bring up the Window Position menu o Floating The pane operates as an independent window on the screen allowing it to be positioned anywhere on the screen Once the pane is floating it can be repositioned within the boundaries of F
210. e Display Relative Timestamps shows the timestamp as the amount of time that has passed since the first byte was captured It works just like a stop watch in that the timestamp for the first byte is 0 00 00 0000 and all subsequent timestamps increment from there The timestamp is recorded as the actual time so you can flip back and forth between relative and actual time as needed e Selecting both values displays the total time in nanoseconds from the start of the capture as opposed to a specific point in time e Selecting neither value displays the actual chronological time When you select Display Relative Timestamp you can set the number of digits to display using the up or down arrows on the numeric list 262 Chapter 7 General Information ComProbe Sodera User Manual 7 1 4 5 Displaying Fractions of a Second 1 Choose System Settings from the Options menu on the Control Pm window and click the Timestamping Options button or click the click the Timestamping Options icon f from the Event Display O window 2 Go to the Display Options section at the bottom of the window and find the Number of Digits to Display box 3 Click on the arrows to change the number You can display between O and 6 digits to the right of the decimal point 7 2 Technical Information 7 2 1 Performance Notes As a software based product the speed of your computer s processor affects the analyzer s performance Buffer overflow erro
211. e Display window show the physical bytes In other words they show the actual data as it appeared on the circuit The Radix Binary and Character panes in the Frame Display window show the logical data or the resulting byte values after escape codes or other character altering codes have been applied a process called transformation As an example bytes with a value of less than 0x20 the Ox indicates a hexadecimal value cannot be transmitted in Async PPP To get around this a Ox7d is transmitted before the byte The Ox7d says to take the next byte and subtract 0x20 to obtain the true value In this situation the Event pane displays 0x7d 0x23 while the Radix pane displays 0x03 4 4 1 5 Sorting Frames By default frames are sorted in ascending numerical sequence by frame number Click on a column header in the Summary pane to sort the frames by that column For example to sort the frames by size click on the Frame Size column header An embossed triangle next to the header name indicates which column the frames are sorted by The direction of the triangle indicates whether the frames are in ascending or descending order with up being ascending Note that it may take some time to sort large numbers of frames 4 4 1 6 Frame Display Find Frame Display has a simple Find function that you can use to search the Decode Pane for any alpha numeric value This functionality is in addition to the more robust Search Find dialog Frame Display F
212. e a decoder while working with data you can recreate the frm file the companion file to the cfa file Recreating the frm file helps ensure that the decoders will work properly Reload Decoders F The plug ins are reset and received frames are decoded again Live amp Open Capture File Opens a Windows Open file dialog at the default location Capture Public Documents Frontline Test Equipment My Capture File Files Capture files have a cfa extension Saves the current capture or capture file Opens a Windows Save As dialog at the default location Public Documents Frontline Test Equipment My Capture Files Exit ComProbe Shuts down the ComProbe Protocol Analysis System and all Protocol Analysis open system windows System Recent capture files i A list of recently opened capture files will appear The View menu selections will vary depending on the ComProbe analyzer in use 19 ComProbe Sodera User Manual Chapter 2 Getting Started Table 2 5 Control Window View Menu Selections Live g amp o Event Display Ctrl Opens the Event Display window for analyzing byte level Capture Shift E data File Frame Display Ctri Opens the Frame Display window for analyzing protocol Shift M level data Opens the Bluetooth Timeline window for analyzing protocol level data in a packet chronological format and in packet throughput graph Bluetooth Timeline Opens the Coexistence View window that can simultan
213. e e eee ceeceeceeceeeeceeees 157 Figure 4 58 802 11 Source Address Drop Down Selector 22 eee cee eee eee eee e cee eeeeeeeee 158 Figure 4 59 Coexistence View Legend cece cece cece cece cece cece ecececceececceceeceececes 159 Figure 4 60 Coexistence View Timelines eee ec eee cece cece eee e cece eceeeeeeeceeees 159 Figure 4 61 Each packet is color coded _ 2 22 2 cece cece cece cece cece ccc ecececceececeeceeceeceees 160 Figure 4 62 Highlighted entries in the legend for a selected packet 160 Figure 4 63 Timeline header for a single selected packet 0 eee ee eee cece cece eeceeees 160 Figure 4 64 Timeline header for multiple selected packets A l eee eee eee eee cece eee eee 161 Figure 4 65 Descriptive text on timeline packets 20 22 oe cece a 161 Figure 4 66 A tool tip for a Classic Bluetooth packet Ha 162 Figure 4 67 Coexistence View Format Menu Show Tooltips on Computer Screen 163 Figure 4 68 Coexistence View Timeline Tool Tip Shown Anchored to Computer Screen 164 Figure 4 69 5 GHz and 2 4 GHz 802 11 packets eee ec cece cece eee eecceeceeeeeees 165 Figure 4 70 5 GHz information window ee eee eee eee cee ccc cece cece eee eeeeeeeeeeeeees 166 Figure 4 71 2 4 GHz information windows 22 2 a 166 Figure 4 72 Vertical blue lin
214. e error occurred Search only these sides o Off means that the error did not E Slave occur Master o Don t Care means that the analyzer ignores that error condition e Select the appropriate state for each type of error Example If you need to find an event where just an overrun error occurred but not any other type of error you would choose overrun error to be On and set all other errors to Off This causes the analyzer to look for an event where only an overrun error occurred If you want to look for events where overrun errors occurred and other errors may have also occurred but it really doesn t matter if they did or not choose overrun to be On and set the others to Don t Care The analyzer ignores any other type of error and find events where overrun errors occurred To find the next error click the Find Next button To find an error that occurred earlier in the buffer to where you are click the Find Previous button 5 1 8 Find Bookmarks Searching with Bookmarks allows you search on specific bookmarks on the data in Frame Display and Event Display window Bookmarks are notes reminders of interest that you attach to the data so they can be accessed later To access the search for bookmarks 1 Opena capture file to search 2 Open the Event Display po or Frame Display window 3 Click on the Find icon AA or choose Find from the Edit menu 4 Click on the Bookmarks tab of the Find dia
215. e frame You can increase the decoding speed by decoding only the header fields and disregarding other parts You can select the detail level of decoding using the Set Initial Decoder Parameters window 4 Note By default the decoder decodes only the header fields of the frame 1 Select Set Initial Decoder Parameters from the Options menu on the Control window or the Frame Display window 2 Click on the A2DP tab 3 Choose the desired decoding method AVDTP Securty LacAP RFcomM A2DP use iPx TCP UDP SBC frames decoding Information Decode only the header fields of the SBC frame in detail Decode all the parts the header the scale factors and the audio samples of the SBC frame in detail Figure 3 29 A2DP Decoder Settings 4 Follow steps to save the template changes or to save a new template 5 Click the OK button to apply the selection and exit the Set Initial Decoder Parameters window 3 2 3 AVDTP Decoder Parameters 3 2 3 1 About AVDTP Decoder Parameters Each entry in the Set Initial Decoder Parameters window takes effect from the beginning of the capture onward or until redefined in the Set Subsequent Decoder Parameters window 61 ComProbe Sodera User Manual Chapter 3 Configuration Settings AVDTP Security LACAP RFCOMM A2DP use IPX TcP UDP Initial Connections in eff
216. e of blue represents 15dBm and above while white represents 100 dBm and below Strong Indication on page 81 for more information V Note Too strong of a signal level is detected and noted in the Events Log pane See Signal Too Spectrum data appearing in the Coexistence View Timeline that is not synchronized to a packet may indicate the presence of RF interference Interference has the potential to degrade the Bluetooth signal 83 ComProbe Sodera User Manual Chapter 4 Capturing and Analyzing Data The spectrum can be sampled at 20 50 100 or 200 microseconds The Spectrum option and sample rate is set in the Capture Options of the Options menu Refer to Capture Options dialog on page 31 for information on capture settings Smaller sample rate will cause an increase in memory used However identifying potential sources of interference may require more samples to avoid missing a signal The spectrum data is saved automatically when the capture is saved The saved spectrum data file has the file extension swsd with the same basename as the cfa file and in the same directory See Changing Default File Locations on page 257 for information on default file locations Currently if a user opens a capture file and chooses to save the capture under a different name a new swsd file will not be created this will change in an upcoming release When copying capture files cfa scap etc to a different directory the user must a
217. e ooroo ooroo noona 61 Figure 3 30 AVDTP parameters tab ce ec eee eee cece cece cece eeeeeeceeceeeececceeeees 62 Figure 3 31 Parameters Added to Decoder 20 2 e cece ee eee cece cece cece eeeeceeeeeeeee 62 Figure 3 32 Look in Decoder pane for profile hints 220 2 cece eee eee cece cece ec eeceeeeeeee 63 Figure 3 33 AVDTP Override of Frame Information Item to Carry 65 Figure 3 34 AVDTP Override of Frame Information Media Codec Selection 2 65 Figure 3 35 L2CAP Decoder parameters tab cece cee cece cece eee e eee eeeeeeee 66 Figure 3 36 Parameters Added to Decoder eee ee ccc cece cece ee ceecececceeceeeeeeees 67 Figure 3 37 RFCOMM parameters tab eee cec ee ccce eee cece eee eeeeeeeeeeeeees 68 Figure 3 38 Parameters Added to Decoder cece eee e cece cece cece ecceeeceecececceeceee 69 Figure 3 39 Set Subsequent Decoder Parameters selection list 002222 e eee eee eee eee 71 Figure 3 40 Sodera Wireless Devices pane with CSRmesh device 0 0c eee ee eee cece cece ces 72 Figure 3 41 CSRmesh Bad MAC 0 22 22 0 eee ccc eee cee ee ee ce eee cece cece ec eeeeeeeeeeeeeees 73 Figure 4 1 Devices Equally Spaced in the Same Horizontal Plane 0 2 e eee eee cece ee eeee 76 Figure 4 2 Wideband Capture Devices Equally Spaced in the Same Hor
218. e or paste in the link key o Users can enter the device security information by typing directly on the device fields PIN TK and Link Key An invalid entry will display a red background and a warning Invalid e ACO Authenticated Ciphering Offset is used by the devices for generation of the encryption key in Classic Bluetooth e IV Initialization Vector is displayed for both Bluetooth low energy encryption and Classic Bluetooth Secure Connections AES encryption The slave will use the IV in starting the encrypted communications 3 1 2 4 1 Classic Bluetooth Encryption To decrypt a Classic Bluetooth link there are two options in the Security pane 45 ComProbe Sodera User Manual Chapter 3 Configuration Settings 1 PIN Enter into the PIN TK field legacy pairing only 4 2 Link Key Enter into the Link Key field Passkey PIN Note The only time a PIN can be used is when the datasource has captured Legacy Pairing in the current trace The datasource uses information transferred during the Legacy Pairing process to calculate a Link Key The first option uses a PIN to generate the Link Key If the analyzer is given the PIN and has observed complete pairing it can determine the Link Key Since the analyzer also needs other information exchanged between the two devices the analyzer must catch the entire Pairing Process or else it cannot generate the Link Key and decode the data The PIN TK can be up to a maximum of 16 alph
219. e shown in the most recently displayed tool tip 6 Select the Zoom to Selected Packet Range menu item which zooms to the selected packet range as indicated in the Selected Packets text in the timeline header 7 Select the Custom Zoom menu item This is the zoom level from the most recent drag of a viewport side selection of Zoom to Data Point Packet Range or selection of Zoom to Selected Packet The zoom buttons and tools step through the zoom presets and custom zoom where the custom zoom is logically inserted in value order into the zoom preset list for this purpose 4 4 2 32 Discontinuities A discontinuity is when the timestamp going from one packet to the next either goes backward by any amount or forward by more than 4 01 s this value is used because the largest possible connection interval in Bluetooth low energy is 4 0 s A discontinuity is drawn as a vertical cross hatched area one Bluetooth slot 625 us in width A discontinuity for a timestamp going backward is called a negative discontinuity and is shown in red A discontinuity for a timestamp going forward by more than 4 01 s is called a positive discontinuity and is shown in black A positive discontinuity is a cosmetic nicety to avoid lots of empty space A negative discontinuity is an error Eat aaa aa Pt bi cg a i et pM ARARPBaaAUANmAaaJ p ma _ aqaa T EE mining Packet Koran JATA kiyai A 1 NG A al a TERRI Sa pip LANI Fra paira eh r A Figure 4 73 A
220. e standard print options The output file format is in html and uses the Microsoft Web Browser Control print options for background colors and images see below Print Background Colors Using Internet Explorer 1 Open the Tools menu on the browser menu bar 2 Select Internet Options menu entry 3 Click Advanced tab 4 Check Print background colors and images under the Printing section 5 Click the Apply button then click OK The Event Display Print feature uses the current format of the Event Display as specified by the user See About Event Display for an explanation on formatting the Event Display prior to initiating the print feature Configure the Print File Range in the Event Display Print dialog Selecting more than one event in the Event Display window defaults the radio button in the Event Display Print dialog to Selection and allows the user to choose the All radio button When only one event is selected the All radio button in the Event Display Print dialog is selected 247 ComProbe Sodera User Manual Chapter 6 Saving and Importing Data How to Print Event Display Data to a Browser 1 Select Print or Print Preview from the File menu on the Event Display window to display the Event Display Print dialog Select Print if you just want to print your data to your default printer Select Print Preview if you want preview the print in your browser 2 Select the range of events to include from either All or Select
221. e to other Bluetooth development tools such as Bluetooth stack SDKs Software Development Kits and Bluetooth chip development kits This white paper discusses e Why HCI sniffing and Virtual sniffing are useful e Bluetooth sniffing history e What is Virtual sniffing e Why Virtual sniffing is convenient and reliable e How Virtual sniffing works e Virtual sniffing and Bluetooth stack vendors e Case studies Virtual sniffing and Bluetooth mobile phone makers e Virtual sniffing and you e Where to go for more information B 6 2 Why HCI Sniffing and Virtual Sniffing are Useful Because the Bluetooth protocol stack is very complex a Bluetooth protocol analyzer is an important part of all Bluetooth development environments The typical Bluetooth protocol analyzer taps a Bluetooth link by capturing data over the air For many Bluetooth developers sniffing the link between a Bluetooth Host CPU and a Bluetooth Host Controller also known as HCl sniffing is much more useful than air sniffing HCl sniffing provides direct visibility into the commands being sent to a Bluetooth chip and the responses to those commands With air sniffing a software engineer working on the host side of a Bluetooth chip has to infer and often guess at what their software is doing With HCl sniffing the software engineer can see exactly what is going on HCl sniffing often results in faster and easier debugging than air sniffing 312 ComProbe Sodera User
222. e user that the capture file just opened contains unsupported content Event Log error events include for example telling the user that the capture file is invalid Event Log TIX Description Time O Unable to initialize hardware Capture not started 3 11 2015 82 23 56 361 AM i Recording stopped 3 11 2015 23 56 361 AM i Recording started 3 11 2015 24 15 056 AM AN LAP conflict may cause unexpected results for these devices 1C 41 36 09 8A 45 and xe 6 7 C9 84A 49 1142015 8 24 21 618 AM i Recording stopped 31172015 8 24 26 123 AM Figure 3 22 Sodera Event Log Pane The Event Log pane contains event icons in the first column no heading event descriptions in the second column Description and the time the event occurred in the third column Time A description of each Event Log column is in the following table Table 3 11 Event Log Columns O Information Events related to the normal flow of the capture process e g Start Capture Stop Capture Sodera hardware not found Warning Events that raise concern about the capture process integrity Error Events that compromise the capture process or that may invalidate some of the captured data Descrip Description of the event with additional information related to the Event icon ime The actual time of the event in live capture mode or the recorded time when running a previously captured file The recorded time is based on the clock of the computer running th
223. e versus time on the Wave Panel The amplitude scale is located on the left edge of the Wave Panel The waveform s amplitude can be linear or in decibels The linear range is 1 0 to 1 0 The range for the dB scale is O dB for the maximum positive and maximum negative values and silence is negative infinity A toggle switch at the bottom of the amplitude scale will switch between Linear scale and dB scale Moving the switch to the left will display the Linear scale and moving it to the right will display the dB scale 208 Chapter 4 Capturing and Analyzing Data ComProbe Sodera User Manual Play Cursor The Play Cursor is identified by a white vertical line on the Wave Panel The Play Cursor appears when user clicks on any point in the waveform or if the cursor is already present it can be dragged to another position To drag the Play Cursor hover the mouse cursor over the Play Cursor until the mouse cursor changes to a pointing hand click and drag the cursor to a new position Waveform Segment Selection 03 02 10 159 PM 03 02 10 214 PM M dT 00 00 00 010 Samples Selected 458 Bluetooth Frames 42721 Ce AG a Ba an Gb Figure 4 104 Selection in the Audio Waveform A waveform segment selection is identified by a blue border surrounding the selection Procedures for selecting a segment depend on the desired actions Table 4 32 Segment Selection Procedures Loop play back 1 Zoom in to the waveform segment of in
224. eaf ViewComm 3 0 for DOS requires the byt for data and the tim for timestamps see note on importing DOS timestamps e Frontline Ethertest for DOS requires 3 files filename cap filename caO and filename ca1 e Sniffer Type 1 supports files with the enc extension Does not support Sniffer files with a cap extension e Snoop or Sun Snoop files with a cap extension based on RFC 1761 For file format see http www fags org rfcs rfc1761 html e Shomiti Surveyor files in Snoop format files with a cap extension For file format contact Technical Support e CATC Merlin files with a csv extension Files must be exported with a specific format See File Format for Merlin Files for information e CATC Chief files with a txt extension 6 5 Printing 244 Chapter 6 Saving and Importing Data ComProbe Sodera User Manual 6 5 1 Printing from the Frame Display HTML Export The Frame Display Print dialog and the Frame Display HTML Export are very similar This topic discusses both dialogs Frame Display Print The Frame Display Print feature provides the user with the option to print the capture buffer or the current selection The maximum file size however that can be exported is 1000 frames When Print Preview is selected the output displays in a browser print preview window where the user can select from the standard print options The output file format is in html and uses the Microsoft Web Browser Control
225. ecode tab and enter link key in the Search for String in Decode Check the Ignore Case option Click on Find Next until the Event column shows Link Key Notification KJ Find btsnoop hci log Decode Search For String In Decode Ignore case CO Search For All Errors CO Search For Frame Errors Only CO Search For Information Frames Side Restriction Search without regard to data origin CO Search only these sides Figure 10 Find Dialog In the Frame Display Detail pane expand HCI and HCI Event where the Link Key is shown Copy and paste the Link Key into the appropriate BPA 600 datasource dialog See the example below 287 Appendicies ComProbe Sodera User Manual Frame Display btsnoop_hci log File Edit View Format Filter Bookmarks Options Window Help GAS YY eza DOU LAS kin LA I fan a Controller Len 25 Ho EB COCO bil a BRA HCI Packet Type Event Packet Unfiltered Configured BT low energy devices Errors E HCI HCI UART L2CAP SDP RFCOMM AVDTP AVDTP Signaling Packet from Controller AYDTP Media Hands Free A2DP B HCI Event Event Link Key Notification B Framett Type Opcode Opcode Command Event 2 Total Length 23 TA d Bluetooth Device Address 0x00 1d 43 00 14 d9 243 Event Ox042c User Contirmation Request Re Command Complete LAP Ox00 14 d9 244 Event Simple Pairing Complete UAP Ox43 245 Event Link Key Notification NAP Ox00 1d Event Authenticat
226. ecryption was successful In LE Data we see the Encrypted MIC value The MIC value is used to authenticate the sender of the data packet to ensure that the data was sent by a peer device in the link and not by a third party attacker The actual decrypted data appears between the Payload Length and the MIC in the packet This is shown in the Binary pane below the Summary pane 302 Appendicies ComProbe Sodera User Manual fie tae view Pormat titer Gockmark Gpoons Window hip oe PH TR sel a PaO Li LA SG la ki Pt aaa MoOBseoood OD Sp fp seme u rnd Linfiteied Baokmaki Confqpatesd DT les enep deweces Fillet Ferl Luwa Phebe N i pr E PET LE ADW LE DATA LE LL LICAP SAP ATT CS ti Dio ot atwa onl Ch ih wi iihi Fatal f ee a NA Aone Pa aaa b i 1 a rii Foot Heip Paets F Figure 28 Decrypted Data Example Frame 39 723 Author John Trinkle Publish Date 9 April 2014 Revised 23 May 2014 303 ComProbe Sodera User Manual Appendicies 304 B 5 Bluetooth low energy Security Paris is quiet and the good citizens are content Upon seizing power in 1799 Napoleon sent this message on Claude Chappe s optical telegraph Chappe had invented a means of sending messages line of sight The stations were placed approximately six miles apart and each station had a signaling device made of paddles on the ends of a rotati
227. ect from beginning of capture onward until redefined Piconet DataSource DS No enter O for single DS 0 pd Role Slave X L2CAP channel L2CAP channel is Multiplexed Remote side TSID AVDTP is canying AVDTP Signaling a Add Figure 3 30 AVDTP parameters tab The AVDTP tab requires the following user inputs to complete a parameter e Piconet Data Source DS No When only one data source is employed set this parameter to O zero otherwise set to the desired number of data sources e Role This identifies the role of the device initiating the frame Master or Slave e L2CAP Channel The channel number O through 78 o L2CAP channel is Multiplexed when checked indicates that L2CAP is multiplexed with upper layer protocols e AVDTP is carrying Select the protocol that AVDTP traverses to from the following o AVDTP Signaling o AVDTP Media o AVDTP Reporting o AVDTP Recovery o Raw Data Adding Deleting and Saving AVDTP Parameters 1 From the Set Initial Decoder Parameters window click on the AVDTP tab 2 Set or select the AVDTP decoder parameters 3 Click on the ADD button The Intial Connection window displays the added parameters Initial Connections in effect from of cami onward until inana In the piconet 2 on the Master side with the CAP CID 0000 and with the remote TSID A the AVDTP is camying Reporting packets Modified by user In the piconet 2 on the Master s
228. ed 26 D0 Oc 29 21 ced DO Dc 2985 F3 31 00 14 bF Fb a6 Wwe been seen during this session are listed here Also listed ce address is considered a Tx packet and is shown with a at was set here in the previous session IF that address has OOF 1c Ut ee bo it is shown in parentheses 00 le 65 42 06 65 D0 24 21 38 ae be D0 2 58 42 06 65 00 50 56 84 00 00 00 50 56 84 00 04 00 50 56 84 00 0b 40 01 1061 33 bbice Oc 26 0a 43 b69 40 FOFitaltesiasial FoePOO Zas4 b5 a4 ba db fd 11 a6 Fe 1e dF d5 b2 93 Figure 4 58 802 11 Source Address Drop Down Selector 4 4 2 22 Coexistence View Throughput Radio Buttons Throughput The radio buttons in the Throughput group specify whether to show packet and or payload lines Packet in the Throughput Graph and also whether to show packet or payload throughput in the Payload throughput indicators if the Both radio button is selected packet throughput is shown in the Both throughput indicators 4 4 2 23 Coexistence View Timeline Radio Buttons Timeline The radio buttons in the Timeline group specify timeline visibility The first three buttons specify 5 GHz whether to show one or both timelines while the Auto button shows only timelines which have 2 4GHz had packets at some point during this session If no packets have been received at all and the Both Auto button is selected the 2 4 GHz timeline is shown Auto 4 4 2 24 Coexistence View low
229. ee 284 B 3 Bluetooth Conductive Testing Isolating the Environment eee eee eee eee 290 B 4 Decrypting Encrypted Bluetooth low energy 22 2 cece eee eee eee ce cece eee eee eeeeeeee 295 B 5 Bluetooth low energy Security 0 2 22 ccc ccc cece eee eee eee e cece eee eeeceeceeeeeees 305 B 6 Bluetooth Virtual Sniffing _ 22 22 lel eee ec cece cece ee eee eee eeeeeeeees 312 276 ComProbe Sodera User Manual Appendicies B 1 Audio Expert System aptX hiccup Detected This paper presents a case study in Bluetooth audio debugging that highlights the importance of Frontline s Audio Expert System AES in the process The actual case involves transmission of a high quality stereo audio using the aptX codec from a smartphone to a Bluetooth headset The transmission contained SBC encoded packets despite a successful negotiation of aptX encoding and decoding mechanism between the source and the sink devices Frontline s AES software discovered this transmission error which most likely would not have been easily discovered by using traditional Bluetooth protocol and event analysis Without the Audio Expert System a product may have been shipped that was not performing as expected by the manufacturer B 1 1 Background In Bluetooth technology Audio Video Distribution Transport Protocol AVDTP uses Advanced Audio Distribution Profile A2DP for streaming audio in stereo The A2DP encompasses comp
230. eeceeceeeeeeeee 314 B 6 7 Virtual Sniffing and Bluetooth Stack Vendors cece cee cece ccc cece eececeeceeeees 314 B 6 8 Case Studies Virtual Sniffing and Bluetooth Mobile Phone Makers _ 315 B 6 9 Virtual Sniffing and You _ 2 22 a 315 List of Figures X ComProbe Sodera User Manual Figure 2 1 Sodera Front Panel Controls and Indicators _ AA 6 Figure 2 2 Sodera Rear Panel Connectors eee eee cece eee c eee c eee ccceeececccececeececceeeees 8 Figure 2 3 Antenna Attachment Point _ 2 2 22 eee cece cece cece cece oaao orrara 8 Figure 2 4 Sodera Battery Compartment with Cover Opened cece cece cece cee ceeceeeee 10 Figure 2 5 Sodera Battery Removal Using the Tab eee cece cece cece eeees 10 Figure 2 6 Sodera Battery Connectors bottom side shown 2 eeceeee ccc cccccccccecceeceee 11 Figure 2 7 Sodera Battery Press to Make Contact l coe cece cece cece eee cece cece eeeee 11 Figure 2 8 Sodera Battery Cover Insert Tabs o cece eee cece cece ccc ccc e ccc eeceececeececceeeees 12 Figure 2 9 Desktop Folder Link o cee cece cee cece cece eee e aaoo aaroo ranoo 13 Figure 2 10 Sodera Data Capture Method a 15 Figure 2 11 ComProbe Analyzer Control Window 0 02 22 e eee eee ee eee ee eee eee eee eee 16 Figure 3
231. eeee 298 B 4 7 Decrypting Encrypted Data Using ComProbe BPA 600 low energy Capture 298 B 5 Bluetooth low energy Security 2 22 aa 305 B 5 1 How Encryption Works in Bluetooth low energy e eee eee cece cece cece eeees 306 BoA GN ed AA 306 B 5 3 Pairing Methods __ 2 222 eee ee cece cee cee cee eee eee eee cece cece eee eeeeeeeeeeeeeeee 307 B 5 4 Encrypting the Link aa 308 B 5 5 Encryption Key Generation and Distribution 2 2 0 2 e eee eee eee cee cece eeeee 308 B 5 6 Encrypting The Data Transmission cece eee cee ccc c cece eceeceeeceececceeceeeeee 309 B 5 7 IRK and CSRK Revisited 0 0202 ec eee ee ee ee ee ee ee eee eee 309 B 5 8 Table of Acronyms 22 aaa 310 B 6 Bluetooth Virtual Sniffing 2 2 2 ee cece cece cece eee cece cece eeeeeeeeeeees 312 Bok IEG OCUC HON scooters oe he bce cicgan as nce sider weet ceeeeeee mesa NUNAL LED ASG ONE ANAN E 312 B 6 2 Why HCI Sniffing and Virtual Sniffing are Useful 002222 e eee eee 312 B 6 3 Bluetooth Sniffing History 2 22 ieee cece cece cc eee cece eee eee eee eceeeeeeeeeeees 313 B 6 4 Virtual Sniffing What is it 2 22 eee cece ccc cece cece cece ee eeeeeeeees 313 B 6 5 The Convenience and Reliability of Virtual Sniffing 22 e eee eee eee eee eee ee 314 B 6 6 How Virtual Sniffing Works 22 2 cece ce cece eee cece ccc eee e
232. eeeeeeeeeees 202 Figure 4 98 Wave Panel aa 205 Figure 4 99 Audio Stream Info in the Wave Panel 22 eee eee ec eee cee cece cece eeeeeeeeeee 206 Figure 4 100 SBC Codec Information Pop Up on Cursor Hover Over u A a 206 Figure 4 101 Wave Panel Local Controls _ _ 2 222 2 eee eee cece cece eee e cece eee ooann 207 Figure 4 102 Collapsed Wave Panel 222 2 cee cece cece aaan cece cece cece eceeceeceeceeeceeceees 208 Figure 4 103 Audio Waveform Panel in the Wave Panel 2 cece eee cece eee eceeeeeeeeeee 208 Xvi ComProbe Sodera User Manual Figure 4 104 Selection in the Audio Waveform U 22 2 ee eee aoaaa cece eee cece eee cece oaar 209 Figure 4 105 Actual Bitrate Overlay 20 2 eee cece eee cece eee eee e cece eeceeceeeeeeceees 210 Figure 4 106 Average Bitrate Overlay ieee ee ce cee cee eee cece cece cece eeeeeeeees 210 Figure 4 107 Event Timeline Shown with Wave Panel _ 2 20 e cece eee e cece ccc ccecceceeceeees 210 Figure 4 108 Example Event Table Selection Shown in Event Timeline 211 Figure 4 109 Event Timeline Selected Event Pop Up ieee eee eee eee cece ee eeeeees 212 Figure 4 110 Event Table _ 2 222 aoaaa aoaaa anaana aoaaa aaao cece cc ec eee e eee eee cece eeeeeeeeeeeeees 212 Figure 4 111 Export Audio Data dialog xc once wien oat avers ecu co dedet
233. eeeeeeeees 117 4 4 1 11 4 Decode Pane __ _ 0 20 ee ee ee eee 117 4 4 1 11 5 Radix or Hexadecimal Pane 2 0 0 ee ce ee ee eee eens 118 4 4 1 11 6 Character Pane U eee eee eee eee eee 118 AA LIL BING VP ANG osec casos tees NANA ten cebeenacceacdceteeetaesedaneseeeeneaceacts 119 AAAS Event PONG foun cna cetacecedctectathuteoatdasegeaduesiadetthotatvathiebenvesseceuns heid 119 4 4 1 11 9 Change Text Highlight Color 2 00 22 l lec cece eee eee e cece eeceeeeeeees 119 4 4 1 12 Protocol Layer Colors 0 20 22 lee cece cece cece eee cece cece ee eeeeeceeceeeeees 120 4 4 1 12 1 Data Byte Color Notation 2 22 eee e ee eee eee e cece ee eeeeceeceeees 120 4 4 1 12 2 Changing Protocol Layer Colors 0 22 22 elec cece cece ccc cece cee ceeceees 120 4 4 1 13 Filtering 2 2 a 120 4 4 1 13 1 Display Filters aaa dccrecepncinin ce ees AB NG ANGAT LAGA neces cedadsoaenerdddmoeeeenaee 121 4 4 1 13 1 5 Defining Node and Conversation Filters 4 4 1 13 1 6 The Difference Between Deleting and Hiding Display Filters ComProbe Sodera User Manual 4 4 1 13 1 7 Editing Filters 4 4 1 13 2 Connection Filtering 22 a 130 4 4 1 13 2 1 Creating a Connection Filter 4 4 1 13 2 2 Connection Filter Display 4 4 1 13 3 Protocol Filtering from the Frame Display 22 eee eee eee eee cece eee 135 4 4 1 13 3 1 Quick Filtering on a Protocol Layer 4 4 1 13 3 2 Easy Protocol Filteri
234. egin blinking red the Sodera hardware is approaching thermal overload temperature between 50 C and 60 C 122 F and 140 F and should be shut down When the hardware reaches thermal overload it will automatically shut down and the Power indicator will be a constant red 2 1 5 Battery Power ComProbe Sodera has an internal battery power option that allows the user to extend the range of the analyzer to include locations without easy access to external power sources The battery installation is not necessary to operate Sodera with an external AC or DC power source The battery is an intelligent lithium rechargeable battery ComProbe Sodera hardware will operate solely on battery power for at least one hour The battery is charged with an external charging unit or can be charged when installed provided Sodera is connected to an external power source 2 1 5 1 Battery Install Turn off power and disconnect the external power source ComProbe Sodera User Manual Chapter 2 Getting Started Figure 2 4 Sodera Battery Compartment with Cover Opened To change or install a battery start by opening the battery compartment by turning the fastener counterclockwise The cover is held in place by two tabs on the side opposite the fastener Slide the cover towards the rear connector panel Figure 2 5 Sodera Battery Removal Using the Tab If changing the battery remove the battery from the compartment by lifting on the tab attached to the batte
235. el spreadsheet 6 6 2 1 Export Filter Out You can filter out data you don t want or need in your text file This option is available only for serial data In the Filter Out box choose which side to filter out the DTE data the DCE data or neither side don t filter any data For example if you choose the radio button for DTE data the DTE data would be filtered out of your export file and the file would contain only the DCE data You can also filter out Special Events which is everything that is not a data byte such as control signal changes and Set I O events Non printable characters or both If you choose to filter out Special Events your export file would contain only the data bytes Filtering out the non printable characters means that your export file would contain only special events and data bytes classified as printable In ASCII printable characters are those with hex values between 20 and S7e 6 6 2 2 Exporting Baudot When exporting Baudot you need to be able to determine the state of the shift character In a text export the state of the shift bit can be determined by the data in the Character field When letters is active the character field shows letters and vice versa 2291 ComProbe Sodera User Manual Chapter 6 Saving and Importing Data 252 Chapter 7 General Information 7 1 System Settings and Progam Options 7 1 1 System Settings Open the System Settings window by choosing System Settings f
236. eless Devices pane with CSRmesh device CSRmesh bridge address usually has a Friendly Name of CSRmesh Many phone stacks ignore repeated adverts from the same BD ADDR To ensure reception In CSRmesh BD_ ADDR changes after every transmission The new BD ADDR used is random and a Non Resolvable Private Address A live capture cannot decode CSRmesh information contained in the random BD ADDR However they can be reanalyzed by selecting the CSRmesh device for analysis by checking the check box and clicking on the Analyze button CSRmesh over GATT ATT maintains a database which maps handles 8 UUIDs When there is a connection request the mappings will be loaded to the initiator and or advertiser sides of the database Phones can bypass pairing process for pre paired devices In this case handle UUID can be mapped by brute force using ATT Handle UUID PreLoad ini file This file is to be placed in the root of My Decoders Folder For additional information refer to Bluetooth low energy ATT Decoder Handle Mapping on page 268 72 Chapter 3 Configuration Settings ComProbe Sodera User Manual Troubleshooting Tips CSRmesh a Incorrect Passphrase e When the passphrase entered in MeshOptions ini is incorrect most of the Mesh Transport Protocol frames will contain Mesh Protocol Detected Error e The term Most is used because it excludes Mesh Association Protocol MASP packets MASP packets use a constant Passphrase
237. ence of the value in the Frame Display Find Find Next Occurrence Moves to the next occurrence of the value in the Frame Display Find 106 Chapter 4 Capturing and Analyzing Data ComProbe Sodera User Manual Table 4 5 Frame Display Toolbar Icons continued ee eee U Cancel Current Search Stops the current Frame Display Find Summary Drop Down Box Lists all the protocols found in the data in the file This box does not list all the protocol decoders available to the analyzer merely the protocols found in the data Selecting a protocol from the list changes the Summary pane to display summary information for that protocol When a low energy predefined Named Filter like Nulls and Polls is selected the Summary drop down is disabled Summary Non Captured Info hi Text with Protocol Stack To the right of the Summary Layer box is some text giving the protocol stack currently in use Summary Non Captured Info Baseband with Auto traverse in the buffer is the sorted order Therefore the last frame in the buffer may not have the last frame Vi Note If the frames are sorted in other than ascending frame number order the order of the frames number 4 4 1 2 Frame Display Status Bar The Frame Display Status bar appears at the bottom of the Frame Display It contains the following information e Frame s Selected Displays the frame number or numbers of selected highlighted frames and
238. end is the timeline duration and the zoom controls The current duration of the visible timeline is shown in minutes m or seconds s The and controls will zoom in and zoom C out the timeline respectively To show less of the timeline more detail click on the and to show more of the timeline less detail click on the 3 1 2 4 Security Pane The Security pane is where the ComProbe software identifies devices with captured traffic F that contain pairing authentication or encrypted data The pane will show fields for entering keys and will show if the keys are valid or invalid Successful decryption of captured data requires datasource receipt of all the critical packets and either e be given the link key by the user or e observe the pairing process and determine the link key See Critical Packets and Information for Decryption on page 84 for a description of the critical packets The Security pane will identify the type of key required for decryption Security wx Status Time Master Slave PIN TK Link Key ACO IV D G 3 11 2015 4 29 04 872629 PM 5C F3 70 62 A9 BB 5C F3 70 62 B2 E7 Just Works 0k7c9757514e377728429996c6d2544857 n a Ox9ba 13fd31cc2c3 3 11 2015 4 29 06 188899 PM Valid D G 3 11 2015 4 29 06 676407 PM 5C F3 70 62 A9 BB 5C F3 70 62 B2 E7 Just Works 0x 1031dd60158669128468e 1 14a2440d734 n a 0x99283861b5b21 3 11 2015 4 29 07 505399 PM Valid G 3 11 2015 4 29 07 602671 PM 5C F3 70 62 A9 BB 5C F3 7
239. ening all the drop down menus 132 Chapter 4 Capturing and Analyzing Data ComProbe Sodera User Manual Bz Frame ASCII Hex Fram Delta Timestamp 4 13 2015 10 55 This is the Summary Pane Copy Selection to Clipboard Save Selection Go To v Show Frame Size Column Show Timestamp Column Show Delta Column Add New Column Help Remove New Column Change Column Order Help Restore Default Columns m Add Bookmark Export T TA Connection Filter k Classic a All Connection Filter Link 4 Bluetooth low energy Link Provide L2CAP Rules Set Subsequent Decoder Parameters Show Hidden Panes f Figure 4 34 Connection Filter from frame selection right click Creating from any Frame Display window A Connection Filter can be created from any open Frame Display window and the filtering will always be applied to the original captured data set 4 4 1 13 2 2 Connection Filter Display Once you have selected which connections to filter in another Frame Display will open The original Frame Display will remain open and can be minimized Note The system currently limits the number of frame displays to 5 This limit includes any Frame Displays opened using Duplicate View dg from the Toolbar see Working with Multiple Frame Displays on page 111 The new Frame Display with the filtered connection frames will only contain the data defined b
240. ens the Set Subsequent Decoder Parameters dialog Decoder where the user can override an existing parameter at any Parameters frame in the capture Each entry takes effect from the specified frame onward or until redefined in this dialog on a later frame This selection is not present if no decoder is loaded that supports this feature When checked this selection opens a dialog that asking for missing frame information When unchecked the analyzer decodes each frame until it cannot go further and it stops decoding This selection is not present if no decoder is loaded that supports this feature Automatically Request Missing Decoder Information Enable Disable Audio Expert When enabled the Audio Expert System is active other wise it is not available Only available when an Audio Expert System licensed device is connected System The Windows menu selection applies only to the Control window and open analysis windows Frame Display Event Display Message Sequence Chart Bluetooth Timeline Bluetooth low energy Timeline and Coexistence View All other windows such as the datasource are not affected by these selections 22 Chapter 2 Getting Started ComProbe Sodera User Manual Table 2 8 Control Window Windows Menu Selections Ctrl W Arranges open analysis windows in a cascaded view with window captions visible Live amp Cascade Capture ele Close All Views Closes Open analysis windows Minimize Co
241. ensure that the testing environment is as clutter free as possible e Line of sight obstructions should be eliminated between the ComProbe hardware and the DUTs because they cause a reduction in signal strength Obstructions include but are not limited to water bottles coffee cups computers computer screens computer speakers and books A clear unobstructed line of sight is preferred for DUT and ComProbe hardware positioning e If using an analyzer connected to a computer position the computer on an adjacent table or surface away from the analyzer and DUTs taking advantage of the cables length If this is not possible position the computer behind the analyzer as far away as possible If using the ComProbe FTS4BT which is a dongle either use an extension USB cable or position the computer such that the dongle is positioned towards the DUTs e The preferred placement is positioning the DUTs and the ComProbe hardware at the points of an equilateral triangle in the same horizontal plane i e placed on the same table or work surface The sides of the triangle should be between 1 and 2 meters for Bluetooth transmitter classes 1 and 2 The distance for transmitter class 3 should be 1 2 meter Figure 4 1 Devices Equally Spaced in the Same Horizontal Plane Finally eliminate other RF sources e Wi Fi interference should be minimized or eliminated Bluetooth shares the same 2 4 GHz frequency bands as Wi Fi technology Wi Fi interferen
242. ent Symbols 2 22 eee cece eee eee eee e ee eeees 99 AA 100 4 4 Analyzing Protocol Decodes _ 2 222 eee eee cece ce cee eee cece eee cece cence eeeeeeeeeeeeeeee 101 4 4 1 Frame Display Window 22 a 101 4 4 1 1 Frame Display Toolbar 2am pA mba kA nyaha baka DOK ANA NAA Aha NYA aah E BAGKOS 104 4 4 1 2 Frame Display Status Bar a 107 4 4 1 3 Hiding and Revealing Protocol Layers in the Frame Display 107 4 4 1 4 Physical vs Logical Byte Display le cece ccc cee eee cece cece ee ceeeeeeeeees 108 4 NG Ba BG o WATA AGA AP 108 4 4 1 6 Frame Display Find eee ccc cee cee cee cece cece cece eee eeceeceeceeeeeees 108 4 4 1 7 Synchronizing the Event and Frame Displays 222 eee eee eee eee eee eeeeees 110 4 4 1 8 Working with Multiple Frame Displays _ 2 20 22 e ee eee cee cee eee eee e cece eeeeeeeeee 111 4 4 1 9 Working with Panes on Frame Display eee eee eee cee cece cece eee eeceeeeeeee 111 4 4 1 10 Frame Display Byte Export _ 22 22 lee a 111 3A 1 11 Panes in the Frame Display wececesccunds Kana LALAKE DALE RAAT KIS bureuGectesewadeetessocwecaeeseda 113 Adee SUM NIGUY PING 5c 95 0uc cswntec eorme neeeeacaenGueaqesias AA 113 4 4 1 11 2 Customizing Fields in the Summary Pane 20 20 cece cee ee eee cece ee eeeee 116 4 4 1 11 3 Frame Symbols in the Summary Pane 2c cece cece cece ccc ece
243. eously display Classic Bluetooth Bluetooth low energy and 802 11 packets and thourghput Bluetooth low energy E Opens the Bluetooth low energy Timeline window for Coexistence View Timeline analyzing protocol level data in a packet chronological format and in packet throughput graph Extract Data Audio Opens the Data Audio Extraction dialog for pulling data from decoded Bluetooth protocols protocols Bluetooth low energy Opens the Bluetooth low energy PER Stats window to Packet Error Rate show a dynamic graphical representation of the error rate Statistics for each low energy channel Classic Bluetooth Opens the Classic Bluetooth PER Stats window to show a Packet Error Rate dynamic graphical representation of the error rate for each Statistics channel Bluetooth Protocol Opens the Bluetooth Protocol Expert System window to Expert assist in the analysis of Bluetooth protocol issues Audio Expert System Opens the Audio Expert System window for the purpose of detecting and reporting audio impairments Table 2 6 Control Window Edit Menu Selections Capture Ctrl Opens the Notes window that allows the user to add File Shift O comments to a capture file 20 Chapter 2 Getting Started ComProbe Sodera User Manual Control Window Live Menu Selections Start Analyze Data is being decoded from selected wireless devices Performs the same function as setting the Sodera datasource Capture Toolbar Analyze Analyzing bu
244. equent Decoder Parameters Automatically Request Missing Decoding Information Figure 3 27 Set Subsequent Decoder Parameters from Control window HOES CeCOO oe B Unfiltered Info Configured BT low energy devices Errors l Baseband LHF PreConnection FH5 Bluetooth FHS L2CAP SDP UELLE B Frame Role Addr OLCI Channel Frame Type PYF Bit Cmd CmdType 50 Masher 1 0x00 0 SABM 1 Ng Al Slave 1 O00 0 LA 1 B Master 1 0x00 o UIH o Com Param Neg Ba Slave 1 0x00 a UIH O Res Param Neg Set Subsequent Decoder Parameters 52 RFCOMM Rules in effect from frame 52 onward until redefined here for a later frame On the Slave side with Server Channel 13 RFCOMM is carying Hands Free Ovemdden by user Change the Selected ltem to Cary Hands Free m Remove All Figure 3 28 Example Set Subsequent Decode for Frame 52 RFCOMM e Each entry in the Set Subsequent Decoder Parameters dialog takes effect from the specified frame onward or until redefined in this dialog on a later frame e The Remove Override button will remove the selected decode parameter override e The Remove All button will remove all decoder overrides If you do not have decoders loaded that require parameters the menu item does not appear and you don t need to worry about this feature 3 2 1 Decoder Parameter Templates 3 2 1 1 Select and Apply a Decoder Template 1 Select Set Initial Decoder Parameters from the O
245. er each byte belongs o to The colors correspond to the layers listed in the Decode E Octal pane The Event Radix Binary Character and Decode panes are all synchronized with one another Clicking on an element in any one of the panes highlights the corresponding element in all the other panes 4 4 1 11 6 Character Pane The Character pane represents the logical bytes in the frame zr La t5 5 5 NE ni in ASCII EBCDIC or Baudot The character set can be A Thi i the Chander Pane changed from the Format menu or by right clicking on the E pane and choosing the appropriate character set c Copy Selection to Clipboard Because the Character pane displays the logical bytes rather E Select Entire Frame than the physical bytes the data in the Character pane may Change Text Highlight Color be different from that in the Event pane See Physical vs memo bo Logical Byte Display for more information ASCI 7 bit ASCI Colors are used to show which protocol layer each byte belongs to The colors correspond to the layers listed in the EBCDIC Decode pane Baudot The Event Radix Binary Character and Decode panes are all synchronized with one another Clicking on an element in any one of the panes highlights the corresponding element in all the other panes 118 Chapter 4 Capturing and Analyzing Data ComProbe Sodera User Manual 4 4 1 11 7 Binary Pane The Binary pane displays the logical bytes in the frame in binary
246. er in the text box then press Enter and the dialog will display the data for that page Page navigation If the data requires multiple pages the navigation buttons will take you to e The first page e The previous page e The next page e Thelast page x Close Print Preview Closes the dialog and returns to the Message Sequence Chart Select Font Size Allows selection of the print font size from the drop down control 4 5 Bluetooth Audio Expert System i The Bluetooth Audio Expert System monitors and analyzes Bluetooth audio streams with the purpose of detecting and reporting audio impairments The primary goal of the Audio Expert System is to expedite the detection and Audio Expert System resolution of Bluetooth protocol related audio impairments To achieve this the system automatically identifies audio impairments and reports them to a 181 ComProbe Sodera User Manual Chapter 4 Capturing and Analyzing Data user as events It also correlates the audio events with any detected codec or Bluetooth protocol anomalies events The system allows a user to view the audio waveform audio events codec events and Bluetooth protocol events on a time aligned display An Audio Expert System event identifies to the user information warnings and errors Event categories are shown in the following table Table 4 17 Audio Expert System General Events Protocol violations Best practice violations Events Reported eal
247. erage frequency the frequency measurement state machine will reset and begin re measuring Typically the outcome is the discovery of the next scripted expected frequency However another outcome can be that the same frequency as the previous average frequency is rediscovered and this is reported as an Unexpected Phase Change event Such phase changes are an indicator of losses of signal that do not result in amplitude dropouts or signal substitution repetition of previous audio energy due to things such as packet loss concealment tactics 1The amount that a measured duration must deviate from the programmed duration of a tone segment before the system declares this event varies depending on the negotiated over the air audio stream specific parameters but it is generally in the range of 5 to 10 Note that this event will result in an attempt to resynchronize if the measured duration is greater than expected The system calculates amplitude fluctuations as Max Level Min Level Max Level Min Level 100 199 ComProbe Sodera User Manual Chapter 4 Capturing and Analyzing Data Table 4 25 Event Type Audio continued Excess Noise CVSD HF Level Too High End of Test Event Clipping The Excess Noise event is reported when energy sufficiently above the Silence Threshold is detected during programmed segments of silence Excess noise can indicate a poor analog audio chain with an inh
248. erently poor noise floor glitches occurring during silence intervals or codecs that do not transition to silence instantaneously Reports the detection of suspected distortion that occurs when the amplitude of a signal exceeds a digital systems ability to represent it accurately Clipping is a type of amplitude distortion The system reports a Clipping event when consecutive samples at the maximum value that can be represented by the digital system have been detected Note that the maximum value that can be represented is different depending on the number of bits per sample i e bits of resolution of the audio stream The system limits the number of reported Clipping events to typically 10 to 20 per sec Reported when a CVSD encoded audio stream is detected and there is high frequency energy above 4 kHz that is greater than 20 dBFS Reported to indicate that the system has completed processing a test script for a Reference Audio file and that the system has exited Reference Mode This event is generated when the elapsed time from the start of test is equal to or greater than the scripted duration of a test It is reached when the number of samples processed equals the number of samples associated with the test duration The number of consecutive samples needed to qualify as a clipping event depends on both sample rate and number of bits per sample Table 1 specifies the number of consecutive samples at the maximum value level that w
249. error messages The Status Bar will show a running total of captured packets Note Starting a new capture session will clear all unsaved data from both the Sodera hardware H and the ComProbe software If it has not been saved then a pop up warning message will appear 4 1 2 2 Selecting Devices for Analysis Once a ComProbe Sodera session starts by clicking on Record on the Capture Toolbar data from all active devices within range is being captured To analyze the data using the ComProbe software you select specific devices of interest to include in the analysis 79 ComProbe Sodera User Manual Wireless Devices OF OX s3 s3 TOOODODOOLOBES i BD_ADDR 00 23 01 31 29 3A 38 48 4C DA FF 05 B01 34 95 E5 83 2A 00 00 FD 29 6D 19 00 13 04 83 D BE 00 1A 0E D5 D1 9 00 16 61 08 CC 2B 00 24 1C BE 18 A8 10 26 B4 50 3B 71 10 58 76 A4 43 61 00 61 71 BA BF B7 00 EE BD D8 1E CO CLE ee ee ee a Friendly Name BeatsPill Matt s iPhone Matt s iPad Samsung 5BH700 Motorola Roadst MiiBox mini 01 01 0359 iskupniewitz tL Device Class Audio Video Phone Computer Audio Video Audio Video Audio Video Audio Video Audio Video Audio Video Audio Video Phone Phone nL Chapter 4 Capturing and Analyzing Data Technology BR EDR smart Ready LE amp BR EDR Smart Ready LE amp BR EDR BR EDR BR EDR BR EDR BR EDR BR EDR BR EDR BR EDR Smart Ready LE amp BR EDR
250. erties Path losses from partitions are difficult to estimate Estimating indoor propagation loss 1 One estimate of indoor path loss based on path loss data from a typical building provides a range power rule At 2 4 GHz the following relationship provides an approximate estimate of indoor path loss Indoor Path Loss in dB 40 35Log iolrange in meters This approximation is expected to have a variance of 13 dB Mitigating path loss and interference Bluetooth device design contributes to mitigating environmental effects on propagation through spread spectrum radio design for example However careful planning of the testing environment can also contribute to reliable data capture process i ComProbe Sodera User Manual Chapter 4 Capturing and Analyzing Data The first step to ensuring reliable air sniffing data capture is to understand the RF characteristics of the Devices Under Test DUTs The Bluetooth Class antenna types and radiation patterns are all important factors that can affect the placement of the DUTs and the ComProbe analyzer Radiation patterns are rarely spherical so understanding your device s radiation patterns can greatly enhance successful data capture Position devices to avoid radiation attenuation by the surroundings This step is optional Consider conductive testing to establish a baseline capture Conductive testing isolates the DUTs and analyzer from environmental effects The next step is to
251. es The Pairing Request message is transmitted from the initiator containing the IO capabilities authentication data availability authentication requirements key size requirements and other data A Pairing Response message is transmitted from the responder and contains much of the same information as the initiators Pairing Request message thus confirming that a pairing is successfully negotiated In the sample SMP decode in the figure at the right note T SMP the keys identified Creating a shared secret key is an Code Pairing Request luti that j lint di lO Capabilities ReyboardDisplay evolutionary Process that Involves Several intermediary DDE data flag OOB Authentication data not present keys The resulting keys include AuthReg Bonding Flags Bonding MITH MITH Protection Yes 1 IRK 128 bit key used to generate and resolve SG in GAN a lols random address Initiator Key Distnbution Enckey Initiator shall distribute LTE followed by EDIY and Rand 2 CSRK 128 bit key used to sign data and ve rify ldKey Initiator shall distribute IAK followed by its address PRE Sigri Initiator shall distribute LOA signatures on the receiving device S Responder Key Distribution Enckey Responder shall distribute LTE followed by EDIY and Rand 3 LTK 128 bit key used to generate the session key for Idkey Responder shall distribute IRE followed by its address Sign Responder shall distribute CSAK an encrypted connection
252. es B 4 7 2 2 Link Layer The Link Layer LL protocol manages the Bluetooth low energy radio transmissions and is involved in starting link encryption To observe the decoded LL commands click on the Frame Display LE LL tab search for and select ControlPkt LL ENC REQ This command should originate with Side 1 the initiator of the encryption link In Figure 11 Frame 39 617 is selected in the Summary pane and we see the decoded LE LL frame is display in the Decoder pane Shown in this frame packet is the SKDm that is the Master Session Key Diversifier SKDmaster In Frame 39 623 you will find SKDslave that is combined with SKDmaster to create the Session Key SK Both SDKs were created using the LTK Frame 39 635 through 39 649 in the LE LL tab completes starting of the encryption process After the slave sends LL START ENC RSP Frame 36 649 the Bluetooth devices can exchange encrypted data and the ComProbe sniffing device can also receive and decrypt the encrypted data because the appropriate key is provided in the BPA 600 Datasource window LE 36025 kalJakbdd MEESE 1 LL CHANNEL MAP REG Corkin Pkt LL ENC REQ 3 418 Chea Said Chills 1 LL CHANNEL MAP REG Random vector Pandi 000000000000000 39817 bal Jathdd WHS 1 LL ENC REQ Encopbed diwersiher EDM 0000 39 623 Chal Saad HSI 2 LL_ENC_ASP Master section key identifier SKOmp ics 3c3dda Hettdb 39 635 hal T5 Ebdd ey 2 LL 5TAAT ENC REQ Masher mibakgahon vectce Wim bed 4dc dd 191
253. es and save the capture or select No and close the dialog In either case the existing capture file is cleared and a new capture file is started o Ifyou choose Cancel the dialog closes with no changes 4 1 3 Extended Inquiry Response Extended Inquiry Response EIR is a tab that appears automatically on the Frame Display window when you capture data france Display Fi ET Ak 5 PI zi a EO sag Nama Ue Tho Opare maa 1p egio an PO VE SEB DAD LS me m makasama SOD AsS C000 he Wolitered Hanaband bayad aaa kumana Fiaip 47 fatten Lara T 00201111 21211112 00000001 10111005 11100110 Hassband MG1011101 11010011 0010011 Kate ingay Pagi EC O1101000 01101111 Er 101110 01100101 00000111 A OOG0GO12 00010191 60010001 00011111 000106001 QO0O0006 SEGA Phone LAMAN 6 eats ne eee SEER RE RRR GANAN ANA YAAN PS WV WIV HV i Ka iasa 4 NN Wah Hah i ans wee Me Pa Li Py ut a ey a a S 4 wu DE NGPA PP PP BA a pi Ge Mea iced SEE S Figure 4 8 Frame Display Extended Inquire Response 87 ComProbe Sodera User Manual Chapter 4 Capturing and Analyzing Data EIR displays extensive information about the Bluetooth devices that are discovered as data is being captured EIR provides more information during the inquiry procedure to allow better filtering of devices before connection and sniff subrating which reduces the power co
254. es are Bluetooth slot markers 22 22 eee eee eee eee eee e cece eres 166 XV ComProbe Sodera User Manual Figure 4 73 A negative discontinuity _ 2 22 22 eee cee eee cee cece eee eee e ee eeeeeee 167 Figure 4 74 A positive discontinuity 22 lee cece cee ec cece ce eee ccc eee eee eeceeceeeeeeceees 168 Figure 4 75 Timeline header with discontinuity 22 oe ee eee cece cece eee e cece eeeeeees 168 Figure 4 76 Timeline duration footer with discontinuity 2 22 cece eee cee cece cee ceeceeees 168 Figure 4 77 High speed Bluetooth packets have a blue frequency box and a two tone tool tip 169 Figure 4 78 Missing Channel Numbers Message in Timelines eee eceeceeceeeeeees 169 Figure 4 79 Coexistence View Timeline with Packets and Spectrum Heat Map Sodera only 172 Figure 4 80 Coexistence View Timeline with Packet Outlines Packet Selection Boxes and Spectrum Heat Map Sodera only 2 cece a 172 Figure 4 81 Message Sequence Chart Window 22 22 eee ee eee eee eee cece cece ee ceeeeeeeeees 173 Figure 4 82 Classic and LE tabs eee cc cece cece cece cee eee e cee e ee eeeeceeceeceeeeeees 174 Figure 4 83 Frame and Time Display inside red box eee eee eee cece eee eee eeeeees 175 Figure 4 84 MSC Synchronization with Frame Display 22 e eee eee e cece cece ee
255. etween big endian and little endian format The public key will be updated to reflect the changes made to the private key rem gt Enabled when a private key in the pane is selected When clicked the selected key row md Ke is removed from the pane 50 Chapter 3 Configuration Settings ComProbe Sodera User Manual EEEFEEEE Right clicking on a selected Private Key entry in the pane or right clicking Add Private K anywhere in the pane will open a Private Key Management tools menu The Edit Private Key a menu selections perform the same functions as the Private Key Management Reverse Private Key tools Remove Private Key Private Key Entry dialog The Private Key Entry dialog opens when the user selects Add Private Key from the Private Keys Management Tools or from the right click menu Private Key Entry Key Type f P256 Secure Connection P192 Legacy Connection Private Key Ki joxrbr3 3Tad cc39 8df5 br2b debS 2b6c 26128 7cec3 eeb7 237d d79c Bf7c 6del 690d a4ad Y lox2ddd b3fo b842 2ea6 eaab 3a27 57e6 Obed Sd4f c855 f838 e4bS 6b9e 879c 951b a635 Figure 3 21 Private Key Entry Dialog Table 3 10 Private Key Entry Dialog Fields Paa ty Deecretob OO P256 Make this selection if using Secure Connection pairing Secure Connection P192 Make this selection if using Legacy pairing Legacy Connection Enter the Private Key in hex The size of
256. frontline Debug Communications Faster COMPROBE WIDEBAND BLUETOOTH PROTOCOL ANALYZER ComProbe User Manual Audio Expert System Revision Date 12 16 2015 ComProbe Sodera User Manual Copyright 2000 2015 Frontline Test Equipment Inc Frontline Frontline Test System ComProbe Protocol Analysis System and ComProbe are registered trademarks of Frontline Test Equipment Inc e Sodera The Bluetooth SIG Inc owns the Bluetooth word mark and logos and any use of such marks by Frontline is under license All other trademarks and registered trademarks are property of their respective owners ComProbe Sodera User Manual Contents Chapter 1 ComProbe Hardware amp Software 1 1 1 WV ele IS manual ose eee tee scene eee oa eee nase ee neneeu sees EEEE ENNE EE rAr eiS r TENER 2 1 2 Computer Minimum System Requirements 22 eee eee eee eee cee cece eee oanrin 2 1 3 SOLUWare instalat ad a saa AA aaa A AE SE 2 a LEAD a ee ee ee 2 1 3 2 From Download La a adan mana aa kas aata ennd GLENDA DANT NING ENE SUTT ocskeniahapoesmesaceeesesaws 3 Chapter 2 Getting Started 5 21 SOU ia HardWare verre ett eer emdyes ates oe bc admesenti AA es 5 2 1 1 Front Panel Controls eee ee ce ee ee ee ee cece cece e cece 22nn 5 24 2 Rear Pane COMMS COS ei ee E ee 7 2 1 3 Attach Antenna aa aka baa codes cceuaecsabeeveesucw san duweeebcanesedbuges eesebalbecneeGeeaedeseseseaxs 8 ZAPU ADI POW CF ecco ceca sce ceasnt
257. ge the line on which the first selected byte appears Selectlion0ffset 2 1 Open fts ini located in the C User Public Public Documents Frontline Test Equipment 2 Go to the CVEventDisplay section 3 Change the value for SelectionOffset 4 If you want the selection to land on the top line of the display change the SelectionOffset to O zero 236 Chapter 5 Navigating and Searching the Data ComProbe Sodera User Manual 5 1 10 Subtleties of Timestamp Searching Timestamping can be turned on and off while data is being captured As a result the capture buffer may have some data with a timestamp and some data without When doing a search by timestamp the analyzer ignores all data without a timestamp Note The raw timestamp value is the number of 100 nanosecond intervals since the beginning of H January 1 1601 This is standard Windows time 5 2 Bookmarks Bookmarks are electronic sticky notes that you attach to frames of interest so they can be easily found later In Frame Display bookmarked frames appear with a magenta triangle icon next to them B Frame Command Emo Code FID PIDs FIC Source TID LID Fra Deka Timestane Pa 1 Ed 12 6 2010 11 25 Z 165 DOO 127672010 11 25 b E3 124 00 00 00 2 LAND 11 25 a Ed OOOeO01 12620 11 25 Figure 5 12 Bookmarked Frame 3 in the Frame Display 00 00 00 o0 g Inthe Event Display bookmarks appear as a dashed line around the start of frame 21 M
258. genta triangle indicates that a bookmark is associated with this frame Any comments associated with the bookmark appear in the column next to the bookmark symbol 4 4 1 11 4 Decode Pane The Decode pane aka detail pane is a post process display that provides a detailed decode of each frame im transaction sometimes referred to as a frame The decode is presented in a layered format that can be expanded and collapsed depending on which layer or layers you are most interested in Click on the plus sign to expand a layer The plus sign changes to a minus sign Click on the minus sign to collapse a layer Select Show All or Show Layers from the Format menu to expand or collapse all the layers Layers retain their expanded or collapsed state between frames 1 nf Expand All Nodes Protocol layers can be hidden preventing them from being i displayed on the Decode pane Right click on any protocol layer Hide L2CAP Layer In All Frames and choose Hide protocol name from the right click menu Provide AVDTP Rules In a USB transaction all messages that comprise the transaction are shown together in the detail pane The color coding that is 11 ComProbe Sodera User Manual Chapter 4 Capturing and Analyzing Data applied to layers when the detail pane displays a single message is applied to both layers and messages when the detail pane displays a transaction To keep the distinction between layers and messages clear each header of ea
259. ghput Graph and View Port The largest value in each technology in the Zoomed Throughput Graph is snapped to the top of the graph This makes the graph easier to read by using all of the available space but because the y axis scales can change it can make it difficult to compare different time ranges or durations Clicking the Freeze Y button freezes the y axis scales and makes it possible to compare all time ranges and durations the name of the button changes to Unfreeze Y and a Y Scales Frozen indicator appears to the right of the title Clicking the Unfreeze Y Unfteeze t button unfreezes the y axis scales Interval l l p Hide Zoom Freeze Y 16 930 100 ms point fili ty Hri AN OE i t NA PANA ANG US UU APES Figure 4 55 Zoomed Throughput Graph Largest Value Snaps to Top AYA 155 ComProbe Sodera User Manual Chapter 4 Capturing and Analyzing Data Hide Zoom Untreeze Y E O mo mang N E o oO nG LIL Hal ma ll dig fat BANA ani Hi al Relat LUH Figure 4 56 Zoomed Throughput Graph Freeze Y keeps the y axis constant Interval Menu The Interval drop down menu is used to set the duration of each data point in the Zoomed Throughput graph The default setting is Auto that sets the data point interval automatically depending on the zoom level The other menu selections provide the ability to select a fixed data point interval Selecting from a larger to a smaller interval
260. gnal 5 Master 16 00 5 3 2011 1 47 26 974303 i Signaling Identifier AYDTP_DISCOVER 99 Signal 5 Slave 29 00 5 3 2011 1 47 27 389922 4 ACP Stream Endpoint ID 1 T01 Signal 5 Master 2 00 5 3 2011 1 47 27 41304 In use No 103 Signal 5 Slave 15 00 54342011 1 47 27 601168 Media Type Audio 104 Signal 5 Master 16 00 54342011 1 47 27 605543 TSEP SNK 105 Signal 5 Slave 15 00 5 3 2011 1 47 27 731166 ACP Stream Endpoint ID 6 In use No ba Media Type Audio B90011000 00001010 00101011 00011111 00001011 TSEP SNK N10011101 01011010 00000001 00000001 00000110 A RO0000000 00000001 01110100 11100010 00000001 Yoooo0100 PBBM1o 00011000 00001000 P Figure 3 32 Look in Decoder pane for profile hints 63 ComProbe Sodera User Manual Chapter 3 Configuration Settings 3 2 3 3 AVDTP Override Decode Information The Set Subsequent Decoder Parameters dialog allows the user to override an existing parameter at any frame in the capture where the parameter is used If you have a parameter in effect and wish to change that parameter 1 Select the frame where the change should take effect 2 Select Set Subsequent Decoder Parameters from the Options menu or by selecting a frame in the frame display and choosing from the right click pop up menu and make the needed changes 3 Select the rule you wish to modify from the list of rules 4 Choose the protocol the selected item carries from the drop dow
261. gure 5 8 Find Special Events tab 5 Check the event or events you want to look for in the list of special events Use Check All or Uncheck All buttons to make your selections more efficient 6 Click Find Next and Find Previous to move to the next instance of the event Not all special events are relevant to all types of data For example control signal changes are relevant only to serial data and not to Ethernet data For a list of all special events and their meanings see List of all Event Symbols on page 99 5 1 6 Searching by Signal Searching with Signal allows you to search for changes in control signal states for one or more control signals You can also search for a specific state involving one or more control signals with the option to ignore those control signals whose states you don t care about The analyzer takes the current selected byte as its initial condition when running searches that rely on finding events where control signals changed To access the search by time function 1 Opena capture file to search 2 Open the Event Display NG or Frame Display P window 3 Click on the Find icon Ah or choose Find from the Edit menu 4 Click on the Signal tab of the Find dialog 230 Chapter 5 Navigating and Searching the Data ComProbe Sodera User Manual Note The tabs displayed on the Find dialog depend on the product you are running and the content VA of the capture file you are viewing BX Deco
262. gy Passkey Entry Press Enter or click outside the field If the Passkey is correct it will appear in the PIN TK field with Valid appearing below the passkey Link Key field will automatically fill with the Link Key that will show Valid and 48 Chapter 3 Configuration Settings ComProbe Sodera User Manual appear green The Status field will show an open green lock to show that encryption is enabled and the analyzer can show decrypted data If the entered Passkey is incorrect the PIN TK field will be red and Invalid will appear below the entered PIIN The Status field will show a closed red lock to indicate that encryption is not enabled Status Time Master Slave PIN TK Link Key ACO IV T fa 11 13 2014 9 07 10 139572 AM 29CD 00 99 FF 56 3C 2D B7 84 06 67 000000 Ok5t66b668deleddebf4 n a QheQefb01d9705d8 7 Valid Valid D iad 11 13 2014 9 13 27 746147 AM 29 CD 00 99 FF 56 3C 20 87 84 06 67 DOO na bodba c01dlc25b 11 13 2014 9 13 55 406063 AM Valid Figure 3 18 Bluetooth low energy Passkey Decryption Enabled Status Time Master Slave PIN TK Link Key IV 11 13 2014 9 30 51 608572 AM 29 C0 00 99 FF 56 3C 2D B7 84 06 67 111111 Enter link key n a QeeDefb01d9705d8 D t m Invalid D col 11 13 2014 9 37 09215147AM 29C0 00 99 FF 56 3C 2D B7 84 06 67 Enter passkey Enter link key n a Oed5at2cOldOc2ab Figure 3 19 Bluetooth low energy Passkey Invalid Legacy Out of Band OOB Pairing Out of Band OOB data is
263. h Volume Alarm Warn the user that the volume level of the detected audio is below the best range for performing meaningful audio analysis Alarm is initialized when volume level above the Measurement Threshold level is detected Alarm is activated when the detected volume drops below the Measurement Threshold level for 10 consecutive 0 5 sec measurement intervals Reports the detection of suspected distortion that occurs when the amplitude of a signal exceeds a digital systems ability to represent it accurately Clipping is a type of amplitude distortion The system reports a Clipping event when consecutive samples at the maximum value that can be represented by the digital system have been detected Note that the maximum value that can be represented is different depending on the number of bits per sample i e bits of resolution of the audio stream The system limits the number of reported Clipping events to typically 10 to 20 per sec Warn the user that the volume level of the detected audio is above the best range for performing meaningful audio analysis i e above a level where the audio will likely become distorted Alarm is activated when the detected audio volume is continuously above the high volume threshold see Figure 2 for 10 consecutive 0 5 sec measurement intervals i e 5 sec total The event will not be repeated again until the detected volume level drops below the high volume threshold for 10 more co
264. h as the threshold for reporting the Glitch event Such dramatic changes would typically happen only in the face of dropped samples and serve as an additional means of detecting gross abnormalities 201 ComProbe Sodera User Manual Chapter 4 Capturing and Analyzing Data 4 5 6 Audio Expert System Window This window is the working space for the Audio Expert System Upon opening Audio Expert System the window shown below will open with four main areas displayed e Global Toolbar Provides play cursor controls waveform viewing controls and volume controls that affect all Wave Panels e Wave Panel Displays the waveforms for each captured audio stream There is a separate Wave Panel for each stream Each panel contains local information controls and an event timeline specific to the displayed audio stream being shown Other Wave Panels that may be off scream may be viewed using the vertical scroll control or by collapsing other Wave Panels e Event Timeline The Event Timeline shows Bluetooth events Codec events and Audio events synchronized to the displayed waveform There is an Event Timeline in each Wave Panel e Event Table A tabular listing of Bluetooth codec and audio events with information on event severity related Bluetooth frame timestamp and event information Global Toolbar Wave Panel ere i eS Audio Expat cae aa nia alata 03 39 35 343 PM 03 39 35 436 PM 03 39 35 528 PM 03 39 35 621 PM
265. hat the colors refer to the layer not to a specific protocol In some situations a protocol may be in two different colors in two different frames depending on where it is in the stack You can change the default colors for each layer Red is reserved for bytes or frames with errors In the Summary pane frame numbers in red mean there is an error in the frame Also the Errors tab is displayed in red This could be a physical error in a data byte or an error in the protocol decode Bytes in red in the Radix Character Binary and Event panes mean there is a physical error associated with the byte 4 4 1 12 2 Changing Protocol Layer Colors You can differentiate different protocol layers in the Decode Event Radix Binary and Character panes 1 Choose Select Protocol Layer Colors from the Options menu to change the colors used The colors for the different layers is displayed 2 Tochange acolor click on the arrow next to each layer and select a new color 3 Select OK to accept the color change and return to Frame Display Select Cancel to discard any selection Select Defaults to return the highlight colors to the default settings Protocol Layer Color Selector Layer 1 Abed Staten ba Layer 3 Abed 7 Ok Layer 2 Abed BURR Layer10 Bae Cancel E a Layer 3 Abc Layer 11 E TH Defaults Layer 4 Abc Laeli BETH Layer 5 hi Layer 13 ae Layer 6 Lewen le Other Layer 7 Abed ff Laws 15 Layer 8 Abed B
266. he details of the captured audio stream are presented The Stream Panel displays the captured audio waveform along with an event timeline that displays discrete Bluetooth Codec and Audio events synchronized to the captured waveform Audio Stream Info Local Controls as maa aaa 03 39 35 564 PM 03 39 35 671 PM 03 39 35 778 PM 03 39 35 351 PM 03 39 35 457 PM Linear Audio Waveform Event Timeline Figure 4 98 Wave Panel The Wave Panel contains four sections 1 Audio Stream Info that provides users with information such as sample rate bit sample codec and DUT Device Under Test addresses 2 Local Controls include audio volume controls and Indicators Mute Vertical Zoom and Collapse Expand 3 An Audio Waveform which is plotted as amplitude linear or dB versus time and an interactive play cursor The play cursor appears as a white vertical line across the waveform 4 Event Timeline that shows color coded Bluetooth E1 Codec fa gH and Audio events Details of these events are listed in the Audio Expert System Event Table 205 ComProbe Sodera User Manual Chapter 4 Capturing and Analyzing Data 4 5 6 2 1 Audio Stream Info The Audio Stream Info displays Audio Bluetooth and Codec information left to right in the image below about the audio waveform displayed in the panel This information is discovered during AVDTP signaling when the devices under test DUT
267. he examples are still valid Examples of decoders methods and frame recognizers are included in this manual You can cut and paste from these examples to create your own decoders A quick note here Usually the pasted code appears the same as the original in your editor Some editors however change the appearance of the text when it is pasted something to do with whether it is ASCII or Unicode text If you find that the pasted text does not appear the same as the original you can transfer the code into a simple text editor like Notepad save it as an ANSI ASCII file then use it in your decoder These files are installed in the FTE directory of the system Common Files directory The readme file in the root directory of the protocol analyzer installation contains a complete list of included files Most files are located in My Decoders and My Methods We will be updating our web site with new and updated utilities etc on a regular basis and we urge decoder writers to check there occasionally 7 2 8 Bluetooth low energy ATT Decoder Handle Mapping Low energy device attributes contain a 16 bit address called the attribute handle Each handle is associated with an attribute Universally Unique Identifier UUID that is 128 bits long In the attribute database the handle is unique while the UUID is not unique The ComProbe software detects and stores the relationships mappings between handle and UUID during the GATT discovery process But
268. he hardware can capture data without being connected to a computer mode The Bluetooth traffic is captured for later upload and analysis using a captures computer running the ComProbe Protocol Analysis System software Note Since the Capture Options are stored on the Sodera hardware if a Sodera hardware unit is H not connected then these settings can neither be viewed nor changed Clicking on OK will save the Capture Options settings on the connected Sodera hardware unit Any Capture Options parameter changes made will overwrite the previously saved Capture Options 3 1 2 1 2 Standard Toolbar al 7 The Standard Toolbar provides quick one click access to the same options that appear in menu File selection This toolbar may be hidden by selecting from the menu View Toolbars selection and removing the check from Standard Toolbar selection The Standard Toolbar can be positioned to another location by moving the mouse cursor to the left of the menu until a double headed arrow appears Click hold and drag the menu to another position in the window header Table 3 2 Standard Toolbar Selections Open Ctrl O Opens a Windows Open dialog Select the location File name and cfa file to analyze The file includes all data with all context decryption and work file information for both the recorded and analyzed packets e Chapter 3 Configuration Settings ComProbe Sodera User Manual Table 3 2 Standard Toolbar Selecti
269. how this affects the display windows in the analyzer The information in this section applies to frame numbering as well When the analyzer captures an event it gives the event a number If the event is a data byte event it receives a byte number in addition to an event number There are usually more events than bytes with the result is that a byte might be listed as Event 10 of 16 when viewing all events and Byte 8 of 11 when viewing only the data bytes The numbers assigned to events that are wrapped out of the buffer are not reassigned In other words when event number 1 is wrapped out of the buffer event number 2 is not renumbered to event 1 This means that the first event in the buffer may be listed as event 11520 of 16334 because events 1 11519 have been wrapped out of the buffer Since row numbers refer to the event numbers they work the same way In the above example the first row would be listed as 2d00 which is hex for 11520 The advantage of not renumbering events is that you can save a portion of a capture file send it to a colleague and tell your colleague to look at a particular event Since the events are not renumbered your colleague s file use the same event numbers that your file does 7 2 5 Useful Character Tables 264 Chapter 7 General Information ComProbe Sodera User Manual 7 2 5 1 ASCII Codes chew xO x1 x2 x3 xd a5 6 x B eA xB xC a Dx NUL 50H 5TX ETX EOTJENO AC BEL BS H
270. iangle arrangement as mentioned above However in A2DP data capture scenario the equilateral positioning of devices is not optimum because normally only one device is sending data to the other It is recommended that the ComProbe hardware be positioned closer to the device receiving data so that ComProbe better mimics the receiving DUT Position the DUTs 1 2 meters apart for Class 1 and 2 transmitters and 1 2 meter apart for Class 3 transmitters 77 ComProbe Sodera User Manual Chapter 4 Capturing and Analyzing Data Figure 4 3 For Audio A2DP Position Closer to SINK DUT Poor Placement A poor test configuration for the analyzer is placing the DUTs very close to each other and the analyzer far away The DUTs being in close proximity to each other reduce their transmission power and thus make it hard for the analyzer to hear the conversation If the analyzer is far away from DUTs there are chances that the analyzer may miss those frames which could lead to failure in decryption of the data Obstacles in close proximity to or in between the analyzer and the DUTs can interfere and cause reduction in signal strength or interference Even small objects can cause signal scattering Figure 4 4 Example Poor Capture Environment 78 Chapter 4 Capturing and Analyzing Data ComProbe Sodera User Manual 4 1 2 Sodera Capturing Data Introduction Data capture using ComProbe Sodera will capture data from all devices with
271. icbekueecteduies Gawadueuencess 216 Figure 5 1 Find Dialog _ 2 222 le lee eee cece eee ce cece eee cece cece ee eceeeeeeeeeeeees 221 Figure 5 2 Find Decode Tab Search for String a 222 Figure 5 3 Find Decode Tab Side Restriction ce eee cece cece cece ceeceeeeeee 223 Figure 5 4 Find Pattern Tab 222 ces cesccectentdenwesscmmeotedes ecarcdteweetesddeeuececmaededeedememasanescs 225 Figure 5 5 Find Pattern Tab Side Restrictions l eee ce ee ec cece cece cece eee eeeeeees 225 Figure 5 6 Find by Time tab _ 2 2 2 2 a 226 Feure 527 FING GO TO laD AA 228 Figure 5 8 Find Special Events tab a 230 Figure 5 9 Find Signal tab ec cee eee ee cee cece eee eee eee eeeeeeeeeeees 231 Figure 5 10 Find Error tab ala div cdeowendvwccuduecdentocued bvindwiderdtensd das tdubcecedekessveaeyccds 233 Figure 5 11 Find Bookmark tab 2 22 eee ec cece cece eee c eee eee eee eeeeeeeeeeeee 236 Figure 5 12 Bookmarked Frame 3 in the Frame Display 2 2 a 237 Figure 5 13 Find Window Bookmark tab Used to Move Around With Bookmarks 239 Figure 6 1 Frame Display Print Dialog _ 2 222 eee cece ce eee ccc cece cece e eee eceeceeceeceeees 246 Figure 6 2 Frame Display Print Preview Dialog 22 2 e eee eee eee eee eee eee cece eeeeeeeeees 247 Figure 6 3 Event Display Print Dialog _
272. ice it will request distribution of EDIV and Rand and will regenerate LTK LE LL Control Pkt LL_LENC_RSP Slave session key identiher SKDs Onc26aa3044187892e Slave inaiaization vector W3 054702256 Figure 36 Encryption Response from Slave Example ComProbe Frame Display BPA 600 low energy capture B 5 6 Encrypting The Data Transmission Data encryption begins with encrypting the link The Session Key SK is created using a session key diversifier SKD The first step in creating a SK is for the master device to send Link Layer encryption request message LL_ ENC_REQ that contains the SKD miga The SKD aa is generated using the LTK The slave receives SKD aster generates SKD and generates SK by concatenating parts of SKD and SKD _ The slave device responds ast slav with an eneryption response message LL_ENC_RSP that contains SKD x the Bi will create the same SK Now thata SK has been calculated the master and slave devices will now aaah a handshake process The slave will transmit unencrypted LL START ENC REQ but sets the slave to receive encrypted data using the recently calculated SK The master responds with encrypted LL START ENC RSP that uses the same SK just calculated and setting the master to receive encrypted data Once the slave receives the master s encrypted LL START ENC RSP message and responds with an encrypted LL START ENC RSP message the Bluetooth low energy devices can now begin transmitting and rece
273. ide with the L CAP CID 0000 and with the remote side TSID 0 the AVDTP is camying Unknown Modified by user Figure 3 31 Parameters Added to Decoder 4 To delete a parameter from the Initial Connections window select the parameter and click on the Delete button 262 Chapter 3 Configuration Settings ComProbe Sodera User Manual 5 Decoder parameters cannot be edited The only way to change a parameter is to delete the original as described above and recreate the parameter with the changed settings and selections and then click on the Add button 6 AVDTP parameters are saved when the template is saved as described in Adding a New or Saving an Existing Template on page 60Adding a New or Saving an Existing Template on page 60 3 2 3 2 AVDTP Missing Decode Information The analyzer usually determines the protocol carried in an AVDTP payload by monitoring previous traffic However when this fails to occur the Missing Decoding Information Detected dialog appears and requests that the user supply the missing information The following are the most common among the many possible reasons for a failure to determine the traversal e The capture session started after transmission of the vital information e The analyzer incorrectly received a frame with the traversal information e The communication monitored takes place between two players with implicit information not included in the transmission In any case either view the AVDTP payloa
274. iffing the air or connecting directly to the chip Frontline analyzers use the same powerful ComProbe software to help you test troubleshoot and debug communications faster ComProbe software is an easy to use and powerful protocol analysis platform Simply use the appropriate ComProbe hardware or write your own proprietary code to pump communication streams directly into the ComProbe software where they are decoded decrypted and analyzed Within the ComProbe software you see packets frames events coexistence binary hex radix statistics errors and much more This manual is a user guide that takes you from connecting and setting up the hardware through all of the ComProbe software functions for your ComProbe hardware Should you have any questions contact the Frontline Technical Support Team ComProbe Sodera User Manual Chapter 1 ComProbe Hardware amp Software 1 1 What is in this manual The ComProbe User Manual comprises the following seven chapters The chapters are organized in the sequence you would normally follow to capture and analyze data set up configure capture analyze save You can read them from beginning to end to gain a complete understanding of how to use the ComProbe hardware and software or you can skip around if you only need a refresher on a particular topic Use the Contents Index and Glossary to find the location of particular topics e Chapter 1 ComProbe Hardware and Software This chapter will describe the
275. ight click on the pane and select Hide This Pane from the pop up menu or de select Show Pane Name from the View menu To open a pane right click on the any pane and select Show Hidden Panes from the pop up menu and select the pane from the fly out menu or select Show Pane Name from the View menu To re size a pane place the cursor over the pane border until a double arrow cursor appears Click and drag on the pane border to re size the pane 4 4 1 10 Frame Display Byte Export The captured frames can be exported as raw bytes to a text file 111 ComProbe Sodera User Manual Chapter 4 Capturing and Analyzing Data 1 From the Frame Display File menu select Byte Export J Frame Display le modified channel maps HID_kbd cant_decrypt_ Edit View Format Filter Bookmarks Options Window Go Live Open Capture File Close Save Save Selection Reframe 1 le modified channel maps HID_kbd cant_decrypt_GATT cfa 2 example_btsnoop_hcilog cfa 3 C Users BPA500 cfa 4 C Users SDIO_20121005 cfa Print Print Preview Export Byte Export HTML Export Reload Decoders Recreate Companion File Figure 4 17 Frame Display File menu Byte Export 2 From the Byte Export window specify the frames to export e All Frames exports all filtered in frames including those scrolled off the Summary pane Filtered in frames are dependent on the selected Filter tab above the Summary pane Filte
276. ile If this situation occurs the internal segment tracking logic attempts to look forward and or backward in the test script to determine if the currently measured characteristics are consistent with the previous or next segment of the script If there is a match the internal segment pointer is advanced or retarded appropriately the Synchronization Lost event is not generated and the audio analysis continues However if a match cannot be found the system declares itself out of sync and generates the Synchronization Lost Event terminates any active test script and reverts to Non Referenced Mode Unexpected Reported when a measured frequency deviates from Frequency an expected frequency by a specific percentage determined by the negotiated parameters of the over the air audio stream The system knows the Reference Audio file that is being played on the Source DUT therefore the system knows which frequencies tones to expect at a given time Unexpected Level Reported when the measured level at the start of a tone segment is not within tolerance The tolerance is dependent on sample rate and bits per sample but it generally is 3 dB for speech and 11 dB for music The system knows the Reference Audio file that is being played on the Source DUT therefore the system knows which amplitude level to expect at a given time 198 Chapter 4 Capturing and Analyzing Data ComProbe Sodera User Manual Table 4 25 E
277. ile type choose whether you want to hide display Preambles or Column Headings in the exported file 250 Chapter 6 Saving and Importing Data ComProbe Sodera User Manual 8 Click Save The Event Display Export file is saved to the locations you specified in File name a A B G D E F G H l J K 1 Timestamp Delta Event Number Byte Number Frame Number Type Hex iDec Oct Bin ASCII 632 11 30 2012 12 20 02 895166 PM 0 00 00 00 631 626 3 Data 0 0 0 0 633 11 30 2012 12 20 02 895166 PM 0 00 00 00 632 627 3 Data oi 0 0 0 634 11 30 2012 12 20 02 895166 PM 0 00 00 00 633 628 3 Data oi 0 0 0 635 11 30 2012 12 20 02 895166 PM 0 00 00 00 634 629 3 Data 98 152 230 10011000 636 11 30 2012 12 20 02 895166PM 0 00 00 00 635 630 3 Data 70 112 160 1110000 p 637 11 30 2012 12 20 02 895166 PM 0 00 00 00 636 631 3 Data 94 148 224 10010100 638 11 30 2012 12 20 02 895166 PM 0 00 00 00 637 632 3 Data 221 34 42 100010 639 11 30 2012 12 20 02 895166 PM 0 00 00 00 638 633 3 Data 211 33 41 100001 640 11 30 2012 12 20 02 895166 PM 0 00 00 00 639 634 3 Data 1c i 28 34 11100 641 11 30 2012 12 20 02 895166 PM 0 00 00 00 640 635 3 Data 80 128 200 10000000 642 11 30 2012 12 20 02 895166 PM 0 00 00 00 641 636 3 Data 80 128 200 10000000 643 11 30 2012 12 20 02 895166 PM 0 00 00 00 642 637 3 Data 80 128 200 10000000 644 11 30 2012 12 20 02 895166 PM 0 00 00 00 643 638 3 Data 80 128 200 10000000 Figure 6 5 Example csv Event Display Export Exc
278. ilities authentication data availability authentication requirements key size requirements and other data A Pairing Response message is transmitted from the responder and contains much of the same information as the initiators Pairing Request message thus confirming that a pairing is successfully negotiated In the sample SMP decode in the figure at the right note T SMP the keys identified Creating a shared secret key is an Code Pairing Request luti that j lint di 10 Capabilities KeyboardDisplay EE NDIUHONALY Process INALIHVOIVES Several iNtermeuiary OOB data flag OOB Authentication data not present keys The resulting keys include AuthReg Bonding Flags Bonding MITH MITM Protection es Maximum Encryption Key Size 16 Octets 1 IRK 128 bit key used to generate and resolve random address Initiator Key Distribution Enckey Initiator shall distribute LTE followed by EDY and Rand 2 CSRK 128 bit key used to sign data and ve rify IdFey Initiator shall distribute IAK followed by its address g di ta z Sign Initiator shall distribute CSAE signatures on the receiving device 3 Responder Key Distribution Encke Responder shall distribute LTE followed by EDI and Rand 3 LTK 128 bit key used to generate the session key for ldKey Responder shall distribute IRK followed by its address j Sign Responder shall distribute CSAK an encrypted connection ign Hesp istribu 4 Encrypted Diversifier EDIV 16 bit stored
279. ill generate a Clipping event Table 4 26 Clipping Event Thresholds 200 Chapter 4 Capturing and Analyzing Data ComProbe Sodera User Manual Table 4 26 ae Event Thresholds 5 continued Dropout Dropout events are reported when the average audio level RMS is initially above the Measurement Threshold then falls below the Silence Threshold and then quickly rises above the Measurement Threshold again This approach largely disqualifies the natural inter syllable silence and pauses that occur in natural speech but will detect gaps caused by dropped data Note that the system does not report dropouts that begin at very low energy levels Measurement Threshold Prise Rear seth MIC CHE PEPPER POY Figure 4 96 Dropout Measurement and Silence Threshold Glitch The Glitch event is reported whenever an extremely large sample to sample amplitude transition occurs that has little or no probability of occurring within natural speech or music As illustration back to back N N N N values where N is any non zero number represents energy at the Nyquist frequency or the sample rate Neither speech nor music contain average energy levels at this frequency more the 20 dB below nominal However moderately large sample to sample changes in amplitude do occur and these naturally limit how sensitive this measure can be configured The system uses back to back transition levels of 90 dB for music and 40 dB for speec
280. imestamping information and general reference information such as ASCII baudot and EBCDIC codes This chapter also provides information on how to contact Frontline s Technical Support team should you need assistance 1 2 Computer Minimum System Requirements Frontline supports the following computer systems configurations e Operating System Windows 7 and 8 e USB Port USB 2 0 High Speed or USB 3 0 Super Speed The ComProbe software must operate on a computer with the following minimum characteristics e Processor Core i5 processor at 2 7 GHz e RAM 4 GB e Free Hard Disk Space 20 GB 1 3 Software Installation 1 3 1 From CD Insert the ComProbe installer disc into your DVD drive Click on the Install CPAS shortcut and follow the directions Chapter 1 ComProbe Hardware amp Software ComProbe Sodera User Manual 1 3 2 From Download Download the latest CPAS installer from FTE com Once downloaded double click the installer and follow the directions ComProbe Sodera User Manual Chapter 1 ComProbe Hardware amp Software Chapter 2 Getting Started In this chapter we introduce you to the ComProbe hardware and show how to start the ComProbe analyzer software and explain the basic software controls and features for conducting the protocol analysis 2 1 Sodera Hardware 2 1 1 Front Panel Controls ComProbe Sodera front panel is shown below The panel provides controls to power up and shut down the ComProbe Sodera hard
281. ind is located below the toolbar on the Frame Display dialog Frame Display bpa bt le cfa Pa YU ST DIO HAAS hi erm 8 3 Oa Find AA C Sum Figure 4 15 Frame Display Find text entry field Where the more powerful Search Find functionality searches the Decode Binary Radix and Character panes on Frame Display using Timestamps Special Events Bookmarks Patterns etc 108 Chapter 4 Capturing and Analyzing Data ComProbe Sodera User Manual Decode Pattem Tune GoTo Special Events Search for C Absolute O Relive Rare Honth i Hel J Daw Hour te Second 1 1 000000 Second 111 E E Si 71000 ro A 7 i Go bo the bimaitamg CG On o baoe the specified lima O Onor after the specihed img Figure 4 16 Search Find Dialog Find on Frame Display only searches the Decode Pane for a value you enter in the text box To use Find 1 Select the frame where you want to begin the search 2 Enter a value in the Find text box Find Anbenng True 4 Note Note The text box is disabled during a live capture Select Find Previous Occurren e_ to begin the search on frames prior to the frame you selected or Find Next Occurrence po to begin the search on frames following the frame you selected db Arterna Signal True The next occurrence of the value if it is found will be highlighted in Antenna True dim Tiara Qtheruation Fake db Tiansmi Alberuation Fake
282. ing Sensor In Shoe Running Walking Sensor On Hip pt x pt x x x pt x x pt x x pt x x pt x x pt x x pt x x Px pt x x pt x x Px pt x pt x pt x pt x Ts Sports Watch 37 ComProbe Sodera User Manual Chapter 3 Configuration Settings Table 3 5 Device Classes continued Tag Generic Thermometer Thermometer Ear Toy Unknown Watch Wearable of x pt x x Px Uncategorized xX fo x x Px o Xx Weight Scale Sorting Wireless Devices columns Any column in the Wireless Devices pane can be used to sort the entire table Each column is sortable in ascending or descending order but only one column at a time can be used to sort Clicking on the column header will initiate the sort An arrow head will appear on the right of the column An upward pointing arrow head indicates that the sort is in ascending order top to bottom Clicking the column header again will toggle the sort to descending order top to bottom Note Devices added after a sort will not appear in the last sort order and are appended to the H current list The sort process must be repeated to place the new devices in sorted order Favorite devices will always grouped together at the top of the Wireless Devices pane in sorted order Non favorite devices will appear immediately below the favorite devices in sorted order Device Management Tools Wireless Devices At the top of the Wireless
283. ing on the MSC LE LL tab will show the process of encrypting a session link Clicking on Frame 39 617 displays the LL ENC REQ command from the master to the slave In the MSC below this command you will see the data transferred that includes SKD ter used to generate the LTK At Frame 39 623 the slave responds with LL_ENC_RSP sending SKD ve to generate LTK at the master Up to this point all transmissions are unencrypted For this example the slave sends the request to start encryption LL START ENC REQ at Frame 39 635 The master responds with LL_START_ENC_RSP at Frame 39 639 and finally the slave responds with LL_START_ENC_RSP at Frame 36 649 At this point the session link is encrypted all Layers Ciri Summary Nonbisg Semmary LE BB LE ADV LE DATA LELL LZCAP ATT SMP 39 617 Encryption request kp jp nika POGDDDODD EDIY DxD90D SEDm Bxca0BcFdda96cd Shee Updated channel map used 39 623 LLENC_RSP SKDe OeIeheaseId7 12ih MWe Oxf ad4b 30 39645 3 Stan engrypibon request 319 639 39 643 LL START EMC ASP 39 649 Baseband connection encrypted Figure 27 MSC link Layer Encryption BPA 600 low energy capture B 4 7 4 Viewing Decrypted Data In the ComProbe software Frame Display click on the LE BB tab Search in the Summary pane for Decryption Initiated Yes frames In the example depicted in the following figure Frame 39723 is selected In the Decoder pane LE BB shows that the decryption was initiated and d
284. initial condition for the filter from the drop down list 4 Setthe parameters for the selected condition in the fields provided The fields that appear in the dialog box are dependent upon the previous selection Continue to enter the requested parameters in the fields provided until the condition statement is complete 5 Click OK The system displays the Save Named Condition dialog Provide a name for the filter condition or accept the default name provided by the system and click OK Prohibited characters are left bracket right bracket and equal sign The Set Condition dialog box closes creates a tab on the Frame Display with the filter name and applies the filter The filter also appears in the Quick Filtering and Hiding Protocols dialog When a display filter is applied a description of the filter appears to the right of the toolbar in the Frame Display windows Notes e The system requires naming and saving of all filters created by the user e The OK button on the Set Condition dialog box is unavailable grayed out until the condition selections are complete e When you have multiple Frame Display windows with a display filter or filters those filter do not automatically appear in other Frame Display windows You must use the Hide Reveal feature to display a filter created in one Frame Display in different Frame Display window 4 4 1 13 1 2 Including and Excluding Radio Buttons All filter dialog boxes contain an I
285. ion Complete Link Key Oxa0 f9 eb 9d Da d9 56 78 f8 bb 08 c7 Ba ee 64 49 Event Connection Packet Type Link Key Types Unauthenticated Combination Key ACL Data Event Number Of Completed Pac m gt Total Frames 1 723 Frames FilteredIn 1 723 Frame s Selected 245 1 total 16 bytes For Help Press F1 Figure 11 Frame Display Showing Link Key Notification Event with the Link Key Author John Trinkle with Joe Skupniewitz Publish Date 30 September 2014 288 ComProbe Sodera User Manual Appendicies 289 B 3 Bluetooth Conductive Testing lsolating the Environment Conductive testing could be used for many reasons but the most common use is to isolate the Bluetooth test setup from the surrounding environment Interference from radio frequency RF sources is the most common reason for isolating the test from the environment This is especially important when the environment contains RF sources using the industrial scientific and medical ISM radio bands from 2 4 to 2 485 GHz that are the bands used for Bluetooth Conductive in this context means that you are not air sniffing that is capturing Bluetooth transmissions on the ComProbe analyzer antenna The conductive test setup uses coaxial cable to directly connect the Device Under Test DUT to the analyzer antenna connectors The coaxial cable provides the isolation from the environment through shielding B 3 1 Bl
286. ion Is Missing There may be times when you need to provide information to the analyzer because the context for decoding a frame is missing For example if the analyzer captured a response frame but did not capture the command frame 91 ComProbe Sodera User Manual Chapter 4 Capturing and Analyzing Data indicating the command The analyzer provides a way for you to supply the context for any frame provided the decoder supports it The decoder writer has to include support for this feature in the decoder so not all decoders support it Note that not all decoders require this feature If the decoder supports user provided context three items are active on the Options menu of the Control window and the Frame Display window These items are Set Initial Decoder Parameters Automatically Request Missing Decoding Information and Set Subsequent Decoder Parameters These items are not present if no decoder is loaded that supports this feature Set Initial Decoder Parameters is used to provide required information to decoders that is not context dependent but instead tends to be system options for the protocol Choose Set Initial Decoder Parameters in order to provide initial context to the analyzer for a decoder A dialog appears that shows the data for which you can provide information If you need to change this information for a particular frame 1 Right click on the frame in the Frame Display window 2 Choose Provide lt context
287. ion command contains invalid length parameter Configuration command contains invalid media transport format SBC CRC Error SBC invalid channel mode Error SBC invalid header Error Invalid AVDTP configuration parameter Invalid AVDTP stream state 4 5 5 2 Event Type Codec Table 4 24 Event Type Codec Error i i Incorrect Configuration SBC Codec detected a change in audio Detected parameters Sk Error Lost Sync SBC Codec expected to find synch word Ox9C instead found Ox typically due to corrupted data Error Bad Header SBC Codec detected corrupted header typically due to corrupted data Error CRC Failure SBC Codec detected bad CRC typically due to corrupted data BC Error No output SBC Codec generated no output due to corrupted data Codec tear down Codec Session Ended 194 Chapter 4 Capturing and Analyzing Data ComProbe Sodera User Manual Table 4 24 Event Type Codec continued Stream Re configuration Stream Re configuration Warning Packet Loss Concealment mSBC Codec detected a bad frame and generated substitute data to compensate for it Error Incorrect Configuration mSBC Codec detected a change in audio Detected parameters Error Lost Sync mSBC Codec expected to find synch word OxAD instead found Ox typically due to corrupted data Error Bad Header mSBC Codec detected corrupted header typically due to corrupted data Error CRC Failure mSBC Codec detected bad CRC typically due to corrupted
288. ion errors are o Error in net decryption o Possible error in net decryption o Error in app decryption o Possible error in app decryption 74 Chapter 4 Capturing and Analyzing Data The following sections describe the various ComProbe software functions that capture and display data packets 4 1 Capture Data 4 1 1 Air Sniffing Positioning Devices When capturing over the air packets proper positioning of the ComProbe hardware and the Devices Under Test DUTs will result in the best possible captures and will mitigate sources of path loss and interference The following procedures will help optimize the capture process especially if you are have problems obtaining reliable captures Problems with indoor radio propagation Even in free space it is well understood that radio frequencies attenuate over distance The free space rule of thumb dictates that radio energy decreases in strength by 20 dB by each 10 to 1 increase in range In the real world the effects of objects in an outdoor environment cause reflection diffraction and scattering resulting in greater signal losses Indoors the situation can be worse Reflections occur from walls and other large flat surfaces Diffraction occurs from objects with sharp edges Scattering is produced from objects with rough surfaces and from small objects Also any object directly in the path of the radiation can present a hard or soft partition depending on the partition s material prop
289. ion in the Event Range section Choosing All prints all of the events in the capture file or buffer Choosing Selection prints only the selected events in the Event Display window Note In order to prevent a Print crash you cannot select All if there are more than Si 100 000 events in the capture buffer Note See Configure the Print File Range in the Event Display Print Dialog above for an Si explanation of these selections Event Display Print Eveni range O Al Selection Note Bowie pari ophons may alfect whether ary gay background amp parted See Help lo mio Figure 6 3 Event Display Print Dialog 3 Click the OK button If you chose Print Preview the system displays your data in a browser print preview display with options for printing such as page orientation and paper size You can also use your Printer Preferences dialog to make some of these selections When printing your data the analyzer creates an html file and prints the path to the file at the bottom of the page This file can be opened in your browser however it may appear different than the printed version 6 6 Exporting 6 6 1 Frame Display Export You can dump the contents of the Summary pane on the Frame Display into a Comma Separated File csv To access this feature 1 Right click on the Summary pane or open the Frame Display File menu 2 Select the Export menu item 3 Select a storage location and enter a File name 4 Select Sav
290. ions ON Take bug report Desktop backup password Desktop full backups aren t currently protected Stay awake Screen will never sleep while charging Select runtime Use Dalvik Enable Bluetooth HCI snoop lo Capture all bluetooth HCI packets in a file Process Stats Geeky stats about running processes DEBUGGING USB debugging Debug mode when USB is connected e Figure 8 Typical Android Developer options screen 6 On the Android device turn off Bluetooth 7 Turn on Bluetooth 8 Reboot the Android device 285 Appendicies ComProbe Sodera User Manual The HCI log file is now being generated and is saved to sdcard btsnoop_hci log P Note Samsung devices have a slightly different location for the btsnoop file There are two options for retrieving the HCI log from the Android device a Attach the Android device to your computer The file sdcard btsnoop_hci log is in the root of one of the mountable drives Copy the file to directory C Users Public Public Documents Frontline Test Equipement My Capture File b The second option is to use the Android Debug Bridge ADB using the following steps The debug bridge is included with Android Software Developer Kit 1 On the Androd device Development screen select Android debugging or USB debugging 2 Connect your computer and Android device with a USB cable 3 Open a terminal on your computer and run the following command adb devices 4 Yo
291. ions window e For Driver Buffer Overflows change the size of the driver buffer This value is changed from the Advanced System Settings Go to the Control window and choose System Settings from the Options menu Click on the Advanced button Find the value Driver Receive Buffer Size in Operating System Pages Take the number listed there and double it e The analyzer s number one priority is capturing data updating windows is secondary However updating windows still takes a certain amount of processor time and may cause the analyzer to lose data while the window is being updated Some windows require more processing time than others because the information being displayed in them is constantly changing Refrain from displaying data live in the Event Display and Frame Display windows The analyzer can capture data with no windows other than the Control window open 263 ComProbe Sodera User Manual Chapter 7 General Information e If you are still experiencing buffer overflows after trying all of the above options then you need to use a faster PC 7 2 2 Ring Indicator The following information applies when operating the analyzer in Spy mode or Source DTE No FTS Cables mode When using the cables supplied with the analyzer to capture or source data Ring Indicator RI is routed to a different pin which generates interrupts normally There is a special case involving Ring Indicator and computers with 8250 UARTs or UARTs from that
292. is because for arbitrary audio there is no expectation of any Test ID Test Script Not Occurs if a valid Test ID was found but the script for Found that Test ID was not found The system reverts to Non Referenced Mode if this happens This event should not occur if using a valid Reference Audio file provided by Frontline Invalid Test Script This event is generated when an error occurs while accessing information in a script This event should not occur if using a valid reference audio file provided by Frontline 1Glitch sample to sample audio amplitude transitons Speech greater than 40 dB change Music greater than 90 dB change 2A Test ID is three digits minimum in length representing a dot notation N w Test Identifier The Value N may be any length gt 1 indicating a specific test number and vv represents a two digit version Each digit is represented by a tone between 200 and 290 Hz and is followed either by a 1 kHz delimiter tone or a 400 Hz Test ID terminator The digit O is represented by 200 Hz the digit 1 by 210 Hz and so on up to the digit 9 represented by 290 Hz 197 ComProbe Sodera User Manual Chapter 4 Capturing and Analyzing Data Table 4 25 Event Type Audio continued Synchronization Generated when after a successful TestID Lost recognition the system encounters unexpected frequencies or durations of audio segments while analyzing a received Reference Audio f
293. isplay Summary Filter Filters Pane unless you hide it using the Hide Show Display Filters FISCO ink Supported dialog E Check the small box next to the name of each protocol you want to filter in Role Slave hide or Named Filter to display E Configured BT low energy devic M Exclude NULL and POLLs Then click OK 4 4 1 13 3 2 Easy Protocol Filtering There are two types of easy protocol filtering The first method lets you filter on the protocol shown in the Summary pane and the second lets you filter on any protocol discovered on the network so far 136 Chapter 4 Capturing and Analyzing Data ComProbe Sodera User Manual 4 4 1 14 Sodera Baseband Layer Signal Strength o gt Frame 16 Len 50 The Sodera calculates the RSSI Receiver Signal Strength LE BE Indicator value a representation of the radio signal strength at LP 1 the Sodera receiver for every Bluetooth packet that it captures Channel Index 37 2402 MHz RSSI is shown in dBm with a relative signal strength in Z Meets Predefined Filter Criteria for BT low er parentheses The RSSI value is shown as a decoded field in the Receive Status Received without errors Frame Display Detail pane Baseband layer Decryption Initiated No Na Hay l The Sodera firmware uses the built in radio firmware features Preamble Osaa Access Address Dr8e89bedE to calculate the RSSI value of the signal received at the RSSI 56 875 dBm medium ComP
294. isplay numbers in Octal Display numbers in Decimal Display numbers in Hexadecimal Figure 4 11 Data display right click menu If you want to see only the numerical values click on the Numbers Only icon 4 on the Event Display toolbar 4 3 7 3 Switching Between ASCII EBCDIC and Baudot On the Event Display window the analyzer displays data in ASCII by default when you click on the Characters Only icon A There are several ways to change the character set used to display data 1 Gotothe Format menu and select the character set you want A check mark next to the character set indicates which set is currently being used 2 With the data displayed in characters right click on the data panel header label to choose a different character set If you want to see only characters click on the Characters Only icon A on the Event Display toolbar 4 3 7 4 Selecting Mixed Channel Sides If you want to get more data on the Event Display window you can switch to mixed sides mode This mode puts all the data together on the same line Data from one side Slave is shown on a white background and data from the other side Master is shown on a gray background 1 Click once on the Mixed Sides icon Ea to put the display in mixed sides mode 2 Click again to return to side over side mode 3 You can right click in the center of the data display window to change between mixed and side over side modes by selecting Display Sides T
295. isplays a dialog stating that no user defined overrides S Note If the capture has no user defined overrides then the exist 3 2 5 RFCOMM Decoder Parameters 3 2 5 1 About RFCOMM Decoder Parameters Each entry in the Set Initial Decoder Parameters dialog takes effect from the beginning of the capture onward or until redefined in the Set Subsequent Decoder Parameters dialog AVDTP Securty L2CAP RFCOMM azpp use iPx TCP UDP Initial Connections in effect from beginning of capture onward until redefined in the Set Subsequent Decoder Parameters dialog Stream Master v Server Channel 5 DLCI 0 DataSource DS No set Ofor Single DS O Caries UUID OBEX bo Add Figure 3 37 RFCOMM parameters tab The RFCOMM Set Initial Decoder Parameters tab requires the following user inputs to complete a parameter e Stream Identifies the role of the device initiating the frame master or slave e Server Channel The Bluetooth channel number O through 78 e DLCI This is the Data Link Connection Identifier and identifies the ongoing connection between a client and a server 68 Chapter 3 Configuration Settings ComProbe Sodera User Manual e Data Source DS No When only one data source is employed set this parameter to O zero otherwise set to the desired data source e Carries UUID Select from the list to apply the Universal Unique Identifier UUID of the application layer that RFCOM
296. it regardless of whether they are performed using Excursion mode or using a connected computer Disable Excursion mode 1 Connect the Sodera hardware to a computer with a USB cable and start the ComProbe Protocol Analysis System 2 Inthe ComProbe Sodera window select Capture Options from the Options menu 3 Verify that the status message on the pop up indicates the serial number of the connected hardware 4 Uncheck the box next to Enable Excursion mode captures and press OK The pop up will close and the Capture Options are saved to the connected Sodera hardware Start Capturing Data in Excursion mode 1 With the Sodera hardware disconnected from a computer hold for at least 1 2 second and then release the Power button on the front panel The battery charge state indicator LEDs will repeatedly flash in sequence while the unit powers up 2 Once the unit is powered up press the Capture button on the front panel right side The Capture LED will be a constant green when capturing data Stop Capturing Data in Excursion mode 1 Press the Capture button on the front panel right side There may be a brief delay and the Capture LED will turn off 3 2 Decoder Parameters Some protocol decoders have user defined parameters These are protocols where some information cannot be discovered by looking at the data and must be entered by the user in order for the decoder to correctly decode the data For example such information might
297. ith Virtual sniffing all data is always captured B 6 6 How Virtual Sniffing Works ComProbe software Virtual sniffing works using a feature called Live Import Any application can feed data into ComProbe software using Live Import A simple API provides four basic functions and a few other more advanced functions The four basic Live Import functions are e Opena connection to ComProbe software e Close a connection to ComProbe software e Send an entire packet to ComProbe software e Senda single byte to ComProbe software All applications that send data to ComProbe software via Live Import use the first two functions Usually only one of the two Send functions is used by a particular application When ComProbe software receives data from the application via Live Import the data is treated just as if it had been captured on a Frontline ComProbe sniffer The entire protocol stack is fully decoded With Virtual sniffing the data can literally be coming from anywhere ComProbe software does not care if the data being analyzed is being captured on the machine where ComProbe software is running or if the data is being captured remotely and passed into ComProbe software over an Internet connection B 6 7 Virtual Sniffing and Bluetooth Stack Vendors As the complexity of the Bluetooth protocol stack increases Bluetooth stack vendors are realizing that their customers require the use of a powerful Bluetooth protocol analyzer Even if the stack vendo
298. iving encrypted data B 5 7 IRK and CSRK Revisited Earlier in this paper it was stated that LTK would be the focus however the IRK and CSRK were mentioned We revisit these keys because they are used in situations that require a lesser level of security First let us note that IRK and CSRK are passed in an encrypted link along with LTK and EDIV Use of the IRK and CSRK attempt to place an identity on devices operating in a piconet The probability that two devices will have the same IRK and generate the same random number is low but not absolute IRK and Bluetooth low energy Privacy Feature Bluetooth low energy has a feature that reduces the ability of an attacker to track a device over a long period buy frequently and randomly changing an advertising device s address This is the privacy feature This feature is not used in the discovery mode and procedures but is used in the connection mode and procedures If the advertising device was previously discovered and has returned to an advertising state the device must be identifiable by trusted devices in future connections without going through discovery procedure again The IRK stored in the trusted device will overcome the problem of maintaining privacy while saving discovery computational load and connection time The advertising devices IRK was passed to the master device during initial bonding The a master device will use the IRK to identify the advertiser as a trusted device CSRK and Sig
299. izontal Plane 77 Figure 4 3 For Audio A2DP Position Closer to SINK DUT a 78 Figure 4 4 Example Poor Capture Environment 22 0 e eee cece eee cece cece eee ceeceeeees 78 Figure 4 5 Sodera Wireless Devices Pane a 80 Figure 4 6 Bluetooth low energy Critical Decryption Packets Message Sequence Chart 85 Figure 4 7 Bluetooth low energy Critical Decryption Packets Frame Display 86 Figure 4 8 Frame Display Extended Inquire Response eee cece e cece eee e cece cee eeeeeeee 87 Figure 4 9 Format Menu aaa REA NGALAN Aah AANGAT N NA MAG JAAN EE Roo koU Iia 97 Figure 4 10 Header labels right click c cee cece ccc eee eeeceeceeeeeees 97 xiii ComProbe Sodera User Manual Figure 4 11 Data display right click menu _ 2 22 22 ee eee eee eee eee eee aaau 98 Figure 4 12 Event Display Options menu _ 22 2 a 101 Figure 4 13 Event Display Font Size Selection _ 2 222 2 ieee cece cece ccc ee eee eee eeeeeeeees 101 Figure 4 14 Frame Display with all panes active 2 22 eee eee cee cee cee cee cece cece nananana 102 Figure 4 15 Frame Display Find text entry field ieee cece eee cece cece eeeees 108 Figure 4 16 Search Find Dialog ccc cece cece cece eee c eee cence cececeeeeeeeeeeenees 109 Figure 4 17 Frame Dis
300. kets where Bluetooth content hitches a ride on 802 11 packets have a blue frequency range box instead of orange as with regular 802 11 packets both are shown below and the tool tip has two colors orange for 802 11 layers and blue for Bluetooth layers 168 Chapter 4 Capturing and Analyzing Data ComProbe Sodera User Manual Rri Presta AA SO a ku Guster Nin Tpk Dais Fates i Dara Chi 3 ST AY Sah 20 bir an Pasar BAG iota Charee Tpos AG Ng Page Ler TOET ket Kauna Adee AE NO bado GA Casiinakon Ada OR 1c Beit go THAP Figure 4 77 High speed Bluetooth packets have a blue frequency box and a two tone tool tip 4 4 2 34 Coexistence View No Packets Displayed with Missing Channel Numbers S Note This topic applies only to Classic Bluetooth Captured packets that don t contain a channel number such as HCI and BTSnoop will not be displayed When no packets have a channel number the Coexistence View Throughput Graph and Timelines will display a message Packets without a channel number such as HCI won t be shown Gee AG mag rat Pati withe a Channel sunbed ich aa HOT weet ba chown Packels tha a channel number puch aa HET won be shown Parkes aih g chan mamba ph KH HO wee be han Figure 4 78 Missing Channel Numbers Message in Timelines 169 ComProbe Sodera User Manual Chapter 4 Capturing and Analyzing Data 4 4 2 35 High Speed Live View When using the ComProbe 80
301. l Bluetooth low energy Encryption AES The following information and packets are needed to follow decryption e Long Term Key LTK e LL ENC REQ LL ENC RSP e LL START ENC REQ LL START ENC RSP e LL PAUSE ENC REQ LL PAUSE ENC RSP H Message Sequence Chart MSC o NEN File Edit View Help PARAN ANOSO a Ba All Layers Ctrl Summary Non Msq Summary LE EB LEADV LEDATA LELL LZCAP ATT SMP Pz ram ate ar dr CONNECT REQ New connection LEY VER SION li 10 BI uetooth Ci ore Sp ecitis zati 7 LL VERSION IND Blueto yth Core 5 pecificati 15 72 46 160443 M SMP Pairing Request 15 22246 460159 144 5 0x50655b 16 SMP_Pairing Response 15 22 46 490369 230 M 0x50655b16 5MP Pairing Confirm 15 22 47 810163 233 5 0x50655b16 5MP Pairing Confirm 15 22 47 840393 234 M 0x50655b16 SMP_Pairing Random 15 22 47 870164 237 5 Ox50655b 16 SMP Pairi g Random i PI 152247900085 hs Pia 0655b lb LL Eh Lo i REQ 18 47 9 LIL ENG TETAN i SMP GO TET MILE 5 Ox50655b16 SMP_Identity Information 15 22 48 1 70401 257 5 OS0655b16 5MP Identity Address Information 15 22 48 200403 259 5 Ox50655b1b SMP Signing Information 15 22 40 230403 260 M Ox50655b16 SMP_Eneryption Information 15 72 48 760173 202 M 50655b16 SMP_Master Identification 19 22 46 260034 264 M 050655b16 SMP_Identity Information 15 22 48 261447 bb M 0x50655b16 5MP Identity Address Information 15 22 40 262 108 M 050659016 5M Fa ignir Information Cang Hagai
302. l Events Number may be different As a general rule if you have the Show All Events icon depressed on the Event Display window or Frame Display Event pane choose All Events Number If the Show All Events button is up choose Data Event Number 5 1 5 Searching for Special Events Frontline inserts or marks events other than data bytes in the data stream For example the analyzer inserts start of frame and end of frame markers into framed data marking where each frame begins and ends If a hardware error occurs the analyzer shows this using a special event marker You can use Find to locate single or multiple special events To access the search for special events function 1 Opena capture file to search 2 Open the Event Display PP or Frame Display 6 window 3 Click on the Find icon Ah or choose Find from the Edit menu 4 Click on the Special Events tab of the Find dialog Note The tabs displayed on the Find dialog depend on the product you are running and the Si content of the capture file you are viewing 229 ComProbe Sodera User Manual Chapter 5 Navigating and Searching the Data Decode Paten Time GoTo 5pec Events Bookmark Abod Begin Char Sinp C Broken Frame T Butter O vesiiow C Capture Paused C Capture Resumed Cl Dropped Franss C Dropping Sync C End Char Stnp C End of Frame C Flow Control Active 7 Flow Control Inactree Frame Recognize Changed Ci Settings Changed Fi
303. lected wireless devices Performs the same function as setting the Sodera datasource Capture Toolbar Analyze Analyzing button to Analyzing Changing the Analyze Analyzing button will change the state of this button Stop Analyze stops decoding data from selected wireless devices Performs the same function as setting the Sodera datasource Capture Toolbar Analyze Analyzing button to Analyze Changing the Analyze Analyzing button will change the state of this button Save Saves the capture file Clear Clears or saves the capture file 16 Chapter 2 Getting Started ComProbe Sodera User Manual Table 2 3 Control Window Toolbar Icon List continued Description xP Event Display framed data only Opens a Event Display with the currently selected bytes highlighted P Frame Display framed data only Opens a Frame Display with the frame of the currently selected bytes highlighted la L D H MSC Chart Opens the Message Sequence Chart Bluetooth low energy Packet Error Rate Statistics Opens the Packet Error Rate Statistics window Bluetooth Classic Packet Error Rate Statistics Opens the Packet Error Rate Statistics window Audio Expert System Opens Audio Expert System window 2 3 2 Configuration Information on the Control Window a Lv LJ ll BEF The Configuration bar just below the toolbar displays the hardware configuration and may include I O settings It also provides such things as na
304. led a negative discontinuity and is shown in red A discontinuity for a timestamp going forward by more than 4 01 s is called a positive discontinuity and is shown in black A positive discontinuity is a cosmetic nicety to avoid lots of empty space A negative discontinuity is an error 4 776 ba Lal 218 data points plot oughput Over Ba eg EN PT Figure 4 48 A negative discontinuity 4 223 634 s 780 400 ms data point 194 data points piot Throughput Over Time 12011 1233307 46176 PM 0 01 34 659531 SoU 12235 084 805707 PM Figure 4 49 Three positive discontinuities 4 4 2 15 Viewport The viewport is the purple rectangle in the Throughput Graph It indicates a specific starting time ending time and resulting duration and is precisely the time range used by the Timeline The packet range that occurs within this time range is shown above the sides of the viewport 151 ComProbe Sodera User Manual Chapter 4 Capturing and Analyzing Data Figure 4 50 Throughput Graph Viewport The viewport is moved by dragging it or by clicking on the desired location in the Throughput Graph the viewport will be centered at the click point The viewport is sized by dragging one of its sides or by using one of the other zooming techniques See the Zooming subsection in the Timeline section for a complete list 4 4 2 16 Swap button The Throughput Graph and Timeline can be made to trade positions by clicking the Swap bu
305. licked the plug ins are reset and received frames are re decoded For example If the first frame occurs more than 10 minutes in the past the 10 minute utilization graph stays blank until a frame from 10 minutes ago or less is decoded 105 ComProbe Sodera User Manual Chapter 4 Capturing and Analyzing Data Table 4 5 Frame Display Toolbar Icons continued ee eee Sii Filter Text giving the filter currently in use If no filter is being used the text reads All Frames which means that nothing is filtered out To see the text of the entire filter place the cursor over the text and a ToolTip pops up with the full text of the filter The following icons all change how the panes are arranged on the Frame Display Additional layouts are listed in the View menu Show Default Panes Returns the panes to their default settings Show Only Summary Pane Displays only the Summary pane Shall All Panes Except Event Pane Makes the Decode pane taller and the Summary pane narrower Toggle Display Lock Prevents the display from updating First Frame Moves to the first frame in the buffer Previous Frame Moves to the previous frame in the buffer Next Frame Moves to the next frame in the buffer Last Frame Moves to the last frame in the buffer Find on Frame Display only searches the Decode Pane for a value you enter in the text box veces l Find Previous Occurrence Moves to the previous occurr
306. loating the Sodera datasource window using Positioning by Cursor below Docking o Docking The pane is positioned to its last docked position A new Tabbed Document docked position can be selected by using Positioning by Cursor Auto Hide below Hide o Auto Hide Operates the same as Auto Hide discussed above collapsing the pane and docking o Hide Operates the same as Close discussed above e You can repeat this process with other panes open and the control will highlight the available area Positioning by Cursor Changing the size of pane To change the size of a pane position the cursor on an edge of the pane the cursor will change to a two way arrow left click hold and drag the pane to the desired size Release the mouse button If the pane is floating the cursor can also be positioned on a corner of the pane which permits two way resizing 54 Chapter 3 Configuration Settings ComProbe Sodera User Manual Changing the position of a pane Event Log IX 3 Unable to initialize hardware Capture not started i Recording stopped i Recording started AN LAP conflict may cause unexpected results for these devices 0C 41 3E 09 84 45 and 000067 C5 8A 45 i Recording stopped mjm U u 3 11 2015 11 50 16 152024 AM 00 1E AB 4C 4F 52 packets captured 3 11 2015 11 50 43 386325AM_ CSR8510 Nanosira M2 3711 2015 11 50 25 280006 AM 48 9D 24 D9 1A 1A BLACKBERRY 2b 3 11 2015
307. log Note The tabs displayed on the Find dialog depend on the product you are running and the content of the capture file you are viewing 235 ComProbe Sodera User Manual Chapter 5 Navigating and Searching the Data Find Ethernet Sniffer Decode Patten Time GoTo Special Everts Bookmark Frama d Book 44 First enor 12 6 2010 11 25 48 18062 Frames 105 Source k mcomect 12 6 2010 11 25 55 7253 Frame 109 The tenetiamp seems ko be off on thes frame 72 GoTo E Figure 5 11 Find Bookmark tab There are several ways to locate bookmarks e Select the bookmark you want to move to and click the Go To button e Simply double click on the bookmark e Click the Move Forward and Move Back buttons to move through the frames to the bookmarks shown in the window When the bookmark is found it is highlighted in the window There are three ways to modify bookmarks 1 Click on Delete to remove the selected bookmark 2 Click on Modify to change the selected Bookmark name 3 Remove All will delete all bookmarks in the window The Find window Bookmark tab will also appear when using functions other than Find such as when clicking on the Display All Bookmarks Ll 5 1 9 Changing Where the Search Lands icon When doing a search in the analyzer the byte or bytes matching the search criteria are highlighted in the Event Display The first selected byte appears on the third line of the display CVEventDisplay To chan
308. low 159 ComProbe Sodera User Manual Chapter 4 Capturing and Analyzing Data Packets are color coded to indicate attribute Retransmit Bad Packet Can t Decrypt or Invalid IFS master Tx technology Classic Bluetooth Bluetooth low energy or 802 11 and category type Selection Box Attribute Bad Packet MasternTx Master Technology Classic Bluetooth Packet Category or Type ACL Figure 4 61 Each packet is color coded The innermost box which indicates packet category type is the packet proper in that its vertical position indicates the channel its length indicates the packet s duration in the air its left edge indicates the start time and its right edge indicates the end time The height of Classic Bluetooth and Bluetooth low energy packets indicates their frequency range 1 MHz and 2 MHz respectively Since 802 11 channels are so wide 22 MHz 802 11 packets are drawn with an arbitrary 1 MHz height and centered within a separate frequency range box which indicates the actual frequency range Selecting a packet by clicking on it draws a selection box around it as shown above and highlights the applicable entries in the legend Selected Retransmit Bad Packet Cant Decrypt Invalid IFS ke Discontinuity UE IR NAN Click on any bold entry above to enable navigation Figure 4 62 Highlighted entries in the legend for a selected packet Summary information for a selecte
309. lso copy the spectrum data file swsd If the spectrum data file is not present at the time the capture file is opened spectrum data will not be available in the Coexistence View 4 1 2 7 Critical Packets and Information for Decryption After two Bluetooth devices are paired and Sodera has captured data the ComProbe software requires certain packets and information for successful post capture decryption BR EDR Legacy Encryption E0 The following information and packets are needed to follow decryption e Link Key e Full Master BD ADDR Full Slave BD ADDR e All packets from the last authentication master or slave before encryption starts LMP au rand and LMP__ sres e LMP en rand negotiated LMP encryption key size e LMP start encryption req LMP accepted LMP start encryption req e LMP stop encryption req LMP accepted LMP stop encryption req BR EDR Secure Encryption AES The following information and packets are needed to follow decryption e Link Key e Full Master BD ADDR Full Slave BD ADDR e Complete mutual authentication LMP au rand from the master and slave as well as LMP sres from the master and slave e Negotiated LMP encryption key size e LMP start encryption req LMP accepted LMP start encryption req e LMP pause encryption aes req if pausing and resuming AES encryption e LMP stop encryption req LMP accepted LMP stop encryption req 84 Chapter 4 Capturing and Analyzing Data ComProbe Sodera User Manua
310. lues specified in Table 1 2 If the observed captured waveforms do not reasonably conform to the above graphic for Test 1 02 or the Test ID Found event is not reported there is a problem along the audio chain This could be as simple as a configuration setting or more subtle such as an encoder decoder incompatibility 4 5 5 Audio Expert System Event Type The following tables list the Audio Expert System Bluetooth Codec and audio events with description Included in the tables is the event severity that can have three values Information Warning and Error The event severity will appear as icons and text in the Audio Event System once an audio streams has been captured Refer to 4 5 6 3 Event Table Event Table Columns on page 213 for an explanation of the severity types 4 5 5 1 Event Type Bluetooth Protocol Table 4 23 Event Type B uetooth Protocol 193 ComProbe Sodera User Manual Chapter 4 Capturing and Analyzing Data Table 4 23 Event Type Bluetooth Protocol continued Severity Description Fragmented AVDTP packet not terminated before sending next packet Invalid AVDTP transaction ID Missing AVDTP command response Unrecognized A2DP content protection type Attempt to configure delay reporting during incorrect stream state Attempt to open A2DP stream that has not been configured Attempt to close A2DP stream that is not active A2DP streaming channel created before configuration completed Configurat
311. m Panel Wave Panel and a pop up menu will appear Select Export 215 ComProbe Sodera User Manual Chapter 4 Capturing and Analyzing Data Two windows will appear 1 The standard Windows Save As 2 The Export Audio Data dialog In the Windows Save As window enter a File name and directory location Click on Save ad Export Audio Data File Name C Users jwt Desktop audiowebinar_1 wav 1 044100 Hz 16 bits stereo PF Encoded Audio Data raw 2 1 16000 Hz 16 bits mono 3 1 16000 Hz 16 bits mono Decoded Audio Data wav E Event Table Data csv Only Selected Wave Area Figure 4 111 Export Audio Data dialog The Save As window will close and the file name will appear in the File Name field in the Export Audio Data window Should the file name need to be changed click on the Select button and the Windows Save As dialog will open By default the wav file extension is used in the file name In the window below File Name will appear a list of Stream Ids with a description from the Audio Stream Info If opening from the Audio Expert System Global Toolbar all Stream IDs are checked by default If opening from a Wave Panel the Stream ID where the export dialog was opened is automatically checked You can check each stream that is to be exported For convenience checking Select all below the stream list window will place checks in all streams Export Options After selecting the streams to export select the
312. m data is synchronized in time to the captured Bluetooth packets and is displayed in the Coexistence View 2 4 GHz Timeline The spectrum power level is shown as a heat map behind the timeline packets The heat map appears in shades of blue with darker blues representing higher power levels and lighter blues representing lower power levels white represents the lowest power level The darkest shade of blue represents 15dBm and above while white represents 100 dBm and below 171 ComProbe Sodera User Manual Chapter 4 Capturing and Analyzing Data Wirepa Pagli Bangag 7 Pagkata ee Pp baa AT a a a ha Figure 4 79 Coexistence View Timeline with Packets and Spectrum Heat Map Sodera only Paa Pan Baga PK bA ETTI T TETT ae Figure 4 80 Coexistence View Timeline with Packet Outlines Packet Selection Boxes and Spectrum Heat Map Sodera only Spectrum Help The Spectrum heat map view is controlled from the Spectrum menu If spectrum data is available the spectrum heat map is shown with the packets by default To hide the spectrum data heat map uncheck the Show Spectrum option Show Spectrum Show Packets Show Packet Quilines When displaying the heat map the user can control how the packets are displayed The following table describes the options for packet display These options are mutually exclusive and they are available only when Show Spectrum is checked Hide Packets a
313. m end and then resume following the waveform Mute Mute will mute unmute audio playback for all Wave Panels Individual Wave Panel Mute control will override the Global Toolbar Mute for that panel only Volume Down Decreases the audio playback volume of all Wave Panels based on the current volume level setting for each individual Wave Panel Volume Down Decreases the audio playback volume of all Wave Panels based on the current volume level setting for each individual Wave Panel Average Bit Rate Overlay Displays an overlay graph of the average bit rate for the audio stream in each Wave Panel The average is based on a 0 10 second moving window Actual Bit Rate Overlay Displays an overlay graph of the instantaneous bit rate for the audio stream in each Wave Panel Export Data Exports audio data in raw and or wav format for selected Wave Panels or all the Wave Panels This button also lets user export Event Table data in csv format Refer to Waveform Export Audio Data for more details Help Opens ComProbe software help 204 Chapter 4 Capturing and Analyzing Data ComProbe Sodera User Manual Table 4 29 Global Toolbar Controls continued ee Sa Collapse Expand Toggles between collapsing and expanding all Wave Panels Note that the Wave Panel Local Controls Collapse Expand control will locally override the Global Toolbar Collapse Expand control 4 5 6 2 Wave Panel The Stream Panel is where t
314. mation Dimensions 6 25 wide X 2 25 tall X 6 5 deep 158 75 mm X 57 15 mm X 165 1 mm Weight 2 2 Ibs Humidity Operating 0 90 O C 35 C Temperature 10 C to 50 C 14 F to 122 F Power Input 12 VDC tip positive Max Power 25W Battery NB2037FQ31 Caution There is a risk of explosion if the battery is replaced by an incorrect type Dispose of old batteries according to your local regulations Service Notes The Sodera hardware does not contain any user serviceable items Any repairs and maintenance must be performed by a service technician that has been trained and approved by Frontline Before any service is performed on Sodera all power sources must be removed This includes removing the battery and disconnecting any power sources from the 12 VDC input power connector on Sodera Typical power sources include external AC DC power supplies or auxiliary power sources from a vehicle Internal Fuse Information Manufacturer Littlefuse Type OmniBlok Current rating 5A Speed rating Very Fast Acting Voltage rating 125V ac dc 273 ComProbe Sodera User Manual Appendicies 274 Appendicies ComProbe Sodera User Manual 275 Appendix B Application Notes B 1 Audio Expert System aptX hiccup Detected _ 2 222 ieee cece cece eee e ce eceeeeeees 277 B 2 Getting the Android Link Key for Classic Decryption _ _ 22 22 le lee eee eee eee eee eee e
315. mation from that device but the random number would be different than Mconfirm Once pairing is complete and an encrypted session established the keys are distributed by the master and slave now identified by Side M and Side S respectively in the Summary pane In Frame 39 661 the slave has distributed LTK to the master to allow exchange of encrypted data Frame 39 661 through 39 714 in the Summary pane SMP tab are the key distribution frames 3 5MP Code Piang Lonia Lentini Yah bha eS S8 ad PT ly ECN E Ti 35 573 35 545 39591 33 600 hI Re i f rary ey Farg Request Para Reto Paging Contam Farg Corim T db Pa 36 3 BELAJ LAA i O00 14 0 witi motza DOO 00 0 Figure 23 SMP Pairing Confirm Frame 39 591 from Initiator Side 1 300 US ER ceed LA O04 38 335618 Biia 305645 awom 7605 atiam 735836 Appendicies ComProbe Sodera User Manual MP 23604 1 Panng Random 36 ptah 0005 765607 Code Ereryphon Iniomshon 39610 2 PakingRandam 56 O00000 ON0601 755938 LTE Qodd ec 740713821891161 cA bbi H BE 5 Encryption Infor 40 oaio 000502065841 33671 5 Master dente 34 OOOO 0005 02 12584 HEH 5 lantay rima al OO CN O00 DO Cele 185642 73 706 5 Signing Ir oma A DOO0001 00500 305843 710 Hi ldertivinioma 40 POO Oe 335613 33712 hi Identity Add 7i OO CI O00 DO Ct 336273 29714 M Signing irfoma 40 wwa 000502 336861 Figure 24 SMP Key Distribution Fram
316. me 2119 In Figure 4 frames 2138 through 2158 perform the GET_CAPABILITIES negotiation between the local and remote device for SEPIDs 2 and 1 SEPID 2 is an MPEG SEP and SEPID 1 is the SBC SEP Frames 2169 and 2175 sets the specific details of the e ACP Stream Endpoint ID 5 connection with the SET_CONFIGURATION signal The local INT Stream Endpoint ID 2 device sets the remote endpoint to the aptX device ACP E Service Category Media Transport Stream Endpoint ID 5 and sets the local endpoint to SEPID 1 3 Length DF Service Capability LOSC O INT Stream Endpoint ID 2 The Codec Sampling Frequency E service Category Media Codec and Channel Mode are also configured See Figure 5 Length OF Service Capability LOSC 3 2 Media Tupe Audio ba Media Codec Tupe Vendor 5pecifie Codec EF Codec Info Element Apts codec data Vendor ID APT Ltd Codec ID Classic Frames 2823 and 2833 START the audio stream with the local i Sampling Frequency request and the remote response respectively 4 1Khz Supported Channel Mode Stereo At frame 2175 the remote device sends the message Response Accept completing the audio stream setup Frames 2185 and 2190 are the local request and the remote response to OPEN the audio stream 280 ComProbe Sodera User Manual Appendicies i oo DULANG NIN ADIP Media Hands Free AVRCP A2DP Data Non Captured Info j Link 1 LE BE Data Han k B Framett ACP
317. me of the network card address information ports in use etc 2 3 3 Status Information on the Control Window The Status bar located just below the Configuration bar on the Control window provides a quick look at current activity in the analyzer Status Paused Capture to Single File 1 used Packets on h w 0 e Status displays Not Active Paused or Running and refers to the state of data analysis o Not Active means that the analyzer is not currently capturing data 17 ComProbe Sodera User Manual Chapter 2 Getting Started o Paused means that data capture has been suspended o Running means that the analyzer is actively capturing data e Used The next item shows how much of the buffer or capture file has been filled For example if you are capturing to disk and have specified a 200 Kb capture file the bar graph tells you how much of the capture file has been used When the graph reaches 100 capture either stops or the file begins to overwrite the oldest data depending on the choices you made in the System Settings e Utilization Events The second half of the status bar gives the current utilization and total number of events seen on the network This is the total number of events monitored not the total number of events captured The analyzer is always monitoring the circuit even when data is not a
318. meline When not checked the Throughput Graph appears in its default position at the top of the window Performs the same function as clicking the Swap button See Coexistence View Throughput Graph on page 149 When checked displays dots on the Throughput Graph Dots are different sizes for each technology so that they reveal overlapping data points which otherwise wouldn t be visible A tooltip can be displayed for each dot Performs the same function as the Dots button See Coexistence View Throughput Graph on page 149 When checked dispalys a Zoomed Throughput Graph above the Throughput Graph The Zoomed Throughput Graph shows the details of the throughput in the time range covered by the viewport in the Throughput Graph Performs the same function as the Show Zoom button When not checked the Zoomed Throughput Graph is hidden Performs the same function as the Hide Zoom button See Coexistence View Throughput Graph on page 149 Only active when the Zoomed Throughput Graph is visible When checked it freezes the y axis scales and makes it possible to compare all time ranges and durations Performs the same fuction as the Freeze Y button which appears with the Zoomed Throughput Graph When not checked the y axis scales are unfroozen Performs the same function as the Unfreeze Y button which appears with the Zoomed Throughput Graph see Coexistence View Throughput Graph on page 149 140 Chapter 4 Capturing a
319. n be removed from the Summary pane by selecting Remove New Column from the right click menu The default column layout both membership and order can be restored by selecting Restore Default Columns from the Format or right click menus Changing Column Widths To change the width of a column 1 Place the cursor over the right column divider until the cursor changes to a solid double arrow 2 Click and drag the divider to the desired width 3 To auto size the columns double click on the column dividers Hiding Columns To hide acolumn 1 Drag the right divider of the column all the way to the left 2 The cursor changes to a split double arrow when a hidden column is present 3 To show the hidden column place the cursor over the divider until it changes to a split double arrow then click and drag the cursor to the right 4 The Frame Size Timestamp and Delta columns can be hidden by right clicking on the header and selecting Show Frame Size Column Show Timestamp Column or Show Delta Column Follow the same procedure to display the columns again Moving Columns Changing Column Order To move acolumn 116 Chapter 4 Capturing and Analyzing Data ComProbe Sodera User Manual 1 Click and hold on the column header 2 Drag the mouse over the header row 3 A small white triangle indicates where the column is moved to 4 When the triangle is in the desired location release the mouse Restoring Default Column Settings To
320. n is not accessible files are saved to the default directory that is set at installation If the checkbox is unchecked then the system always defaults to the directory listed in the File Locations dialog 7 1 3 Side Names The Side Names dialog is used to change the names of objects and events that appear in various displays The Side Names dialog will change depending on the sniffing technology in use at the time the software was loaded Changes to the Names are used throughout the program 259 ComProbe Sodera User Manual Chapter 7 General Information Side Names Default Namez Current Hames Slave Master Figure 7 6 Example Side Names Where Slave and Master are current 1 To open the Side Names dialog choose Side Names from the Options menu on the Control window 2 Tochange aname click on the name given in the Current Names column and then click again to modify the name a slow double click 3 Select OK to initiate the changes The changes that have been made will not fully take effect for any views already open Closing and reopening the views will cause the name change to take effect 4 Torestore the default values click the Set Defaults button 7 1 4 Timestamping Timestamping is the process of precise recording in time of packet arrival Timestamps is an optional parameter in the Frame Display and Event Display that can assist in troubleshooting a network link 7 1 4 1 Timestamping
321. n list and click OK If you do not have any previously overridden parameters you may set parameters for the current frame and onwards by right clicking the desired frame and choosing Provide AVDTP Rules from the right click pop up menu This is the Summary Pane Copy Selection to Clipboard Save Selection If you have a parameter in effect and wish to change it there are two Go To parameters that may be overridden for AVDTP Change the Show Frame Size Column Selected Item to Carry and if AVDTP Media is selected the codec Show Timestamp Column type Because there are times when vital AVDTP configuration Show Delta Column F information may not be transferred over the air we give users the j Add New Column Help b ability to choose between the four AVDTP channel types for each e EEDIT D L2CAP channel carrying AVDTP as well as codec type We attemptto Ba aaa make our best guess at codec information when it is not transferred EHE ALI over the air but we realize we may not always be correct When we Add Bookmark make a guess for codec type we specify it in the summary and decode Export panes by following the codec with the phrase best guess by analyzer Aa Ka Provide AVDTP Rules This is to let you know that this information was not obtained over the ToT i a rovide LAC AP Rules air and that the user may wish to alter it by overriding AVDTP a AA ee parameters Set Subsequent Decoder
322. n the Bluetooth Class being tested 6 Frontline ComProbe analyzer that can be either of the following a ComProbe Sodera Wideband Bluetooth Protocol Analyzer or b ComProbe BPA 600 Dual Mode Bluetooth Protocol Analyzer 7 Personal computer for running ComProbe software B 3 3 Test Setup Bluetooth The following figure show the conductive test setup For information on setting up and operating the ComProbe Sodera and ComProbe BPA 600 refer to the ComProbe User Manuals at fte com DUT 1 DUT 2 Antenna Connector ComProbe Sodera Figure 12 Sodera Conductive Test Setup 291 Appendicies ComProbe Sodera User Manual DUT 1 DUT 2 AT1 AT2 Antenna Connectors ComProbe BPA 600 Figure 13 BPA 600 Conductive Test Setup Both ComProbe BPA 600 antennas must be connected as shown The AT1 through AT4 attenuator values will depend on the DUT1 and DUT2 transmitter Class At higher power levels all four attenuators may be needed In all cases use good engineering practices to protect the devices under test and the ComProbe hardware from damage and to ensure reliable operation Assuming that there is no attenuation in the test setup e For Sodera o Atthe T connector the power will split in half For example if DUT1 is a Class 1 device transmitting 20 dBm 100 mW at the T connector it will split with 17 dBm 50 mW going to DUT2 and 17 dBm
323. n6d46FF7F765b3b5bd3429cFbZae7500ee922758 Oxbc112a9d064a18a55 a61e331804a8f e8492df Oxe9eab94b5 674a5ec479b345de7e27dafc39a7 x x Y Ox25bbf2cF9b157da742Ffb414c55c62c542343b P192 0x45 7adefb98762 30aaaadeeefffffffffff22223445857463 Figure 3 20 Private Keys Pane The Private Keys pane has three columns that list one entry for each unique key Table 3 8 Private Keys pane Columns Key Type P192 if the key is used for Legacy pairing P256 if the key is used for Secure Connection pairing Private The key entered by the user pa 24 octets for P192 Legacy 32 octets for P256 Secure Connection Public Key The two parts of the public key automatically generated when the complete Private Key is entered X the first half of the Public Key y the second half of the Public Key Private Key management tools In the header of the Private Keys pane is a toolbar for adding or deleting keys Private Keys awe GR Table 3 9 Private Keys Management Tools fee escrntoin OOOO a Used to add a Private Key to the pane When clicked it opens the Private Keys Entry rivate Ka dialog See Private Key Entry dialog on page 51 F Enabled when a private key in the pane is selected When clicked it opens the Private Keys Entry dialog with the selected Private and Public Key filled in See Private Key Entry dialog on page 51 CG Enabled with a private key in the pane is selected When checked it allows the user to switch b
324. nable Excursion mode captures OK Cancel S Note Sodera hardware can be connected to the computer after the Capture Options dialog has opened 31 ComProbe Sodera User Manual Chapter 3 Configuration Settings Capture Options Selections Selection Cescription OOS O BR EDR When checked will record data from Classic Bluetooth devices bs Low When checked will record data from Bluetooth low energy devices Energy When checked this selection provides the user with the ability to capture samples of the 2 4 GHz RF present at the Sodera antenna The spectrum data represents the RSSI and it is automatically saved when the capture is saved It can be optionally viewed in the Coexistence View Spectrum sampling is set at 20 50 100 or 200 microsecond intervals Capturing spectrum data will use additional memory and the smaller the sample interval the more memory that is used See Spectrum Analysis on page 83 and Coexistence View Spectrum Sodera Only on page 171 for more information Reduce When checked Low gain is enabled on the Sodera hardware The received RF RF signals are reduced by approximately 20 dB compared to the Normal gain Sensitivity setting For more information see Sodera Baseband Layer Signal Strength on 20 dB page 137 reduction i When unchecked Normal gain is enabled on the Sodera hardware Enable When checked the Sodera hardware will support Excursion mode captures Excursion where t
325. nalyzing Data ComProbe Sodera User Manual To manually unframe your data 1 Select Unframe from the File menu on the Control window Unframe is only available if a protocol stack was used to capture the data and there is currently no protocol stack selected In addition to choosing to Unframe you can also be prompted to Unframe by the Protocol Stack Wizard 1 Load your capture file by choosing Open from the File menu on the Control window 2 Select the file to load 3 Choose Protocol Stack from the Options menu on the Control window 4 Select None from the list 5 Click Finish The Protocol Stack Wizard asks you if you want to unframe your data and put it into a new file 6 Choose Yes The system removes the frame markers from your data puts the unframed data into a new file and opens the new file The original capture file is not altered See Reframing on page 90 for instructions on framing unframed data 4 2 5 How the Analyzer Auto traverses the Protocol Stack In the course of doing service discovery devices ask for and receive a Protocol Descriptor List defining which protocol stacks the device supports It also includes information on which PSM to use in L2CAP or the channel number for RFCOMM or the port number for TCP or UDP The description below talks about how the analyzer auto traverses from L2CAP using a dynamically assigned PSM but the principle is the same for RFCOMM channel numbers and TCP UDP port numbers The
326. name gt Alternatively you can choose Set Subsequent Decoder Parameter from the Options menu 3 This option brings up a dialog showing all the places where context data was overridden 4 If you know that information is missing you can t provide it and you don t want to see dialogs asking for it un check Automatically Request Missing Decoding Information 5 When unchecked the analyzer doesn t bother you with dialogs asking for frame information that you don t have In this situation the analyzer decodes each frame until it cannot go further and then simply stop decoding 4 3 Analyzing Byte Level Data 4 3 1 Event Display To open this window click the Event Display icon PD on the Control window toolbar The Event Display window provides detailed information about every captured event Events include data bytes data related information such as start of frame and end of frame flags and the analyzer information such as when the data capture was paused Data bytes are displayed in hex on the left side of the window with the corresponding ASCII character on the right 92 Chapter 4 Capturing and Analyzing Data ComProbe Sodera User Manual 9 Event Display Homer cfa File Edit View Format Bookmarks B Window Help AKI Ev A t x Event Humber 3 4 o 3 10 11 12 13 14 15 432 Slave 00 01 5a 03 F 4a 04 a5 23 6b be O01 Im Master 4337 mH 4656 c 23 Slave PALS a6 23 6b be 00 00 01 Masher 4353 0b 9d 52
327. nclude and an Exclude radio button These buttons are mutually exclusive The Include Exclude selection becomes part of the filter definition and appears as part of the filter description displayed to the right of the Toolbar Include A filter constructed with the Include button selected returns a data set that includes frames that meet the conditions defined by the filter and omits frames that do not Exclude A filter constructed with the Exclude button selected returns a data set that excludes frames that meet the conditions defined by the filter and consists of frames that do not 1235 gt ComProbe Sodera User Manual Chapter 4 Capturing and Analyzing Data 4 4 1 13 1 3 Named Display Filters You can create a unique display filter by selecting a data type on the Frame Display and using a right click menu When you create a Name Filter it appears in the Quick Filtering dialog where you can use it do customize the data you see in the Frame Display panes 1 Select a frame in the Frame Display Summary Pane 2 Right click in the one of the data columns in the Summary Pane CRC NESN DS Packet Success Ethertype Source Address etc 3 Select Filter in data type The Filtering Results Filtering Results dialog appears 4 Enter aname for the filter 5 Select OK Filter Name The filter you just created appears in the Named Filters section ASCII 3 of the Quick Filtering dialog ok Cancel
328. nd Analyzing Data ComProbe Sodera User Manual Table 4 10 Coexistence View Navigate Menu Selections continued MON APAT ee Last Packet When clicked the last packet in the sessionis End selected and displayed in the Timeline Performs the same function as the g Last Packet button Previous When clicked the first packet occurring in time Left Arrow Packet prior to the currently selected packet is selected and displayed in the Timeline Performs the same function as the O Previous Packet button Next Packet When clicked the first packet occurring next in Right Arrow time from the currently selected packet is selected and displayed in the Timeline Performs the same function as the gt Next Packet button Previous When clicked selects the first prior retransmitted packet from the current selection and Retransmitted displays it in the Timeline Performs the same function as the Ga Previous Packet Retransmitted Packet button Next When clicked selects the next retransmitted packet from the current selection and Retransmitted displays it in the Timeline Performs the same function as the Next Retransmitted Packet Packet Previous When clicked selects the first prior invalid B uetooth low energy IFS packet from the Invalid IFS current selection and displays it in the Timeline Performs the same function as the Ga Packet Previous Invalid IFS Packet button Next Invalid When clicked sele
329. nd Analyzing Data ComProbe Sodera User Manual Table 4 8 Coexistence View Format Menu Selections continued lecti Pag Show Tooltips When checked Timeline and Throughput Graph tooltips will appear in the upper left in Upper Left corner of your computer sceen You can relocate the tool tip for convenience or to see Corner of the timeline or throughput graph unobstructed while displaying packet information See Screen Coexistence View Timelines on page 159 Table 4 9 Coexistence View Zoom Menu Selections j Descript When clicked Ctri Plus Viewport time duration decreased When clicked Ctrl Minus Viewport time duration increases The following two selectioins are mutually exclusive Scroll Tool Mouse Wheel Scrolls Ctrl Key When checked sets the mouse wheel to scroll Switches to Zoom Tool the Viewport Pressing the Ctrl key while scrolling switches to zooming the Viewport Zoom Tool Mouse Wheel Zooms Ctrl Key When checked sets the mouse wheel to zoom Switches to Scroll Tool the Viewport Pressing the Ctrl key while zooming switches to scrolling the Viewport Zoom To Time Range of Selected Packets Active only when packets are selected When clicked the Viewport duration changes to the time range covered by the selected packets Zoom To Throughput Graph Data Point When clicked the Viewport duration changes to the time range of the Throughput Graph selected data point Custom Zoom Set by Zoom To Time
330. nd Outlines EI Table 4 15 Spectrum Menu Packet Display Options Displays each packet Tooltips packet text and selection boxes are available as usual Packets 172 Chapter 4 Capturing and Analyzing Data ComProbe Sodera User Manual Table 4 15 Spectrum Menu Packet Display Options continued Show Displays an outline of each packet In this mode the spectrum data comprising each packet Packet is Clearly visible and indicated Tooltips packet text and selection boxes are available as Outlines usual Hide Packets and packet outlines are not displayed Tooltips packet text and selection boxes Packets and are available as usual Outlines 4 4 3 About The Message Sequence Chart MSC The Message Sequence Chart MSC displays information about the messages passed between protocol layers MSC displays a concise overview of a Blutetooth connection highlighting the essential elements fo the connection Ata glance you can see the flow of the data including role switches connection requests and errors You can look at all the packets int he capture or filter by protocol or profile the MSC is color coded for a clear and easy view of your data H Message Sequence Chart MSC o 8 8 ALAA AMOS NB BS All Layers Ctrl Summary Non Msg Summary BB LMP L2CAP SDP RFCOMM 3 635 11 57 15 345497 Open signaling channel H RFCOMM_SABM Channel Signaling Length 0 3 640 11 57 15 3486
331. nd demodulating all RF channels and packet types defined in all Bluetooth specification versions up to and including 4 2 Sodera provides live simultaneous capture of all 79 Classic Bluetooth channels and 40 Bluetooth low energy channels storing data for both live and post Capture analysis Sodera uses a two stage capture analysis process First Record will activate the Sodera datasource to begin capturing data from all Bluetooth devices in range In the Analyze stage the user selects one or more wireless devices for analysis and Sodera will begin sending captured data that is to from those devices to the ComProbe analysis software The data appears in the Frame Display Message Sequence Chart Coexistence View Bluetooth Timeline low energy Bluetooth Timeline PER Stats Event Display etc If any keys needed for decryption are known from past captures those keys are automatically applied to the devices under test Prior to protocol analysis the user can enter any unknown keys Sodera will identify the specific key necessary for data decryption for example Link Key Passkey PIN Temporary Key 3 1 1 1 Standard Capture Scenario In the standard capture scenario Sodera is connected to a host computer via the rear panel PC HOST interface and captures live over the air data exchanged between two Bluetooth devices 3 1 2 ComProbe Sodera Window When the ComProbe software is loaded and started on the host computer the ComProbe Control wind
332. nd enter it directly J Note Only one device in the link must be in SSP Debug Mode If the Bluetooth devices do not allow Debug Mode activation enter the Link Key as described above 3 1 2 4 2 Bluetooth low energy Encryption Long Term Key The Long Term Key LTK in Bluetooth low energy is similar to the Link Key in Classic Bluetooth Itis a persistent key that is stored in both devices and used to derive a fresh encryption key each time the devices go encrypted In the Sodera Security pane the LTK is entered in the Link Key field so the following discussion will use Link Key instead of LTK Security w x Status 8 Time Master Slave PIN TK Link Key ACD IV ral 11 13 2014 6 28 06 087697 AM 38 BF 33 08 09 15 DB 84 7D 38 A1 80C static na Enter link key nya b6 7adbde4d257d m CASIO GE 56004 Figure 3 11 Bluetooth low energy Static Address Link Key Required In this example a low energy device requires Link Key entry for the ComProbe software to decrypt the data To enter the Link Key click on Enter link key and type or paste in the Link Key in hex format Note It is not necessary to precede the Link Key with Ox to signify a hex format The software H will automatically add 0x to the front of the Link Key w Wx Status Time Master Slave PIN TK Link Key ACO IV fal 11 13 2014 7 14 06 119692 AM 38 BF 33 08 C9 15 DB 84 7D 38 A1 8C static n a n a x67adbde4d857d CASIO GB 5600A Figure 3 12 Bluet
333. nd testers are brought directly to the exact packets or frames related to the event in the Bluetooth protocol trace in the Frame Display This helps users find issues quickly and easily The events are shown time aligned with both the actual audio waveform and bit rate variances graph in the Wave Panel The bit rate variance graph shows the average or actual amount of Bluetooth audio data sent over a period of time AES can operate in two modes 1 referenced mode and 2 non referenced mode In referenced mode a Frontline provided audio test file is streamed between the Devices Under Test DUTs The test file content and parameters are known to the AES software that performs a comparison for deviations This process helps the software accurately detect anomalies created by the streaming process In non referenced mode DUTs stream audio of unknown content limiting the types of detectable events The software automatically determines the operation mode with no user input required B 1 2 Test Setup The following DUTs below were used in our test setup e DUT1 smartphone with Bluetooth and aptX capability The smartphone operating system was Android e DUT2 Earphones with Bluetooth and aptX capability The protocol analyzer ComProbe BPA 600 Dual Mode Bluetooth Protocol Analyzer with Bluetooth Audio Expert System activated The BPA 600 is connected to a personal computer PC that is running ComProbe Protocol Analysis System software DUT1 was use
334. ndow 18 Freeze 96 FS 267 FTS Serial Driver 267 Go To 228 Green Dots in Summary Pane 117 GS 266 Hex 97 Hexadecimal 118 Hiding Display Filters 126 Hiding Protocol Layers 107 High Resolution Timestamping 262 HT 267 I O Settings Change 99 Icons in Data on Event Display 99 Importable File Types 244 Importing Capture Files 244 INCLUDE 123 Include Exclude 123 L2CAP 66 L2CAP Override Decode Information 67 Layer Colors 120 LF 267 Link Key LSB 46 Live Update 96 Appendicies Logical Byte Display 108 Logical Bytes 108 Long Break 100 Low Power 100 Main Window 15 Mesh 71 CSRmesh 71 Smart Mesh 71 Message Sequence Chart 173 Message Sequence Chart Find and Go To 178 Message Sequence Chart Go To 179 Minimizing 23 Missing Decode Information 63 69 Mixed Channel Sides 98 Mixed Sides Mode 98 Modem Lead Names 259 Modify Display Filters 128 129 Multiple Event Displays 95 Multiple Frame Displays 111 N NK 266 Node Filters 126 Nonprintables 251 Notes 243 NU 266 Number Set 97 Numbers 264 Octal 97 322 ComProbe Sodera User Manual Open 95 Open Capture File 243 244 Options 253 255 256 260 Other Term Subterm 22 Override Decode Information 64 67 70 Overriding Frame Information 91 Overrun Errors 234 Panes 111 Pattern 224 Performance Notes 263 Printing 247 Printing from the Frame Display 244 Progress Bars 264 Protocol Protocol Layer Colors 120 Protocol Layer Filtering 135
335. ng 4 4 1 14 Sodera Baseband Layer Signal Strength 2 a 137 HAZ COENISIENCE VIEW occas BELLE TAE nda adekaeeiotaeetecokecsd eucedsatensecaedseeeacoseetacsetensanese 137 4 4 2 1 Coexistence View Menus 2222220 0 0 0 ee ce ce eee ee ce cee cence eee e eens 138 4 4 2 2 Coexistence View Toolbar eee cee eee eee 145 4 4 2 3 Coexistence View Throughput Indicators a 146 4 4 2 4 Throughput AA 147 4 4 2 5 Radio BUMONS foc cccncextceicenedecoctdcaccataettolaene ahha aan na NLA cuebsastncecsuaeeisescese 147 44 2 6Allradio DUTTON Ha neces a Ed genera se Pa kang a ana nan nanan BG nana cous 147 4 4 2 7 Selected radio DUTTON lt icccccsacemsnansenbacestwcosesasteususchecseseuceuseradenedesensnasvenscccs 147 4 4 2 8 Viewport radio button 2 22 00000000000000 000000022 20a aoo oaoaraa 148 4 4 2 9 Indicator AD AA 148 4 4 2 10 Coexistence View Throughput Graph _ _ 22 22 ieee ee eee eee cece eee eeeeees 149 4 4 2 11 Throughput Graph Y axis labels e eee cece eee c cece ccc ceeceeceeeececceeeeees 149 MA 232 EIGENMANN 150 WA TOOS wade ance gacee ben ccasaee sees cen iule at esciece wack eee daesecaes E R ER 150 4 4 2 14 Discontinuities 200 ee ee eee eee eee 150 ee TS VIC WOU cc ees ee a peda bate he ai dle ate saben dha nena LNG 151 4 4 2 16 Swap button _ 2 22 2 a 152 4 42 17 Dats DOUWON AA Er EAE NE EEOAE ERRE 153 4 4 2 18 Zoomed Throughput Graph
336. ng regulator arm whose positions represented code numbers Tim Each station was also outfitted with two telescopes for viewing the other stations in the link and clocks were used to synchronize the stations By 1803 a communications network extended from Paris nayong across the countryside and into Belgium and Italy ima Pi magaang kaa a i 5 ee 7 AA fr ieee 4 Ex IA Chappe developed several coding schemes through the next few years The station operators only knew the codes not what characters ig they represented Not only was Chappe s telegraph system the first working network with protocols synchronization of serial transmissions but it also used data encryption Although cryptography has been around for millenniums dating back to 2000 B C Chappe was the first to use itin a wide area network in the modern sense Figure 29 Chappe s Optical Telegraph 305 ComProbe Sodera User Manual Appendicies Of course anyone positioned between the telegraph stations that had Chappe s telegraph code in hand could decode the transmission So securing the code was of paramount importance in Chappe s protocol Modern wireless networks such as Bluetooth low energy employ security measures to prevent similar potentially man in the middle attacks that may have malicious intent Bluetooth low energy devices connected in a link can pass sensitive data by setting up a secure encrypted link The process is similar to but n
337. ng Data Suggested Corrective Action The device under test DUT may be too close to the Sodera unit Try moving the DUT further away from the Sodera antenna Try capturing again With a persistent Signal too Strong indication try checking the Radio Reduced RF Sensitivity 20 Sete meee db reduction from the Capture Options selection of the Options menu This selection will ComProbe Sodera SN A1507 00071 reduce the incoming RF level at the Sodera unit by i Wireless Technologies 19 5 dB Try capturing again M BR EDR W Low Energy Spectrum Interval us 20 Radio lv Reduce RF sensitivity 20dB reduction We Enable Excursion mode captures OK Cancel 4 1 2 5 Excursion Mode Capture amp Analysis Capturing data in Excursion mode is accomplished without the Sodera hardware being connected to a computer The captured data is stored on the Sodera hardware for later access and analysis when connected to a computer The Sodera hardware must be configured for Excursion mode while connected to a computer running the ComProbe Protocol Analysis System Refer to Capture Options dialog on page 31 Excursion mode Data Capture To capture in Excursion mode disconnect the Sodera hardware from the computer 1 Apply power to Sodera with external power or using the internal battery power See Applying Power on page 9 2 Press the Capture button on the Sodera front panel right side The Capture LED will illuminate a
338. ng the Capture File Once your ComProbe Sodera capture and analysis is completed you can save the captured file for future analysis All data captured from start session Recording to stop session Record is saved Before saving the following conditions must be met 1 ComProbe Sodera window Capture Toolbar shows Record 2 ComProbe Sodera window Capture Toolbar shows Anay To save the captured data use one of the following methods e onthe ComProbe Sodera window File menu select Save e on the ComProbe Sodera window Standard Toolbar click on the Save button e onthe ComProbe Sodera Control window File menu select Save or click on the Save tool e On either the Frame Display or the Event Display window File menu select Save or click on the Save tool A Save As window will open Select a location and enter a file name Click on the Save button 241 ComProbe Sodera User Manual Chapter 6 Saving and Importing Data 6 1 2 Saving the Entire Capture File with Save Selection 1 Open the Event Display or Frame Display p window Right click in the data Select Save Selection or Save As from the right click menu Click on the radio button labeled Entire File C Entire File Choose to save Events or Frames Choosing to save CG Selection Events saves the entire contents of the capture file Choosing to save Frames does not save all events in the capture file ps gt Events Frames 1 bo
339. ng the F1 key 3 Expand the folder and select the data capture method that matches your configuration 4 Click on the Run button and the ComProbe Control Window will open configured to the selected capture method P Note If you don t need to identify a capture method then click the Run button to start the analyzer Creating a Shortcut A checkbox labeled Create Shortcut When Run is located near the bottom of the dialog This box is un checked by default Select this checkbox and the system creates a shortcut for the selected method and places it in the Frontline ComProbe Protocol Analysis System lt version gt desktop folder and in the start menu when you click the Run button This function allows you the option to create a shortcut icon that can be placed on the desktop In the future simply double click the shortcut to start the analyzer in the associated protocol Supporting Documentation The Frontline ComProbe Protocol Analysis System directory contains supporting documentation for development Automation DecoderScript application notes user documentation Quick Start Guides and User Manual and maintenance tools 2 2 2 Sodera Data Capture Method When the ComProbe Sodera is connected to the Host PC running ComProbe Protocol Analysis System software the Select Data Capture Method window will display the Sodera options 14 Chapter 2 Getting Started ComProbe Sodera User Manual aoma g a Bluetooth
340. ning for Authentication Bluetooth low energy supports the ability to authenticate data sent over an unencrypted ATT bearer between two devicesin a trust relationship If authenticated pairing has occurred and encryption is not required security mode 2 data signing is used if CSRK has been exchanged The sending device attaches a digital signature after the data in 309 ComProbe Sodera User Manual Appendicies the packet that includes a counter and a message authentication code MAC The key used to generate MAC is CSRK Each peer device in a piconet will have a unique CSRK The receiving device will authenticate the message from the trusted sending device using the CSRK exchanged from the sending device The counter is initialized to zero when the CSRK is generated and is incremented with each message signed with a given CSRK The combination of the CSRK and counter mitigates replay attacks B 5 8 Table of Acronyms Author John Trinkle Publish Date 21 May 2014 310 Appendicies ComProbe Sodera User Manual 311 B 6 Bluetooth Virtual Sniffing B 6 1 Introduction The ComProbe software Virtual sniffing function simplifiesBluetooth development and is easy to use Frontline s Virtual sniffing with Live Import provides the developer with an open interface from any application to ComProbe software so that data can be analyzed and processed independent of sniffing hardware Virtual sniffing can also add valu
341. nology frames Frame Display TestFileSlimmmer cta File Edit View Format Live Bookmarks Options Window Help a QuikFitering SG AG Ww OB 4s la W a dia 6 471 Master Len 289 Apply Modify Display Filters O Find x we A O Sum Baseband Packet Status CR So a Baseband Hide Show Display Filters i Header Length 11 Rename Display Filters ey Header Version 3 hess Add CAC ADADDA Fram Delta Timestamp S pe Link 4 Connection Filter Classic All A 5 10 55 22 BE H Role Master 0 00 00 9b 11 7 e verr 5 eee AA l Link 0 10 55 32 668 iy Channel 68 2470 MHz buli maa 40 55 32 671 Clock 020001 d0c0 3 SRE i Packet Status CRC Error 0 a0 00 00 1 i o FLOW Go ob 00 00 i 10 55 32 692 TYPE 2 DH3 56 00 00 00 0 421342015 10 55 32 654 ba Payload Data Rate 3 Mbps 1 00 00 00 0 4713 2015 10 55 32 701 Figure 4 31 Connection Filter from the Frame Display Menu From the Frame Display toolbar Right click anywhere in the toolbar and select Connection Filter from the pop up menu The procedure for creating a connection filter are identical as described in From the Frame Display Filter menu above Frame Display TestFileSlimmer cta File Edit View Format Live Filter Bookmarks Options Window Help B gy eonan VES ee BO Sl All 1 o Frame 6 471 Ma Connection Filter Classic Be
342. ns Show Packet When checked the packet number shows below the packet in the Viewport Number 6 758 503 Sup Show Packet When checked the packet type shows below the packet in the Viewport Type Show Packet When checked the packet subtype shows below the packet in the Viewport if applicable Subtype Hide Packet When checked hides any text shown below the packet in the Viewport Applies the text Text shown by the Show Packet Number Show Packet Type and Show Packet Subtype menu selections Auto Hide When checked automatically hides any text shown below the packet in the Viewport Packet Text when the Viewport duration exceeds 31 25 ms Applies the text shown by the Show When Packet Number Show Packet Type and Show Packet Subtype menu selections Duration gt The Viewport duration is shown at the bottom of the Viewport This selection reduces 31 25 ms display clutter when viewing a larger timeline section Increase Auto When not checked the default the packets in the viewport are hidden if the number of Hide Packet visible packets exceeds 4 000 Count from 4 000 to 20 000 When checked the default count increased from 4 000 to 20 000 packets before the May Be Slow packets are hidden Choosing this selection may slow down the displaying of the packets The following three selections are mutually exclusive Use All When checked all captured packets are used for average throughput calculations and Packets for all
343. nsecutive 0 5 sec measurement connections Reports the detection of an unusual brief silence period where the brief silence is preceded and followed by normal audio levels A typical definition of Dropout is the short dramatic loss of volume typically caused by lost digital information Root causes include transmission system errors resulting in lost data packets transmission channel reconfigurations bad sections of memory processor overloads that temporarily interrupt the flow of information and so on 1The volume threshold above which useful audio analysis is possible 2High Volume Threshold for speech 6dBFS High Volume Threshold for music 12 dBFS 196 Chapter 4 Capturing and Analyzing Data ComProbe Sodera User Manual _ Table 4 25 Event Type Audio continued Warning Glitch Extremely large sample to sample audio amplitude transitions that have little probability of occurring within natural speech or music Such dramatic changes would typically happen only in situations of dropped samples TestID Found Occurs when a valid Test ID has been recognized A valid Test ID must meet the level frequency duration and delimiter requirements If any of these parameters do not match the process is terminated and is reset to the initial conditions Until a Test ID is successfully recognized the system will continue to operate in Non Referenced Mode therefore no events related to false starts are reported This
344. nsumption in low power mode Before the EIR tab was created this type of information was not available until a connection was made to a device Therefore EIR can be used to determine whether a connection can should be made to a device prior to making the connection Note If a Bluetooth device does not support Extended Inquiry Response the tab displays H Received Signal Strength Indication RSSI data which is less extensive than EIR data 4 2 Protocol Stacks 4 2 1 Protocol Stack Wizard The Protocol Stack wizard is where you define the protocol stack you want the analyzer to use when Select a Protocol Stack decoding frames Select a protocol stack Build Your Own To start the wizard B0211MAG 802 11 Radio Air Sniffer i BlueCore Serial Protocol BCSP from Cambridge Silicon Radio with autot 1 Choose Protocol Stack from the Options asa gaan 1 1 Bluetooth HCI USB with autotraverse menu on the Control window or click the Fictitious Protocol with autotraverse Protocol Stack icon 3 on the Frame a ai cota a L D ispl ay MWS Wireless Coexistence Interface 2 2 Select a protocol stack from the list and click na Finish Bluetooth Virtual Transport with Auto traverse Most stacks are pre defined here If you have special requirements and need to set up a custom stack see Creating and Removing a Custom Stack on page 89 1 If you select a custom stack i e one that was defined by a user an
345. nt point due to connection setup but might be discovered later on in the capture 3 2 5 3 RFCOMM Override Decode Information The Set Subsequent Decoder Parameters dialog allows the user to override an existing parameter at any frame in the capture where the parameter is used If you have a parameter in effect and wish to change that parameter 1 Select the frame where the change should take effect and gt select Set Subsequent Decoder Parameters from the This is the Summary Pane Options menu or by selecting a frame in the frame display and choosing from the right click pop up menu and make the needed changes Copy Selection to Clipboard Save Selection Go To 2 Change the RFCOMM parameter by selecting from the Show Frame Size Column wO Show Delta Column 3 If you wish to remove an overridden rule click on Remove Add New Column Help Override button If you want to remove all decoder parameter settings click on Remove All Remove New Column Change the Selected Item to Carry drop down list Show Timestamp Column 4 Choose the protocol the selected item carries from the Restore Default Columns drop down list and click OK Add Bookmark Each entry in the Set Subsequent Decoder Parameters dialog Export takes effect from the specified frame onward or until redefined in Provide L2CAP Rules this dialog on a later frame Provide RECOMM Rules Change Column Order Help Set Subseq
346. ntains the excursion mode capture to be analyzed to a computer 2 Apply power to the Sodera hardware 3 Open the ComProbe Protocol Analysis System 4 When the ComProbe Sodera window opens select Manage excursion mode captures from the File menu 5 When the Manage excursion mode captures dialog opens select a capture to analyze Click on the Record button and the dialog will close Sodera will begin behaving identically to how it handles a live capture The ComProbe Sodera window Wireless Devices and Security pane will populate with information from the selected Excursion mode capture 6 Follow the procedures in Selecting Devices for Analysis on page 79 7 Follow the procedures in Record Begin Capture on page 79 4 1 2 6 Spectrum Analysis Sodera has the option to sample the 2 4 GHz RF spectrum at the Sodera unit antenna connector The spectrum data represents the Received Signal Strength Indicator RSSI and is automatically saved when the capture is saved The spectrum data is synchronized in time to the received packets and is displayed in the Coexistence View 2 4 GHz Timeline when Show Spectrum is selected in the Spectrum menu on the Coexistence View The spectrum power level is shown as a heat map behind the timeline packets The heat map appears in shades of blue with darker blues representing higher power levels and lighter blues representing lower power levels white represents the lowest power level The darkest shad
347. ntrol When checked minimizing the Control window also Minimizes All minimizes all open analysis windows Frame Display and When these windows are open the menu will display these Event Display selections Clicking on the selection will bring that window to the front Control Window Help Menu Selections Live amp Help Topics Ki Opens the ComProbe Help window Capture Fil E About ComProbe Provides a pop up showing the version and release Protocol Analysis information Frontline contact information and copyright System information Support on the Web Ui Opens a browser to fte com technical support page 2 3 6 Minimizing Windows Windows can be minimized individually or as a group when the Control window is minimized To minimize windows as a group 1 Go to the Window menu on the Control window 2 Select Minimize Control Minimizes All The analyzer puts a check next to the menu item indicating that when the Control window is minimized all windows are minimized 3 Select the menu item again to deactivate this feature 4 The windows minimize to the top of the operating system Task Bar 23 ComProbe Sodera User Manual Chapter 2 Getting Started 24 Chapter 3 Configuration Settings In this section the ComProbe software is used to configure an analyzer for capturing data 3 1 Sodera Configuration and I O 3 1 1 User Configuration Overview ComProbe Sodera is capable of simultaneously capturing a
348. obe protocol analyzer when the Standard Toolbar a Analyze button is clicked Traffic If the a traffic captured icon is present traffic has been captured that involves the device If Captured 7 the icon is not present then Sodera has not captured any traffic that involves that device Only wireless devices with traffic captured can be used for ComProbe protocol analysis Favorites When a star is activated by clicking on it the device is designated as a favorite A inf favorite device will have a gold star The favorites serve to identify devices key to the user s analysis Favorite devices are always displayed regardless of their active inactive Status BD ADDR The device s Bluetooth address Friendly The device name This field is blank if no friendly name has been observed Name Device A general use classification for the wireless device list the classes by Bluetooth Class technology 35 ComProbe Sodera User Manual Chapter 3 Configuration Settings Table 3 4 Wireless Devices Pane Columns continued lumi Des Technology Device technology to include one of the following e BR EDR e Smart LE e Smart Ready LE amp BR EDR IRK Bluetooth low energy only allows the user to determine which devices are actually the same physical device The Identity Resolving Key allows peer devices to determine their identities when using random addresses to maintain privacy Table 3 5 Device Classes Audio Video Barcode
349. odera User Manual The Event Table contains eight columns ze 4 33 Event Table Columns system generated sequential numbering of events Information provides information of interest but does not indicate a problem event Warning identifies a potential problem where further investigation may be appropriate Error identifies a definite problem A system generated ID that is assigned in the order that the audio streams are detected The ID is not maintained between captures for the same device with the same audio It identifies the Wave Panel where the event can be viewed The ID appears in the Audio Stream Info of the Wave Panel Bluetooth Events generated by analyzing Bluetooth protocol activities Codec Events generated from analyzing the audio coding decoding activities Audio Events generated by analyzing the audio data Mode does not apply to this event Referenced Mode Refer to 4 5 4 2 Referenced Mode on page 185 E Non Referenced Mode Refer to 4 5 4 1 Non Referenced Mode on page 184 The system generated identification for a specific frame Details and explanation about this event clock date clock date A system generated time stamp for each frame Event table entries are sortable by column Left click on the column heading to sort Sorting Event Table Pop Up Menu Right clicking with the cursor over the Event Table will open a menu of additional options For more on this option see Wave
350. ogether A check mark is displayed Click on Display Sides Together to remove the check mark and return to side by side display 4 Right click in the sides panel on the right of the data display and select Display Sides Together A check mark is displayed Click on Display Sides Together to remove the check mark and return to side by side display 98 Chapter 4 Capturing and Analyzing Data ComProbe Sodera User Manual 4 3 7 5 List of all Event Symbols By default the Event Display shows all eventsevents which includes control signal changes start and end of frame characters and flow control changes If you want to see only the data bytes click on the All Events button Click again to display all events Click on asymbol and the analyzer displays the symbol name and sometimes additional information in the status lines at the bottom of the Event Display window For example clicking on a control signal change symbol displays which signal s changed In addition to data bytes the events shown are in alphabetical order Table 4 4 Event Symbols Broken Frame The frame did not end when the analyzer expected it to This occurs most often with protocols where the framing is indicated by a specific character control signal change or other data related event Buffer Overflow Indicates a buffer overflow error A buffer overflow always causes a broken Control Signal Change One or more control signals changed state Click
351. ol characters and two character system abbreviation for each one Some abbreviations have forward slash characters between the two letters This is to differentiate the abbreviations for a control character from a hex number For example the abbreviation for Form Feed is listed as F F to differentiate it from the hex number FF Table 7 2 Communications Control Characters o ee je 266 Chapter 7 General Information Table 7 2 Communications Control Characters continued rs fs mesm OO 7 2 6 The Frontline Serial Driver ComProbe Sodera User Manual ComProbe software uses custom versions of the standard Windows serial drivers in order to capture data These drivers are usually installed during the routine product installation However if you need to install the serial driver after ComProbe software has already been installed please refer to the instructions available in the Setup folder installed under Start Programs Product Name and version Setup How to Install the FTS Serial Driver 7 2 7 DecoderScript Overview The DecoderScript Reference Manual and User Guide is delivered with each Frontline ComProbe Protocol Analysis System installation package under Developer Tools The manual is also available on line at FTE com The main purpose of this manual is to describe DecoderScript the language used in writing decoders DecoderScript allows you to create new decoders or modify existing decoders to expan
352. on on the BPA 600 datasource toolbar 299 ComProbe Sodera User Manual B 4 7 2 Use Frame Display to View Encryption Decryption Process B 4 7 2 1 Security Manager Protocol The Security Manager Protocol SMP controls the process for pairing and key distribution The results of a pairing Appendicies and key distribution can be observed in the ComProbe software Frame Display Activate the Frame Display by clicking on the icon on the Control window toolbar On the Frame Display low energy protocols are shown in light green tabs Click on the SMP protocol tab that will show only the SMP commands from the full data set SMP Code Farg Request ID Capabiihes Keybos Dp DOB data Bag DOB Suuthentcahon data noi presen J Auth sy Bonding Flags Bonding MITH MITH Piotecbon Yea Mason Encepphon Key See 16 Octets riista Kep Diairibuhon Encke Iniiator shall distribute LTE followed by EDT and Rand dey nasio shal distribute IAE followed by ika odder Sign Intiaa shall distnbute CSF hespandat Key Difinita Erker Responder shall distibute LTE lollowed by EDIY and Hand lar Responde shall distribute AE bollowred by tts address Sign Responder shall disinbule CSAK NG AP AE APA AEE ee PE POY AYY LOT POE LENA LE BB LE PKT LE ADV LE DATA LE LL L2CAP PO Data B Fiamat 13140 33 147 6539 15 545 Side Z Z Tt O ww we Pj fpj k Ph Cida Painng Request FPang Faded Fama Response Panny Cones Pawn
353. on events which are a series of transmissions on the same channel In each connection event the master transmits first then the slave and then the devices take turns until the connection event is finished When the data connection is encrypted and the packets are successfully decrypted the sniffer can determine exactly who sent which packet only non empty encrypted packets empty packets are never encrypted These packets are labeled either M for master or S for slave When the data connection is unencrypted or when encrypted packets are not successfully decrypted by the sniffer the sniffer cannot distinguish the two devices master and slave packets by their content just by the packet timing In those cases we label each device as side 1 or 2 not as master or slave In each connection event packets sent by the device which transmitted first in the connection event are labeled 1 and packets sent by the device which transmitted second are labeled 2 If no packets in the connection event are missed by the sniffer the device labeled 1 is the master and the device labeled 2 is the slave However if we do not capture the very first packet in a connection event i e the packet sent by the master but do capture the packet sent by the slave we label the slave as side 1 since it is the first device we heard in the connection event Because there is potential clock drift since the last conne
354. onding Private Key to compute the Diffe Hellman Key e Record Recording Starts and stops the capture of data Performs the same function as the Capture Toolbar Record Recording button Analyze Analyzing Starts and stops the analysis of recorded data Performs the same function as the Capture Toolbar Analyze Analyzing button Capture Options Opens the Capture Options dialog where the attached Sodera hardware can be configured for Bluetooth technologies and other capture modes See additional information see Capture Options dialog on page 31 Analyze Inquiry When checked will include inquiry packets in the analysis Inquiry packets Process Packets are normally ignored so not checked is the default Analyze NULL and When checked will include NULL and POLL packets NULL and POLL POLL packets packets are normally ignored so not checked is the default Analyze LE Empty When checked will include B uetooth low energy empty packets Empty Packets packets are normally ignored so not checked is the default Help Topics Opens ComProbe help About Sodera Opens a pop up window with version and configuration information 28 Chapter 3 Configuration Settings ComProbe Sodera User Manual Manage excursion mode captures dialog This dialog provides the user with a means to record or delete captures previously created and saved on the Sodera hardware using excursion mode Manage excursion mode captures ComProbe Soder
355. only numeric values and again to show both character and numeric values All Events Controls whether the analyzer shows all events in the window or only data bytes Events include control signal changes and framing information 94 Chapter 4 Capturing and Analyzing Data ComProbe Sodera User Manual Timestamping Options Brings up the timestamping options window which has options for customizing the display and capture of timestamps 4 3 3 Opening Multiple Event Display Windows Click the Duplicate View icon dg from the Event Display toolbar to open a second Event Display window You can open as many Event Display windows as you like Each Event Display is independent of the others and can show different data use a different radix or character set or be frozen or live The Event Display windows are numbered in the title bar If you have multiple Event Displays open click on the Event Display icon PP on the Control window toolbar to show a list of all the Event Displays currently open Select a window from the list to bring it to the front 4 3 4 Calculating CRCs or FCSs The cyclic redundancy check CRC is a function on the Event Display window used to produce a checksum The frame check sequence FCS are the extra checksum characters added to a frame to detect errors 1 Open the Event Display PD window 2 Click and drag to select the data for which you want to generate a CRC 3 Click on the CRC icon f Choose C
356. ons continued PACASr AT yr l Dwl l L IN aed NG a 8 Save Ctrl S Opens a Windows Save dialog Select a file location and name for a recorded and analyzed file The file includes all data with all context decryption and work file information for both the recorded and analyzed packets Help Topics Opens ComProbe help specifically the Sodera Window topic 3 1 2 1 3 Capture Toolbar ii aa The ComProbe Sodera window Capture toolbar provides controls to start and stop data capture and to start and stop analysis of selected wireless devices The toolbar can be hidden by removing the check from Capture in the Toolbars option of the View menu The toolbar default view is not hidden checked The Capture Toolbar can be positioned to another location by moving the mouse cursor to the left of the menu until a double headed arrow appears Click hold and drag the menu to another position in the window header Table 3 3 Capture Toolbar Buttons besepiem Record When this button view is active Sodera is not capturing data Clicking this button view will begin data capture from wireless devices within range and the view will change to Recording The default capture is both Classic Bluetooth and Bluetooth low energy but if the Capture Options in the Options menu settings have been changed from the default the capture session will use those settings settings are remembered as the new preferred A No
357. ool tip will only display for a few seconds LMP timing accuracy req Tran ID Initiated by slave If however you position the cursor within the tool tip box the message will remain until you move the cursor out of the box Additionally If you right click on a message description you will see the select Show all Layers button When you select Show all Layers the chart will display all the messaging layers The Frame and Time of the packets are displayed on the left side of the chart Classic LE All Layers Ctrl Summary fNon Msg Summary BB L2CAP TCS LMP 13 45 10 21 4603 1 168 LT_ADDR 0 LLID L2CAP sfnf SEQN 1 ARQN 0 L2CAP_Data Connectionless Length 5 CID 0x0002 PS 1 184 13 45 10 534608 Setup Setup Figure 4 83 Frame and Time Display inside red box If you click on the description of the message interaction the corresponding information is highlighted in Frame Display 10 OOOR00 0 4 7 2004 3471513108 11 OOOD DOO A 2004 247115145233 L TILUU CUIL D0001 01001110 11111114 11111111 og 001141 O0000000 00000000 00000000 onodi x For Help Press F1 Figure 4 84 MSC Synchronization with Frame Display 175 ComProbe Sodera User Manual Chapter 4 Capturing and Analyzing Data How do navigate in the dialog You can use the navigation arrows at the bottom and the right side of the di
358. ooth low energy Enter Link Key Press the Enter key or click outside the Link Key box If the Link Key is valid the box will be green beneath the Link Key will appear Valid and the Status will show an open green lock indicating that decryption is enabled If the Link Key is not valid the box will be red beneath the entered Link Key will appear Invalid and the Status will show a closed red lock indicating that decryption is not enabled 47 ComProbe Sodera User Manual Chapter 3 Configuration Settings Security w hl x Status Time Master Slave PIN TK Link Key ACO IV fad 11 13 2014 8 15 16 86869 AM 38 BF 33 08 09 15 DB 84 70 38 A1 8C static n a be26e121986ca19cla163ddbe3 nsa b6 7adbde4d857d ig CASIO GB 5600A Valid Figure 3 13 Bluetooth low energy Valid Link Key Security w x Status 8 Time Master Slave PIN TK Link Key ACO IV ral 11 13 2014 8 28 06 087692 AM 38 BF 33 08 09 15 DB 84 7D 38 A1 8C static n a O12 456adfe na b6 7adbde4d3574 CASIO GB 56004 Invalid Figure 3 14 Bluetooth low energy Invalid Link Key Legacy Just Works Pairing In this example the devices under test useLegacy Just Works pairing to calculate a Short Term Key STK in order to securely transfer the device s Long Term Key LTK The LTK is then used to encrypt the subsequent security contexts Status 8 Time Master Slave PIN 4 TK Link Key ACD IV D fal 11 13 2014 43 20 557499 AM 5C F3 70 62 A9 BB 5C F3 70 62 B2 E7
359. or both Bytes with errors are shown in red in the Event Display window making it easy to find errors visually when looking through the data To access the search by time function 1 Opena capture file to search 2 Open the Event Display PD or Frame Display window 3 Click on the Find icon AA or choose Find from the Edit menu 4 Click on the Errors tab of the Find dialog Note The tabs displayed on the Find dialog depend on the product you are running and the content S of the capture file you are viewing k3 Find BPA500 cfa Decode Pattern Time Search for event where One or more of these changed One or more of these occured 1 This exactly i R One or more of these was off se rees ME tale Side Restriction eI coy Search without regard to data origin Search only these sides E Slave E Master Figure 5 10 Find Error tab Searching for event where 233 ComProbe Sodera User Manual Chapter 5 Navigating and Searching the Data The first three options are all fairly similar and are described together These options are searching for an event where e one or more error conditions changed e one or more error conditions occurred e one or more error conditions were off i e no errors occurred Selecting Which Errors to Search The section with the check boxes allows you to choose which errors the analyzer should look for Click on a box to check or un check it If you want to sea
360. ot identical to Bluetooth BR EDR Secure Simple Pairing One difference is that in Bluetooth low energy the confidential payload includes a Message Identification Code MIC that is encrypted with the data In Bluetooth BR EDR only the data is encrypted Also in Bluetooth low energy the secure link is more vulnerable to passive eavesdropping however because of the short transmission periods this vulnerability is considered a low risk The similarity to BR EDR occurs with shared secret key a fundamental building block of modern wireless network security CJ F LIJ UJ This paper describes the process of establishing a Bluetooth low energy secure link 11413 paca br yi fy LITA LAT SN A b A G Le O eee tL a ot eS Figure 30 Chappe s Telegraph Code B 5 1 How Encryption Works in Bluetooth low energy Data encryption is used to prevent passive and active man in the middle MITM eavesdropping attacks on a Bluetooth low energy link Encryption is the means to make the data unintelligible to all but the Bluetooth master and slave devices forming a link Eavesdropping attacks are directed on the over the air transmissions between the Bluetooth low energy devices so data encryption is accomplished prior to transmission using a shared secret key B 5 2 Pairing A Bluetooth low energy device that wants to share secure data with another device must first pair with that device The Security Manager Protocol SMP carries o
361. ote If the Master and Slave switch roles another entry will appear in the Security pane Security Y Status Time Master Slave PIN TK Link Key ACO D a 12 1 2014 12 35 12 797571 PM 00 88 65 61 B7 27 00 07 62 0F 00 00 Not needed 0c5d306875603c4f 1e065a0529234d8ba O67b04b 7eb0 1b 38eb55eb3cb 12 1 2014 12 35 16 400090 PM T515 Valid fad 12 1 2014 12 35 16 610163 PM 00 07 62 0F 00 00 00 88 65 61 B7 27 n a 0c5d306875603c4f 1e065a052923 4d8ba O67b04b 7eb0 1b 38eb55eb3cb ka T515 Valid Figure 3 7 Role Switch Example e PIN TK o Classic Bluetooth m Legacy Pairing PIN 1 to 16 alphanumeric character PIN o Bluetooth low energy m PIN 6 digit numeric passkey 000000 999999 Out of Band Temporary Key OOB TK 32 digit hexadecimal number e Link Key o Classic Bluetooth 32 digit hexadecimal number o Bluetooth low energy 32 digit hexadecimal number o The Link Key cell displays Enter link key in gray when the link key is unknown When a link is invalid the cell has a light red background and indented gray text under the link key says Invalid When a link key is valid the cell has a light green background and indented gray text under the link key says Valid if the link key was transformed from the entered link key the text is Valid Reordered o If Sodera is Analyzing and a link key has not been entered Stop analyzing to enter link key appears in the device Link Key cell Click the Analyzing button to stop the analysis and typ
362. ough another external link such as NFC 296 Appendicies ComProbe Sodera User Manual SMP Code Pairing Confirm Confirm Value Dx7fc25698 32921 25798445464 27562085 Figure 16 Responder Pairing Confirm Example ComProbe Frame Display BPA 600 low energy capture Initiator Responder The initiating device will generate a 128 bit random number that is combined with TK the Pairing Request command the Pairing Response command the initiating device address and address type SMP Pairing Request and the responding device address and address type The resulting value is a random number Mconfirm that is sent to the responding SMP Pairing Response device by the Pairing Confirm command The responding device will SMP Pairing Confirm 5confirm validate the responding device data in the Pairing Confirm command and if it is correct will generate a Sconfirm value using the same methods as used to generate Mconfirm only with different 128 bit random number and TK The responding device will send a Pairing Confirm command to the initiator and if accepted the authentication Mrand process is complete The random number in the Mconfirm and Sconfirm data is Mrand and Srand respectively Mrand and Srand have a key role in setting encrypting the link Finally the master and slave devices exchange Mrand and Srand so that the slave can calculate and verify Mconfirm and the master can Figure 17 Message Sequenc
363. ove to the next or previous frame in the chart 4 4 3 3 Message Sequence Chart First Error Frame When you select Go to first error frame from the toolbar 6 the Select layer dialog appears Select layer fx Select layer AZDP w You have to select a layer from the drop down list to choose what layer you want to search for the error Select layer Select layer 2D Once you select a layer then OK the first error for that layer will be displayed If no error is found a dialog will announce that event 179 ComProbe Sodera User Manual Chapter 4 Capturing and Analyzing Data FIS4BT AN Error Frame was not Found 4 4 3 4 Message Sequence Chart Printing an ey There are three standard MSC print buttons Print Preview Print and Cancel Printing i Print Preview 1 When you select Print Preview PE the Print Setup dialog appears 2 You next need to select your printer from the drop down list set printer properties and format the print output 3 Then you select OK After you select OK the Message Sequence Chart Print Preview dialog appears 32 Print Preview SBRARARN Pach jos AD DIE sar Page 1 of LMP_S 109 H Tran ID Initiated by master VersNr v1 2 Tv a6 ersion of Slave v1 1 Tran ID Initiated by master VersNr vl 1 LMP features req Tran ID Initiated by master f catures respo LMP host connection req LMP wersion res es
364. ow Volume or High Volume Reported if the average volume level is not in a range conducive to performing meaningful audio analysis 184 Chapter 4 Capturing and Analyzing Data ComProbe Sodera User Manual e Clipping Amplitude distortion due to a signal amplitude exceeding the maximum value that can be represented by the digital system e Dropout Abrupt and very short duration intervals of silence e Glitch Extremely large sample to sample audio amplitude transitions that have little probability of occurring within natural speech or music 4 5 4 2 Referenced Mode In Referenced Mode the system operates in a pseudo closed loop test scenario where the user plays a specific Reference Audio file on the Source DUT The Source DUT negotiates with the Sink DUT to determine the appropriate codec and audio parameters to use and will then process the Reference Audio file accordingly before transmitting the resulting audio via Bluetooth The Reference Audio is a pre recorded audio test file provided by Frontline in the ComProbe Protocol Analysis System installer The Sink DUT receives the encoded audio decodes it and processes it for playback In parallel the ComProbe BPA 600 analyzer snoops the over the air signal between the Source DUT and Sink DUT and emulates the RF reception and decoding done inside the Sink DUT The Audio Expert System automatically detects that a Reference Audio file is being received and then analyzes the resulting
365. ow and ComProbe Sodera datasource window will open The Sodera window provides controls and panes to e open or save captured data files change the datasource window layout and to configure the capture conditions 25 ComProbe Sodera User Manual Chapter 3 Configuration Settings e start and stop data recording and analysis and control the piconet display e display the wireless devices setup decryption and log session events Menu amp Toolbars Security Pane Event Log Pane O ComProbe Sodera Wed 227M Packets cfa File Gi View Capture Options Help es Security v aX Eventlog wax o e eo x Status Time Master Slave Description A r 1 5 6 2015 8 43 30 714906 AM A0 F4 50 F5 1B EE 00 58 76 A4 43 61 5 i ComProbe Protocol Analysis Software Version 15 11 8698 8733 BO ADDR Friendly Name Device Class Technology IRK Q HTC Desire X MiBox mini A LAP confict may cause unexpected resus for these devices A8 8E 24 6C 5B F3 and DJ A0 F4 50 07 03 1D Phone Smart Ready LE amp BR EDR 5 6 2015 8 43 37 076853 AM AB BE 24 6C 5B F3 00 00 FD 29 8D 19 A LAP conflict may cause unexpected results for these devices 00 24 1C BE 18 A8 and E F ye ANF4 5041 09 06 Phone BR EDR D Q Phone LAP conflict may cause unexpected results for these devices E8 99 C4 57 87 6F and m LAP conflict may cause unexpected results for these devices B0 34 95 E5 83 2A and pa pon ag pra OF A8 30 AD F9 9B 5
366. packets in the last one second of the capture session are used for the 1 sec Throughput throughput See Coexistence View Throughput Indicators on page 146 for more Indicators information Performs the same function as the throughput indicator All radio button 138 Chapter 4 Capturing and Analyzing Data ComProbe Sodera User Manual Table 4 8 Coexistence View Format Menu Selections continued a H eg on JESC J ri J i OF Use Selected When checked the packets selected in the Viewport are used for average throughput Packets for calculations and selected packets in the one second before the last selected packet are Throughput used for the 1 sec throughput See Coexistence View Throughput Indicators on page Indicators 146 for more information Performs the same function as the throughput indicator Selected radio button Use Viewport When checked all packets appearing in the Viewport are used for average throughput Packets for calculations and all packets in the one second before the last packet in the Viewport are Throughput used for the 1 sec throughput See Coexistence View Throughput Indicators on page Indicators 146 for more information Performs the same function as the throughput indicator Viewport radio button Set 802 11 Tx Whenchecked this selection is used to specify the 802 11 source address where any Address packet with that source address is considered a Tx packet and is shown with a purple
367. pane is synchronized with the other panes in this window Click on a frame in the Summary pane and the bytes for that frame is highlighted in the Event pane while the Decode pane displays the full decode for that frame Any other panes which are being viewed are updated accordingly If you use one pane to select a subset of the frame then only that subset of the frame is highlighted in the other panes Protocol Tabs Protocol filter tabs are displayed in the Frame Display above the Summary pane e These tabs are arranged in separate color coded groups These groups and their colors are General white Classic Bluetooth blue Bluetooth low energy green 802 11 orange USB purple and SD brown The General group applies to all technologies The other groups are technology specific Ome 3 o Classic Bluetooth blue Dookmarke Info LE Baseband LACAP TES LE BB LE PET LE ADY B0211 Radio 802 11 MAC Data O Bluetooth low energy green SSS Di ELE wii oi dg Ea 15 KG baa L 7 802 11 orange Figure 4 21 Example Protocol Tags e Clicking on a protocol filter tab in the General group filters in all packets containing that protocol regardless of each packet s technology e Clicking on a protocol filter tab in a technology specific group filters in all packets containing that protocol on that technology e A protocol filter tab appears in the General group only if the proto
368. pecific frame number Placing the mouse pointer on a summary pane header with truncated text displays a tooltip showing the full header text KJ Frame Display HTC Headset A2DP cfa File Edit View Format Filter Bookmarks Options Window Help a2 H Y7 S2in BO M Sa eB i ies Master Len 36 a mm E 8 O Find A A f Summary SDP Header Length 1 _ Unfiltered Info Configured BT low energy devices Errors Header Version 3 Baseband LMP PreConnection FHS Bluetooth FHS L2CAP O RFCOMM AVDTP AVDTP Signaling WED aaen AVDTP Media Hands Free A2DP Non Captured Info Role Master 0x00 07 62 0f 00 00 1 Channel 29 2431 MHz B Frame Role A Trans ID PDU ID Param L UUID 5vc Handle Delta Clock Dx00009cd8 ee ia pas Ox0001 Search Attrib Requ ia Handstree Audio Gat FLOW Go 10 054 Slave Ox0001 Search Attrib Resp 00 00 00 C TYPE DH1 10 102 Slave Ox0000 Search Attrib Requ Handstree 00 00 00 4 LT ADDR 1 10 104 Master Ox0000 Search Attrib Resp 00 00 00 C SEON 0 10 134 Slave Ox0000 Search Attrib Requ AudioSink 00 00 00 7 ARON 0 10 135 Master Ox0000 Search Attrib Resp 00 00 00 C _ J lt m Total Frames 28 707 Frames Filtered In 18 Frame s Selected 10 053 1 total For Help Press F1 Figure 4 22 Summary pane right with Tooltip on Column 5 Tran ID Sides in Bluetooth low energy A Bluetooth low energy data connection consists of connecti
369. play File menu Byte Export 2 22 eee eee eee eee cee eee ee eeeees 112 Figure 4 18 Byte Export dialog _ 22 22 lee ccc ee cee ccc e cece cece cece eee eeeeceeceeceeeeeees 112 Figure 4 19 Save As dialog 2 ieee ee cc cee ce cee cece eee cece cece ee eeeeeeeeeeeeeees 113 Figure 4 20 Sample Exported Frames Text File occ cece cee cece cece eceeceeeeeees 113 Figure 4 21 Example Protocol Tags cece cee cece cece eee eee e eee cece eee eeeeeeeeeeeeees 114 Figure 4 22 Summary pane right with Tooltip on Column 5 Tran ID U 2222 e eee eee 115 Figure 4 23 Frame Display Protocol Layer Color Selector elec eee eee cece ee eeeees 120 Figure 4 24 Example Set Conditions Self Configuring Based on Protocol Selection 122 Figure 4 25 Example Set Conditions Self Configuring Based on Frame Range 123 Figure 4 26 Two Filter Conditions Added with an AND Operator cece eee ee eeeeeees 125 Figure 4 27 Save Named Filter Condition Dialog 22 22 ieee eee eee cece nnn 125 Figure 4 28 Using Named Filters Section of Quick Filters to Show Hide Filters 2 128 Figure 4 29 Set Condition Dialog in Advanced View 22 eee eee eee cece cece cece eeeeeeeeeeeeee 129 Figure 4 30 Rename Filters Dialog _ 22 22 a 130 Figure 4 31 Connection
370. position and size The Security Private Keys Piconet View and Event Log Panes can be re sized by hovering over the pane edge until a double headed arrow appears Click and hold dragging it to change the pane size 26 Chapter 3 Configuration Settings ComProbe Sodera User Manual 3 1 2 1 Menu amp Toolbars File View Capture Options Help ld At the top of the Sodera window appears the Menu the Standard Toolbar and the Capture Toolbar The Menu is fixed in position and always in view The Standard Toolbar and Capture Toolbar visibility is optional and is set in the Menu View selections The position of these toolbars can be changed by dragging them although the position range is limited to the vicinity of the Menu 3 1 2 1 1 Menu File View Capture Options Help The Menu provides the user with the ability to save and open files and to set preferences change the datasource window layout and configure the data capture settings Table 3 1 Menu Selections TOpen Capture File Opens a Windows Open dialog Select the location File name and cfa file to analyze The file includes all data with all context decryption and work file information for both the recorded and analyzed packets Save Ctrl S Opens a Windows Save dialog Select a file location and name for a recorded and analyzed file The file includes all data with all context decryption and work file information for both the recorded and analyzed packets
371. print options for background colors and images Print Background Colors Using Internet Explorer 1 Open the Tools menu on the browser menu bar 2 Select Internet Options menu entry 3 Click Advanced tab 4 Check Print background colors and images under the Printing section 5 Click the Apply button then click OK Configure the Print File Range in the Frame Display Print Dialog Selecting more than one frame in the Frame Display window defaults the radio button in the Frame Display Print dialog to Selection and allows the user to choose the All radio button When only one frame is selected the All radio button in the Frame Display Print dialog is selected How to Print Frame Display Data 1 Select Print or Print Preview from the File menu on the Frame Display window to display the Frame Display Print dialog Select Print if you just want to print your data to your default printer Select Print Preview if you want access to printer options 2 Choose to include the Summary pane check the box in the print output The Summary pane appears at the beginning of the printed output in tabular format If you select All layers in the Detail Section the Data Bytes option becomes available 3 Inthe Detail Section choose to exclude No decode section the decode from the Detail pane in the Frame Display or include All Layers or Selected Layers Only If you choose to include selected layers then select click on and highlight the la
372. ptions menu on the Control A window or the Frame Display 59 ComProbe Sodera User Manual Chapter 3 Configuration Settings O window 2 Click the Open Template Ka icon in the toolbar and select the Template F desired template from the pop up list The system displays the content Ea a x of the selected template in the Initial Connections list at the top of the a Frontlinel dialog Frontline 3 Click the OK button to apply the selected template and decoders Je Frontline 1 settings and exit the Set Initial Decoder Parameters dialog Frontline 3 2 1 2 Adding a New or Saving an Existing Template NG Frontline5 Add a Template A template is a collection of parameters required to completely decode communications between multiple devices This procedure adds a template to the system and saves it for later use 1 Click the Save A button at the top of the Set Initial Template Manager Decoder Parameters dialog to display the Template Manager dialog Name To Save Template As Cancel Frontline4 2 Enter aname for the new template and click OK Cre Baal Tala Pain OLA Toe Frontline The system saves the template and closes the Template Frontine2 Manager dialog EC rontline5 3 Clickthe OK button on the Set Initial Decoder Parameters window to apply the template and close the dialog Save Changes to a Template This procedure saves changes to parameters in an existing template
373. put indicatorsshow average throughput and 1 second throughput for Classic Bluetooth all devices master devices and slave devices are each shown separately Bluetooth low energy and 802 11 146 Chapter 4 Capturing and Analyzing Data ComProbe Sodera User Manual 4 4 2 4 Throughput Throughput is total packet or payload size in bits of the included packets divided by the Throughput duration of the included packets where Packet Pavload Both e Packet size is used if the Packet or Both radio button is selected in the Throughput group e Payload size is used if the Payload radio button is selected in the Throughput group e Included packets are defined separately for each of the radio buttons that appear above the throughput indicators e Duration of the included packets is measured from the beginning of the first included packet to the end of the last included packet 4 4 2 5 Radio Buttons Packets All Selected Viewport The radio buttons above the throughput indicators specify which packets are included Radio button descriptions are modified per the following e Bluetooth low energy packets from non configured devices are excluded if the Configured radio button in the LE Devices group is selected LE Devices Configured e Frame Display filtering has no effect here in that packets that are filtered out in All Frame Display are still used here as long as they otherwise meet the
374. r Parameters 802 11 gt 33 00 00 00 7 4 10 2012 3 54 58 80621 33 00 00 00 0 4 10 2012 2 54 52 80690 Hide This Pane 33 00 00 00 0 4 10 2012 2 54 58 80758 33 00 00 00 1 4 10 2012 3 54 58 93496 E i 33 00 00 00 0 4 10 2012 3 54 58 93565 a4 33 nann NAN N ANANN 3 F4A FO QCA Figure 4 36 Unfiltered Capture File with Classic low energy and 802 11 When the Frame Display with the filtered 802 11 data set appears only the Protocol Tabs for 802 11 are present and the tabs for Classic Bluetooth and Bluetooth low energy have been filtered out Frame Display BTAmp80211FTPwLE cfa o EB X File Edit View Format Filter Bookmarks Options Window Help 22 Y S2 m8 DOU MNNSume 5 ae MoeERBCee sd A Summary Data i LE ADV AdvData Field Truncated or Not Present TET ino Errors LE BB Baseband LMP PreConnection FHS Bluetooth FHS L2CAP AMP Manager SDP OBEX FTP in CF 1 BAKA Non Captured Info i Channel Index 38 2426 MHz LE BB LE PKT LE ADY Meets Predefined Filter Criteria for BT low energy devices Receive Status Received without errors 802 11 Radio 802 11 MAC LLC 802 2 SNAP 802 11 AMP 802 1X L2CAP OBEX FTP Data pp Frame Display Connection Filter 802 11 All BTAmp80211FTPwLE cfa m o Se File Edit View Format Filter Bookmarks Options Window Help G Aa YE SS DI O MAS hh 3 No frame selected neo E 8
375. r Sample 16 Channels 1 Mar 31 2014 12 52 46 806067 PM N A Codec CVSD Frequency 64000 Bits Per Sample 16 Channels 1 Mar 31 2014 12 52 47 357946 PM N A SCO disconnected between devices 98 0D 2E 23 B6 2E and 00 07 62 0F 00 00 for stream 2 using codec CVSD Mar 31 2014 12 53 04 151789 PM N A SCO disconnected between devices 00 07 62 0F 00 00 and 98 0D 2E 23 B6 2E for stream 3using codec CVSD Mar 31 2014 12 53 04 151789 PM N A A2DP resumed between devices 98 0D 2E 23 B6 2E and 00 07 62 0F 00 00 for stream 1 using codec SBC Mar 31 2014 12 53 05 446738 PM N A A2DP resumed between devices 98 0D 2E 23 B6 2E and 00 07 62 0F 00 00 for stream 1 using codec SBC Mar 31 2014 12 53 05 474864 PM N A Packet retransmission for unknown CID Mar 31 2014 12 53 07 712976 PM N A AVDTP packet loss detected based on missing packet sequence number Mar 31 2014 12 53 13 742943 PM N A issing packet sequence number Mar 31 2014 12 53 15 385434 PM T al et ve e we o a oe ae S A S oe oe oe oe ae 1 1 1 0 2 3 2 3 l2 3 1 1 0 1 1 Figure 4 110 Event Table Several events can be selected by clicking and dragging over the events or by holding down the Shift key and clicking on events To select events that are not adjacent hold down the Ctrl key and click on the events When selecting multiple events the Wave Panels will not scroll to the selected events 212 Chapter 4 Capturing and Analyzing Data ComProbe S
376. r s stack is bug free 314 ComProbe Sodera User Manual Appendicies there are interoperability issues that must be dealt with The homegrown hex dumps and trace tools from the early days of Bluetooth just are not good enough anymore And building a good protocol analyzer is not easy So stack vendors are partnering with Frontline This permits the stack vendors to concentrate of improving their stack The typical Bluetooth stack vendor provides a Windows based SDK The stack vendor interfaces their SDK to ComProbe software by adding a very small amount of code to the SDK somewhere in the transport area right about in the same place that HCI data is sent to the Host Controller If ComProbe software is installed on the PC and the Virtual sniffer is running then the data will be captured and decoded by ComProbe software in real time If ComProbe software is not installed or the Virtual sniffer is not running then no harm is done Virtual sniffing is totally passive and has no impact on the behavior of the SDK One Frontline stack vendor partner feels so strongly about ComProbe software that not only have they built Virtual sniffing support in their SDK but they have made ComProbe software an integral part of their product offering They are actively encouraging all customers on a worldwide basis to adopt ComProbe software as their protocol analysis solution B 6 8 Case Studies Virtual Sniffing and Bluetooth Mobile Phone Makers Case Stu
377. r sniffer must know the BD_ADDR of at least one piconet member to allow it perform clock synchronization A serial sniffer must know the bit rate of the tapped circuit or be physically connected to the clock line of the circuit With Virtual sniffing the protocol analyzer itself does not actually tap the link and the protocol analyzer does not require any knowledge of the physical characteristics of the link In computer jargon virtual means not real Virtual memory is memory that doesn t actually exist Virtual reality is something that looks and feels real but isn t real So we use the term Virtual sniffing because there is sniffing taking place but not in the traditional physical sense B 6 5 The Convenience and Reliability of Virtual Sniffing Virtual sniffing is the most convenient and reliable form of sniffing and should be used in preference to all other forms of sniffing whenever practical Virtual sniffing is convenient because it requires no setup to use except for a very small amount of software engineering typically between one and four hours that is done once and then never again Once support for Virtual sniffing has been built into application or into a development environment none of the traditional sniffing setup work need be done This means e NO piconet synchronization e NO serial connection to tap e NO USB connection to tap Virtual sniffing is reliable because there is nothing that can fail W
378. r that can affect total duration is that the BluetoothTimeline s Throughput Graph stops at the last Classic Bluetooth packet while the Coexistence View s Throughput Graph stops at the last packet regardless of technology 156 Chapter 4 Capturing and Analyzing Data ComProbe Sodera User Manual 4 4 2 21 Coexistence View Set Button The Set button is used to specify the 802 11 source address where any o02 11 Ta O0 0e 23 55 F3 31 packet with that source address is considered a Tx packet and is shown with a purple border in the timelines All source MAC addresses that have been seen during this session are listed in the dialog that appears when the Set button is clicked Also listed is the last source MAC address that was set in the dialog in the previous session If that address has not yet been seen in this session it is shown in parentheses 6072 11 Ix Address Each 802 11 packet with this source address is considered a Tx packet and is shown with a purple border All source MAC addresses that hawe been seen during this session are listed here Also listed is Ehe last source MAC address that was set here in the previous session IF that address has nok wet been seen in this session it is shown in parentheses Figure 4 57 802 11 Source Address Dialog 157 ComProbe Sodera User Manual Chapter 4 Capturing and Analyzing Data 6072 11 Ix Address 802 11 Tx Address 00 0c 29 85 F3 31 lt none gt 00 00 74 cS
379. rames The body shows the frame number the timestamp in the same format shown in the Frame Display Summary pane and the frame contents as raw bytes ByteLevelExport 1 txt Notepad ol 28 File Edit Format View Help Byte export of all filtered in frames a Capture file le modified channel maps HID kbd cant decrypt GAIT cfa Filter tab Unfiltered 1 299 frames exported Frame Number Timestamp Frame Contents 1 7 5 2012 6 05 23 966944 PM 00 ff b2 00 15 aa d6 be 89 8e 00 13 96 bi eb d7 90 b o 2 7 5 2012 6 05 23 967570 PM 18 ff ae 00 15 aa d6 be 89 Be 00 13 7b 96 bi eb d7 90 0 3 7 5 2012 6 05 23 968195 PM 4e ff b3 00 15 aa d be 89 8e 00 13 7b 96 bi eb d7 90 0 4 7 5 2012 6 05 23 994441 PM 00 ff b2 00 15 aa d be 89 8e 00 13 7b 96 bi eb d7 90 0 5 7 5 2012 6 05 23 995066 PM 18 ff ae 00 15 aa d6 be 89 8e 00 13 7b 96 bi eb d7 90 0 6 7 5 2012 6 05 23 995691 PM 4e ff b7 00 15 aa d6 be 89 8e 00 13 7b 96 bi eb d7 90 0 4 mW b Figure 4 20 Sample Exported Frames Text File 4 4 1 11 Panes in the Frame Display 4 4 1 11 1 Summary Pane The Summary pane E displays a one line summary of every frame in a capture buffer or file including frame number timestamp length and basic protocol information The protocol information included for each frame depends on the protocol selected in the summary layer box located directly below the main toolbar On a two channel circuit the background color of the one line summary
380. ransmitted This value is expressed in operating system pages e Frame Completion Timeout in Seconds This is the number of seconds that the analyzer waits to receive data on a side while in the midst of receiving a frame on that side If no data comesin on that side for longer than the specified number of seconds an aborted frame event is added to the Event Display and the analyzer resumes decoding incoming data This can occur when capturing interwoven data DTE and DCE and one side stops transmitting in the middle of a frame The range for this value is from O to 999 999 seconds Setting it to zero disables the timeout feature P Note This option is currently disabled 7 1 1 3 Selecting Start Up Options To open this window 1 Choose System Settings from the Options menu on the Control A window 2 On the System Settings window click the Start Up button 3 Choose one of the options to determine if the analyzer starts data capture immediately on starting up or not 256 Chapter 7 General Information ComProbe Sodera User Manual Program Start Up Options On piogram start wap Ce Don t start caphunng immediately O Silai capturing bo a file immeckateky O Start capturing immediately bo the folowing ile Figure 7 3 Start Up Options dialog e Don t start capturing immediately This is the default setting The analyzer begins monitoring data but does not begin capturing data until clicking the Start Capt
381. rating Modes Non referenced Processing audio of completely unknown program content e g arbitrary music or speech content Since the system does not have any prior knowledge of the audio being analyzed the types of audio analysis that can be performed is limited Referenced A pseudo closed loop test scenario where the user plays specific Reference Audio files pre recorded audio test files provided by Frontline on the Source DUT Device Under test The analysis of the received audio results in a series of Audio Events being reported by comparing changes in the received audio to expected changes of the Reference Audio and reporting deviation events when they occur 182 Chapter 4 Capturing and Analyzing Data ComProbe Sodera User Manual Reference mode detects a larger number of events because the reference audio has specific frequency amplitude and duration occurring at known points in time allowing for precise comparison 4 5 1 Supported Codec Parameters Supported Parameters for SBC Codec Sampling Frequencies 16 KHz 32 KHz 44 1 KHz 48 KHz Channel Modes Mono Dual Channel Stereo Joint Stereo Block Length 4 8 12 16 Number of subbands 4 8 Allocation Method SNR Loudness Minimum Bitpool Value 2 Maximum Bitpool Value 53 Supported Parameters for MPEG 2 4 AAC Object Types MPEG 4 AAC LC Sampling Frequencies 44 1 KHz 48 KHz 8 KHz 11 025 KHz 12 KHz 16 KHz 22 050 KHz 24 K
382. rch only for overrun errors e check the box if shown e un check the other boxes To search for all types of errors e check all boxes The most common search is looking for a few scattered errors in otherwise clean data To do this type of search e choose to Search for an event where one or more error conditions occurred e choose which errors to look for e By default the analyzer looks for all types of errors In contrast searching for an event where one or more error conditions were off means that the analyzer looks for an event where the errors were not present For example if you have data that is full of framing errors and you know that somewhere in your 20 megabyte capture file the framing got straightened out you could choose to search for an event where one or more error conditions were off and choose to search only for framing The analyzer searches the file and finds the point at which framing errors stopped occurring Searching for an event where the error conditions changed means that the analyzer searches the data and stop at every point where the error condition changed from on to off or off to on For example if you have data where sometimes the framing is wrong and sometimes right you would choose to search framing errors where the error condition changed This first takes you to the point where the framing errors stopped occurring When you click Find Next the analyzer stops at the point when the errors began occurring ag
383. re 4 45 Coexistence View Throughput Graph The Throughput Graph is a line graph that shows packet and or payload throughput over time as specified by the radio buttons in the Throughput group If the Both radio button is selected packet and payload throughput are shown as two separate lines for each technology The payload throughput line is always below the packet throughput line unless both are O The data lines and y axis labels are color coded Blue Classic Bluetooth Green Bluetooth low energy Orange 802 11 Each data point represents a duration which is initially 0 1 s Each time the number of data points per line reaches 300 the number of data points per line is halved to 150 and the duration per data point is doubled The duration per data point thus progresses from 0 1 s to 0 2 s to 0 4 s to 0 8 sand so on 4 4 2 11 Throughput Graph Y axis labels The y axis labels show the throughput in bits per second From left to right the labels are for 802 11 Bluetooth low energy and Classic Bluetooth The duration of each data point must be taken into account for the y axis label s value to be meaningful For example if a data point has a duration of 0 1 s and a bit count of 100 it will have a throughput of 1 000 bits s and the y axis labels will be consistent with this 149 ComProbe Sodera User Manual Chapter 4 Capturing and Analyzing Data Figure 4 46 Throughput Graph y axis labels 4 4 2 12 Excluded packets
384. red data without affecting the capture content There are three general classes of display filters e Protocol Filters e Named Filters e Quick Filter Protocol Filters Protocol filters test for the existence of a specific single layer The system creates a protocol filter for each decoder that is loaded if that layer is encountered in a capture session There are also three special purpose filters that are treated as protocol filters e All Frames with Errors e All Frames with Bookmarks e All Special Information Nodes Named Filters e Named filters test for anything other than simple single layer existence Named filters can be constructed that test for the existence of multiple layers field values in layers frame sizes etc as well as combinations of those things Named filters are persistent across sessions 121 ComProbe Sodera User Manual Chapter 4 Capturing and Analyzing Data e Named filters are user defined User defined filters persist in a template file User defined filters can be deleted Quick Filters e Quick Filters are combinations of Protocol Filters and or Named Filters that are displayed on the Quick Filter tab e Quick Filters cannot be saved and do not persist across sessions e Quick Filters are created on the Quick Filter Dialog 4 4 1 13 1 1 Creating a Display Filter There are two steps to using a display filter Define the filter conditions and then apply the filter to the data set The sys
385. red out frames are not exported e Selected Frames export is the same as All Frames export except that only frames selected in the Summary pane will be exported Byte Export 28 Export raw bytes from the currently selected filter tab All Frames C Selected Frames Figure 4 18 Byte Export dialog Click the OK button to save the export Clicking the Cancel button will exit Byte Export 3 The Save As dialog will open Select a directory location and enter a file name for the exported frames file 112 Chapter 4 Capturing and Analyzing Data ComProbe Sodera User Manual J Save As xs OU z Desktop gt v Search Desktop p Organize v New folder EG ir Favorites a Name f Size Item type 7 MB Desktop F a Libraries Mm Downloads JA John W Trinkle Recent Places JM Computer Ga Network Libraries Ji Frontline ComProb File folder Documents K Frontline ComProb File folder a Music m Frontline ComProb File folder Pictures d Frontline ComProb File folder a Subversion a a File name ByteLevelExport 1 bt x Save as type Text Files bd a Hide Folders Save Cancel Figure 4 19 Save As dialog Click on the Save button The exported frames are in a text file that can be opened in any standard text editing application The header shows the export type the capture file name the selected filter tab and the number of f
386. ression techniques to reduce the amount of radio frequency bandwidth required to transmit audio In addition to A2DP Audio Video Remote Control Profile AVRCP controls certain functions of the sending device such as pause play next track etc All Bluetooth products using A2DP are required to implement audio encoding and decoding using low complexity Sub Band Coding SBC that supports up to 345 kb per second bit rate for stereo audio The SBC codec has some issues though SBC coding and decoding produces some undesirable artifacts in the audio signal In addition the SBC encoding and decoding cycle introduces a time lag in the audio To improve on SBC s artifacts and time lag issues a CSR proprietary codec that is called aptX is implemented on some Bluetooth products During the negotiation phase both Bluetooth devices handshake and they automatically discover the best codec and the highest bit rate to use for audio If both devices support aptX it is used rather than the default SBC The AES software helps identify audio issues in Bluetooth protocol by highlighting information warnings and errors related to audio data codec used and Bluetooth protocol implementation They are collectively called events in AES The AES window shows audio data plotted as PCM samples versus time in the Wave Panel The audio data codec and protocol events are also graphically displayed in the Wave Panel and with a single click on an event engineers a
387. robe Frame Display BPA 600 low energy capture SMP Code Pairing Contin Confirm Value Oxfic2569e1 3692125795345264256208a Figure 33 Responder Pairing Confirm Example ComProbe Frame Display BPA 600 low energy capture Initiator Responder The initiating device will generate a 128 bit random number that is combined with TK the Pairing Request command the Pairing Response command the initiating device address and address type SMP Pairing Request and the responding device address and address type The resulting O value is a random number Mconfirm that is sent to the responding MAPEO EAE device by the Pairing Confirm command The responding device will validate the responding device data in the Pairing Confirm command SMP Pairing Confirm 5confirm and if it is correct will generate a Sconfirm value using the same methods as used to generate Mconfirm only with different 128 bit random number and TK The responding device will send a Pairing Confirm command to the initiator and if accepted the authentication Mrand process is complete The random number in the Mconfirm and Sconfirm data is Mrand and Srand respectively Mrand and Srand sisia have a key role in setting encrypting the link Finally the master and slave devices exchange Mrand and Srand so that the slave can calculate and verify Mconfirm and the master can Figure 34 Message Sequence Chart likewise calculate and verify Sconfirm SMP Pairing B 5 4
388. robe hardware i POU Length 31 4 4 2 Coexistence View The Coexistence View displays Classic Bluetooth Bluetooth low energy and 802 11 packets and throughput in one view You access the Coexistence View by clicking its button LZ in the Control window or Frame Display toolbars or Coexistence View from the View menus m Coexistence View bpa bt le wf hs 18 842 packets cfa B x File Format Zoom Navigate Spectrum Help BOOFle gt I amp gt IARNA Packets OAI Selected Viewport g rr Awg throughput ENS re Throughput Over Tinga Throughput bits s 9 34 We C Packet 0 D Payload Both Timeline D 5 GHz 2 4GHz Both Selected Auto Retransmit En oss Bad Packet D Configured Al Can t Decrypt Invalid IFS 82 Discontinuity Unknown Click on any bold entry above to enable navigation 4 j For Help Press F1 Figure 4 39 Coexistence View Window 137 ComProbe Sodera User Manual Chapter 4 Capturing and Analyzing Data 4 4 2 1 Coexistence View Menus The following tables describe each of the Coexistence View Menus P Coexistence View Capture 2015 14 02 104121 cfa File Format Zoom Navigate Spectrum Help Table 4 7 Coexistence View File Menu Selections Reset Resets the Coexistence View window to its default settings Exit Closes the Coexistence View window Table 4 8 Coexistence View Format Menu Selectio
389. rom the Options menu on the Control window To enable a setting click in the box next to the setting to place a checkmark in the box To disable a setting click in the box to remove the checkmark When viewing a capture file settings related to data capture are grayed out 253 ComProbe Sodera User Manual Chapter 7 General Information Single File System Settings xe Capture Mode Single File i Restart Capturing After Saving or Clearing Capture File Wrap File File Size in K 81373 Min Max Sta Advanced Figure 7 1 System Settings Single File Mode This option allows the analyzer to capture data to a file Each time you capture the file you must provide a file name The size of each file cannot larger than the number given in File Size in K The name of each file is the name you give it in the Name box followed by the date and time The date and time are when the series was opened e Restart Capturing After Saving or Clearing Capture File If the Automatically Restart feature is enabled the analyzer restarts capture to the file immediately after the file is closed e Wrap File When enabled the analyzer wraps the file when it becomes full The oldest events are moved out of the file to make room for new events Any events moved out of the file are lost When disabled the analyzer stops capture when the file becomes full Either reset the file or close your capture file to continue e File Si
390. rries PSM Select the protocol that L2CAP traverses to from the following e AMP Manager e AMP Test Manager e SDP e RFCOMM e TCS e LPMP e BNEP e HCRP Control e HCRP Data e HID 66 Chapter 3 Configuration Settings ComProbe Sodera User Manual AVCTP AVDTP CMTP MCAP Control IEEE P11073 20601 Raw Data Adding Deleting and Saving L2CAP Parameters 1 2 a From the Set Initial Decoder Parameters window click on the L2CAP tab Set or select the L2CAP decoder parameters Click on the ADD button The Intial Connection window displays the added parameters Initial Connections in effect from beginning of capture onward until redefined in the Set Subsequent Decoder Parameters dialog On the Slave side with CID 0000 Address 0 and DataSource 1 LAC AP is canying AMP Test Manager On the Master side with CID Gc0000 Address 0 and DataSource 2 L CAP is camying SMP On the Master side with CID k004e Address 0 LACAP is canying Raw Data Figure 3 36 Parameters Added to Decoder To delete a parameter from the Initial Connections window select the parameter and click on the Delete button Decoder parameters cannot be edited The only way to change a parameter is to delete the original as described above and recreate the parameter with the changed settings and selections and then click on the Add button L2CAP parameters are saved when the template is saved Adding a New or Saving
391. rs are an indicator that the analyzer is unable to keep up with the data The information below describes what happens to the data as it arrives what the error means and how various aspects of the analyzer affect performance Also included are suggestions on how to improve performance The analyzer s driver takes data from the driver and counts each byte as they are put into the driver s buffer The analyzer s driver tells the user interface that data is ready to be processed The analyzer takes the data from the driver s buffer and puts the data into the capture buffer Driver Buffer Overflows occur when the user interface does not retrieve frames from the driver quickly enough Buffer overflows are indicated in the Event Display window by a plus sign within a circle Clicking on the buffer overflow symbol displays how many frames have been lost There are several things that you can do to try and solve this problem e Use capture filters to filter out data you don t need to see Capture filters reduce the amount of data processed by the analyzer Ethernet Only e Close all other programs that are doing work while the analyzer is running Refrain from doing searches in the Event Display window or other processor intensive activities while the analyzer is capturing data e Timestamping takes up processor time primarily not in timestamping the data but in writing the timestamp to the file Try turning off timestamping from the Timestamping Opt
392. ry and carefully lifting it upwards until free of the contacts 10 Chapter 2 Getting Started ComProbe Sodera User Manual Connector kn Deca glide Figure 2 6 Sodera Battery Connectors bottom side shown To install the battery position the battery connectors over the connecters in the Sodera battery compartment Gently press down until the battery makes firm contact Figure 2 7 Sodera Battery Press to Make Contact Insert the battery cover tabs in the slots towards the Sodera front panel Lower the cover and use a screw driver to turn the fastener clockwise until it is firmly engaged 11 ComProbe Sodera User Manual Chapter 2 Getting Started Figure 2 8 Sodera Battery Cover Insert Tabs Sodera Battery Cover turn clockwise to secure 12 Chapter 2 Getting Started ComProbe Sodera User Manual After installing the battery apply power to the Sodera and power it up Check the battery charge on the front panel Battery Charge LEDs If a charge is necessary keep the Sodera connected to an external power source until the battery is fully charged Note When using the Sodera in Excursion mode and powered by the battery it is recommended 4 to have a fully charged battery before beginning data capture 2 2 Data Capture Methods This section describes how to load Frontline Test Equipment Inc ComProbe Protocol Analysis System software and how to select the data capture method for your specifi
393. ryption Request from Master Example ComProbe Frame Display BPA 600 low energy capture 297 ComProbe Sodera User Manual Appendicies LE LL Control Pkt LL ENC R5P Slave session key identiher SKDs bc28383344187892e Slave inaiakzation vector W3 5472235 Figure 19 Encryption Response from Slave Example ComProbe Frame Display BPA 600 low energy capture B 4 6 Encrypting The Data Transmission Data encryption begins with encrypting the link The Session Key SK is created using a session key diversifier SKD The first step in creating a SK is for the master device to send Link Layer encryption request message LL_ ENC_REQ that contains the SKD ter The SKD ter is generated using the LTK The slave receives SKD cer generates SKD oe and generates SK by concatenating parts of SKD aster and SKD ave The slave device responds with an encryption response message LL_ENC_RSP that contains SKD ve the master will create the same SK Now that a SK has been calculated the master and slave devices will now begin a handshake process The slave will transmit unencrypted LL START ENC REQ but sets the slave to receive encrypted data using the recently calculated SK The master responds with encrypted LL START ENC RSP that uses the same SK just calculated and setting the master to receive encrypted data Once the slave receives the master s encrypted LL START ENC RSP message and responds with an encrypted LL START ENC RSP mess
394. s Yes No Cancel If a device is marked as a Favorite it will not be deleted even if it is inactive If Hide Inactive Devices is active this tool is grayed out and is not active 39 ComProbe Sodera User Manual Chapter 3 Configuration Settings Edit Device Details Edit Device Details Bluetooth Address soe l14 fos fag Identity Resolving Key Device Class oe Identity Resolving Key Figure 3 4 Edit Device Details Dialog When a device is selected in the window and the Edit Device Details tool P is selected a dialog opens showing all the editable fields Double clicking on a selected field will also open the dialog If a dialog field is grayed out the field is not editable Fields with invalid entries will display a red background and the OK button is disabled S Note Editing of device details is not allowed during Analyzing The Favorite designation can be changed in this dialog in addition to directly clicking on the star in the table or by using the right click pop up menu Identity Resolving Key IRK Field e This field is only enabled for devices with a random resolving address These devices are either Smart LE or Smart Ready LE amp BR EDR technology The Bluetooth Address Random Address will be enabled and checked e This field is disabled for a valid IRK e Entered IRK values are validated against the BD_ADDR e Entering an invalid IRK results in an error mess
395. s System Settings Alt Enter bi bi Directories Check for New Releases at Startup Side Names Protocol Stack Set Initial Decoder Parameters Set Subsequent Decoder Parameters Automatically Request Missing Decoding Information Figure 3 25 Select Set Initial Decoder Parameters from Control window The Set Initial Decoder Parameters window opens with a tab for each decoder that requires parameters Set Initial Decoder Parameters Template Figure 3 26 Tabs for each decoder requiring parameters e Each entry in the Set Initial Decoder Parameters window takes effect from the beginning of the capture onward or until redefined in the Set Subsequent Decoder Parameters dialog Override Existing Parameters The Set Subsequent Decoder Parameters dialog allows the user to override an existing parameter at any frame in the capture where the parameter is used If you have a parameter in effect and wish to change that parameter e Select the frame where the change should take effect e Select Set Subsequent Decoder Parameters from the Options menu and make the needed changes You can also right click on the frame to select the same option 58 Chapter 3 Configuration Settings ComProbe Sodera User Manual Options Window Help Directories ww Check for New Releases at Startup Side Names Protocol Stack Set Initial Decoder Parameters Set Subs
396. s starts and stops recording and analysis sets capture options and provides file control The Wireless Devices Pane is always visible and cannot be docked however if the other panes are docked or not visible the Wireless Devices Pane can be expanded to fill the window pane area The Security Private Keys Piconet View and Event Log Panes can be arranged or collapsed to suit individual preferences To relocate the pane click on the pane header where the title appears and drag it to a new position By default the Piconet View and Private Keys pane are not shown and must be opened using the View menu When the Private Keys pane is shown it will initially appear as a tab in the Security pane The other open panes will automatically rearrange to suit the user s changes to the layout These Panes can be configured to Auto Hide by clicking on gq in the pane header or by right clicking on the pane header to reveal a view option pop up menu The pane will collapse and only the header is visible on one of the window borders To expand the pane hover the mouse cursor over the hidden pane header and it will expand to its original size and location Moving the cursor off the header or out of the pane will hide the pane again If you move the cursor off the header and into the pane the pane will remain unhidden as long as the cursor stays in the pane To unhide the pane hover over the pane to expand it and click on the pane will remain in its original
397. s 123 Apply Display Filters 121 124 126 ASCII 98 character set 264 viewing datain 98 ASCII Codes 264 ASCII Pane 118 Audio Expert System 181 bitrate 204 210 calibratioin 190 event type Audio 196 Clipping 200 Dropout 201 Glitch 201 Bluetooth 193 Codec 194 frame synchronization 217 operating mode referenced 185 190 318 ComProbe Sodera User Manual test file 185 Wave Panel 205 viewer 208 Auto Sizing Column Widths 116 Automatically Request Missing Decoding Information 91 Automatically Restart 253 Automatically Restart Capturing After Clear Capture Buffer 253 Automatically Save Imported Capture Files 253 Autotraversal 89 91 AVDTP 61 63 64 AVDTP Override Decode Information 64 B Baudot 98 251 Baudot Codes 265 Begin Sync Character Strip 100 Binary 97 225 Binary Pane 119 BL 266 Bluetooth Timeline Audio Expert System 218 Bookmarks 237 238 Boolean 124 129 Broken Frame 99 BS 266 Buffer 253 Buffer Overflow 253 Buffer File Options 253 Byte 95 97 119 264 Searching 228 byte export 111 ComProbe Sodera User Manual C Calculating Data Rates and Delta Times 95 Capture Buffer 253 255 Capture Buffer Size 253 Capture File 86 243 244 253 255 auto save imported files 253 capture to a series of files 253 capture to one file 253 changing default location of 257 changing max size of 253 255 framing captured data 90 importing 244 loading 243 reframing 90 removing framing markers 90 CFA fil
398. s to know the LTK because this is the shared secret used to encrypt the session There are two ways to provide this information and which to select will depend on the pairing method Just Works or Passkey Entry Figure 20 ComProbe BPA 600 low energy only datasource settings LE Encryption a Passkey Entry is easiest if you have the code that was Enter New Long Term Key displayed or entered during device pairing The code is what is used to generate the LTK Under LE Encryption enter the code in the Enter New PIN OOB data text box Enter New PIN OOB data b Just Works is more of a challenge because you must know the LTK that is created at the time of pairing and Current Long Term Key identification of an encrypted link e If your device was previously used in an encrypted capture session the device information including LTK can be found in the Device Database tab Figure 21 BPA 600 datasource Encryption Key Entry e Inadesign and development environment the LTK is often known beforehand e Capture of Host Controller Interface HCI events using ComProbe HSU can reveal the LTK which is contained in the HCI Link Key Request Reply command HCI capture is through direct connection to the device host controller The information obtained in a direct connection can later be used in a wireless encrypted capture session that requires prior knowledge of encryption keys 5 To start capture click on the Start Sniffing butt
399. showing the following steps will hide that filter but will not delete it 1 Select Hide Show Display Filters from the Filter menu onthe Hide Show Filters Frame Display window to open Filters the Hide Show Filters dialog The system displays the Hide Show aa Filters dialo g with a list of all user kong each frame where the protocol Data field ASCII Contains the Substring defined filters 2 Select the filter to be hidden from the cancel Hep combo box 3 Click the Hide button The Hide button is only showing if the selected filter is currently showing in the Frame Display 4 Click OK The Hide Show Filters dialog box closes and the system hides the filter and removes the filter tab from the Frame Display If a display filter is hidden the following steps will reveal that filter in the Frame Display 1 Select Hide Show Display Filters from the Filter menu in the Frame Display window to open the Hide Show Filters dialog The system displays the Hide Show Filters dialog with a list of all user defined filters 2 Select the filter to be revealed from the combo box 3 Click the Show button 4 Click OK The Hide Show Filters dialog box closes and the system reveals the filter in the Frame Display You can also open the Quick Filter dialog and check the box next to the hidden filter to show or hide a display filter 127 ComProbe Sodera User Manual Chapter 4 Capturing and Analyzing
400. sing Decode Information ComProbe software usually determines the protocol carried in an RFCOMM payload by monitoring previous traffic However when this fails to occur the Missing Decoding Information Detected dialog appears and requests that the user supply the missing information The following are the most common among the many possible reasons for a failure to determine the traversal 69 ComProbe Sodera User Manual Chapter 3 Configuration Settings e The capture session started after transmission of the vital information e The analyzer incorrectly received a frame with the traversal information e The communication monitored takes place between two players with implicit information not included in the transmission In any case either view the RFCOMM payload of this frame and other frames with the same channel as hex data or assist the analyzer by selecting a protocol using this dialog Note that you may use the rest of the analyzer without addressing this dialog Additional information gathered during the capture session may help you decide how to respond to the request for decoding information If you are not sure of the payload carried by the subject frame look at the raw data shown under data in the Decode pane inthe Frame Display You may notice something that hints as to the profile in use In addition look at some of the frames following the one in question The data may not be recognizable to the analyzer at the curre
401. size 124 Chapter 4 Capturing and Analyzing Data ComProbe Sodera User Manual NOT Condition where the protocol 7777 exists x Le lo lie Figure 4 26 Two Filter Conditions Added with an AND Operator 6 Click the plus icon on the left side of the dialog box and repeat steps 4 and 5 for the next condition Use the up t and down 4 arrow icons on the left side of the dialog box to order your conditions and the delete button pa to delete conditions from your filter 7 Continue adding conditions until your filter is complete 8 Include parentheses as needed and set the boolean operators 9 Click OK 10 The system displays the Save Named Condition dialog Provide a name for the filter condition or accept the default name provided by the system and click OK Save Named Condition Name This Condition a User Detined Conditions FilterQ Hep elp Figure 4 27 Save Named Filter Condition Dialog The Set Condition dialog box closes creates a tab on the Frame Display with the filter name and applies the filter When a display filter is applied a description of the filter Filter Include each frame where the protocol Daka exists appears to the right of the toolbar in the Frame Display windows Note The OK button on the Set Condition dialog box is unavailable grayed out until the VA condition selections are complete 2125 ComProbe Sodera User Manual Chapter 4 Capturing and Analyzing
402. sometimes there is no GATT discovery process because e The discovery has previously taken place and both devices stored the mappings and the discovery will not repeat at every subsequent connection e The developer owns both devices in the conversation and chose to ignore discovery because the mappings are known e The devices are in development and the code to perform the mappings has not been written yet The solution to this problem is to 1 define the mappings in a file and 2 then pre loading the mapping using the ComProbe software Creating handle UUID mapping file Create a file named ATT Handle UUID Preload ini in the root directory of C Users Public Public Documents Frontline Test Equipment My Decoders but the file can be located anywhere Assume that you want to create a GATT service starting at handle 1 Create a section in the ini file called Service Base Handles 268 Chapter 7 General Information ComProbe Sodera User Manual A A will be your first service Make the base handle equal to the handle of your service You can use all upper and lower case letters so you can have up to 52 service handles Next add the following section Advertiser Handles Generic Access Profile GAP AO 1800 A1 2803 A2 2a00 A3 2803 A4 2a01 A5 2803 A6 2a04 A few tings of note e Inthe code above lines begging with a semi colon are comments e If you want to change the base handle of the
403. st of all Event Symbols on page 99 for a list of all the special events shown in the analyzer and what they mean 4 3 7 2 Switching Between Hex Decimal Octal or Binary On the Event Display window the analyzer displays data in Hex by default There are several ways to change the radix used to display data Go to the Format menu and select the radix you want A check mark next to the radix indicates which set is currently being used Bookmarks Hexadecimal Decimal Octal Binary ASCI 7 bit ASCI EBCDIC Baudot Figure 4 9 Format Menu 1 Right click on the data display header labels and choose a different radix 5 a Cum FI Cam Tam Cam CU BP n i mi ml m l m Display numbers in Binary ES Display numbers in Octal Od O Display numbers in Decimal b 3 Display numbers in Hexadecimal Figure 4 10 Header labels right click 2 Or right click anywhere in the data display and select a different radix lThe base of a number system Binary is base 2 octal is base 8 decimal is base 10 and hexadecimal is base 16 97 ComProbe Sodera User Manual Chapter 4 Capturing and Analyzing Data Oa 9a P 30 Copy the selection and put it on the i24 Save As Go to an Event Number 5e 2f Find 197 Od Display Only Numbers 44 Display Only Characters Display Sides Together meee v Display all Event Information Display numbers in Binary D
404. state means that the analyzer finds events that match exactly the state of the control signals that you specify o First choose to search for an event where your choices exactly describe the state o This changes the normal check boxes to a series of radio buttons labeled On Off and Don t Care for each control signal o Choose which state you want each control signal to be in o Choose Don t Care to have the analyzer ignore the state of a control signal o When you click Find Next the analyzer searches for an event that exactly matches the conditions selected beginning from the currently selected event 232 Chapter 5 Navigating and Searching the Data ComProbe Sodera User Manual o If the end of the buffer is reached before a match is found the analyzer asks you if you want to continue searching from the beginning o If you want to be sure to search the entire buffer place your cursor on the first event in the buffer o Select one of the four radio buttons to choose the condition that must be met in the search o Select one or more of the checkboxes for Pin 1 2 3 or 4 o Click Find Next to locate the next occurrence of the search criteria or Find Previous to locate an earlier occurrence of the search criteria 5 1 7 Searching for Data Errors The analyzer can search for several types of data errors Searching for data error sallows you to choose which errors you want to search for and whether to search the DTE or DCE data
405. steady green light when capturing data To stop capturing data 1 Press the Capture button on the Sodera front panel 2 After a brief delay the Capture LED will turn off The capture file is saved to the Sodera hardware Starting a new capture will save the captured data in a new capture file 82 Chapter 4 Capturing and Analyzing Data ComProbe Sodera User Manual Limitations to Excursion mode Capture The only limitations to Excursion mode capture are e Battery life the internal battery has a one hour operating life In the case of capture periods exceeding one hour connect the Sodera hardware to an external power source e Internal memory the Sodera hardware has 32 GBytes of internal storage that is used to hold Excursion mode captures This storage can be managed using the ComProbe Protocol Analysis System on a computer e Number of Excursion mode captures there can be no more than 255 Excursion mode captures stored on the Sodera hardware Refer to Manage excursion mode captures dialog on page 29 for instruction on how to delete Excursion mode capture files from the Sodera unit Analyzing Data from Excursion mode Capture The procedure for protocol analysis of data captured in Excursion mode involves connecting the Sodera hardware to a computer recording a capture that was previously stored on that hardware unit and analyzing the data using the ComProbe Protocol Analysis System 1 Connect the Sodera hardware that co
406. t volume 3 Set the playback volume at DUT1 to maximum 4 Set the playback volume at DUT2 to minimum 5 Establish the Bluetooth connection and begin playback of the file on DUT1 if possible in Loop or Repeat mode to avoid having to continuously restart 6 Slowly increase the volume on DUT2 until it is at a comfortable level 7 If the audio sounds distorted reduce the playback volume at DUT1 and repeat Step 6 8 When the clarity of the audio is comparable to that heard when listening to the DUT1 device proceed with using Frontline s ComProbe Analyzer with Audio Expert System enabled to capture and analyze the Bluetooth data 192 Chapter 4 Capturing and Analyzing Data ComProbe Sodera User Manual 9 Visually observe the waveform in the Audio Expert System Wave Panel comparing it to the image above Figure 1 1 If the level of the 6 dB 0 9 sec duration 400 Hz tone a little over 2 3 of the way through the test is grossly above or below the 6 dB 50 volume grid line adjust the DUT1 volume accordingly and repeat this step Optimally it would be on or just below the 6 dB gridline but not above The peak should never hit the maximum positive or negative limits of the display 10 Find the Test ID Found event in the Event Table to verify that the system has transitioned to Referenced Mode and verify that the value for Channel Gain or Level as implemented in the Ul is within the range of va
407. te The last session Capture Options default settings ling When this button view is active Sodera is capturing data Clicking this button view will stop the data capture process and the button view will change to Record 33 ComProbe Sodera User Manual Chapter 3 Configuration Settings Table 3 3 a Toolbar Buttons EOU a Analyze This button is grayed out until a filter is set When this button view is active ComProbe software is not analyzing captured data Clicking this button will begin protocol analysis and the button will change to Analyzing This button can be clicked while actively capturing data Clicking this button view will disable any further filter selection ing When this button view is active ComProbe software is analyzing captured data The protocol analysis can be on while actively Recording data Clicking in this button will stop the protocol analysis and the button view will change to Analyze Filter Selection The Analyze button is available when a filter has been selected Filters are selected in two ways 1 Selecting devices in the Wireless Devices pane 2 Enabling inquiry packets by selecting Analyze Inquiry Process Packets in the Options menu 3 1 2 2 Wireless Devices Pane The Sodera Wireless Devices pane provides the user with information on active inactive and previously detected Bluetooth devices within range of the Sodera wide band receiver In performing analysis the user
408. tectable problems see the table in the audio event type table 186 Chapter 4 Capturing and Analyzing Data ComProbe Sodera User Manual The Test Script The Reference Audio used for Referenced Mode testing is generated aaa wes ea from scripts that define a series of audio segments Each segment lt SegmentArray gt provides an audio tone parameters including frequency amplitude paa al duration fade in and fade out durations and start time The script is a a an XML file delivered with the ComProbe Protocol Analysis System lt Frequency gt 100 lt Frequency gt software This file is used during Referenced mode testing for lt Level gt 95 lt Level gt he sniffed Ref Audi t f lt Cycles gt 10 lt Cycles gt comparison to the sniffed Reference Audio parameters o Aiken ak aurans frequency amplitude duration etc lt FadeIn gt 0 lt Fadeln gt lt FadeOQut gt O lt FadeQut gt Below is a sample script table and the resulting sample Reference lt StartTime gt 0 lt StartTime gt Audio wav file The generated wav file begins with a Test ID that is pc abla used to identify the sniffed audio as a Reference Audio file and the lt SegID gt 1 lt SegID gt Audio Expert System automatically switches from Non Referenced lt Opcode gt F lt Opcode gt lt Frequency gt 210 lt Frequency gt lt Level gt 3 lt Level gt lt Cycles gt 21 lt Cycles gt lt Duration gt 0 1 lt Duration gt lt FadeIn gt 0O lt FadelIn gt lt Fade
409. tem combines both filter definition and application in one dialog 1 Click the Display Filters icon Y on the Frame Display window or select Apply Modify Display Filters from the Filter menu to open the Set Condition dialog box The Set Condition dialog is self configuring which means that when you Select each frame under Conditions the following displayed fields depend on your selection With each subsequent selection the dialog fields will change depending on you selection in that field Set Condition S ee Currently Active Condition lt Untitled gt Include Exclude Condition Select each frame where the protocol m0 AVCTP X field x Command Response x Is Not Present v v All Fields Advanced Cancel Help Figure 4 24 Example Set Conditions Self Configuring Based on Protocol Selection 122 Chapter 4 Capturing and Analyzing Data ComProbe Sodera User Manual Set Condition 5 s Currently Active Condition Untitled Include Exclude Condition Select each frame in the range 187 to 234 Enter decimal numbers by typing in the number directly and hexadecimal numbers by starting the number with Ox Advanced Cancel Help Figure 4 25 Example Set Conditions Self Configuring Based on Frame Range 2 Select Include or Exclude to add filtered data or keep out filtered data respectively 3 Select the
410. terest 2 Click in the approximate center of the proposed selection This will place the Play Cursor in the area to be selected 3 Move the mouse cursor to the right or left of the Play Cursor click and hold then drag over the waveform segment of interest Release the mouse key The selection is surrounded by a blue border View waveform 1 Zoom in to the segment of interest details 2 Move the mouse cursor to the right or left limit of the waveform segment of interest click and hold then drag over the waveform segment of interest Release the mouse key The selection is surrounded by a blue border For either of the procuedures described in the table above once the selection is made details of the segment appear below and to the left of the waveform These details include selection start and stop range TO and T1 the time difference dT samples selected frequency and Bluetooth Frames selected Right clicking in the Waveform panel will open a pop up menu see Wave Panel amp Event Table Pop up Menu on page 214 Selecting Zoom to Selection will expand the selection to the full width of the Wave Panel Other selection option in the pop up are Select Area Clear Selection and Copy Selection 209 ComProbe Sodera User Manual Chapter 4 Capturing and Analyzing Data Bitrate Overlay Display 01 31 37 257 PM 01 31 44 990 PM 01 31 52 723 PM 01 32 00 457 PM 01 32 08 190 PM Figure 4 105 Actual Bitrate Overlay
411. ters of 50 ms duration The final tone is a 100 ms segment at 400 Hz defined as a Test ID Terminator Note that since the levels of all of these tones are at exactly 3 dBFS the peak levels 3 dBFS The value in the Info1 parameter of the Test ID Found event is optimally the value 23196 and may be converted to dBFS by the relationship info1 dBFS 20log He z Optionally the value can be interpreted as Channel Gain via the relationship info1 dB 20log ME z Table 4 22 Test ID Found Event info1 Maximum and Minimum Values Application Maximum 191 ComProbe Sodera User Manual Chapter 4 Capturing and Analyzing Data E a This table indicates the maximum and minimum Table 4 22 Test ID Found Event info1 Max acceptable levels for the Test ID Found Info1 imum and Minimum Values continued parameter in integer form decibel level in dBFS and ormat Application Heinen nimum Channel Gain in dB 3 ABFS BFS Example 1 For the case where the Info1 parameter is mm 9 AB converted to Channel Gain if the audio is speech i e transported via a SCO channel then a value of 11 9 dB Example 2 For the case where the Info1 parameter is converted to Channel Gain if the audio is music i e transported via an A2DP connection then a value of 16 9 dB is acceptable and a value of 17 1 dB is not is acceptable and a value of 12 1 dB is not For both cases
412. th another device must first pair with that device The Security Manager Protocol SMP carries out the pairing in three phases 1 The two connected Bluetooth low energy devices announce their input and output capabilities and from that information determine a suitable method for phase 2 2 The purpose of this phase is to generate the Short Term Key STK used in the third phase to secure key distribution The devices agree on a Temporary Key TK that along with some random numbers creates the STK 3 In this phase each device may distribute to the other device up to three keys a the Long Term Key LTK used for Link Layer encryption and authentication b the Connection Signature Resolving Key CSRK used for data signing at the ATT layer and c the Identity Resolving Key IRK used to generate a private address Of primary interest in this paper is the LTK CSRK and IRK are covered briefly at the end Bluetooth low energy uses the same pairing process as Classic Bluetooth Secure Simple Pairing SSP During SSP initially each device determines its capability for input and output IO The input can be None Yes No or Keyboard with Keyboard having the ability to input a number The output can be either None or Display with Display having the ability to display a 6 digit number For each device in a paring link the IO capability determines their ability to create encryption shared secret keys 295 ComProbe Sodera User Manual Appendici
413. the audio quality that may not be Bluetooth protocol related and the software will not be able to detect that HFP Playing the test file by calling a phone number Frontline provides the following phone numbers 434 964 1407 and 434 964 1304 that users can call to conduct speech audio data analysis over Bluetooth The calls can be made using the cellular network most common method or VoIP Again the VoIP provider might use custom codecs and cause undesirable behavior which cannot be detected by Audio Expert System software Playing the test file using Third party Apps Bluetooth Audio Expert System Reference mode testing can be accomplished using third party apps on Android iOS and Windows phones The following apps are available from their respective App stores 188 Chapter 4 Capturing and Analyzing Data ComProbe Sodera User Manual e BTmono Android e Blue2Car IOS e Windows Headset player lite 4 Note When selecting and using these apps thoroughly review all the vendor documentation While Frontline has conducted testing of these apps Frontline has not completed full interoperability testing with our library of Bluetooth devices and does not warrant the use of these apps with every device when using the following procedures Frontline does not provide support or maintenance for third party apps Any issues or questions should be directed to the app developer In the following steps Device Under Test 1 DUT1 is
414. the captured serial HCI traffic out of the Linux system using TCP IP over Ethernet Over on the PC running ComProbe software they will use a simple TCP IP listening program to bring the data into the PC and this program will hand the data off to ComProbe software using the Live Import API B 6 9 Virtual Sniffing and You If you are a Bluetooth stack vendor a Bluetooth chip maker or a maker of any other products where integrating your product with ComProbe software s Virtual sniffing is of interest please contact Frontline to discuss your requirements There are numerous approaches that we can use to structure a partnership program with you We believe that a partnership with Frontline is an easy and cost effective way for you to add value to your product offering salg Appendicies ComProbe Sodera User Manual If you are end customer and you want to take advantage of Virtual sniffing all you need to do is buy any Frontline Bluetooth product Virtually sniffing comes standard with product 316 ComProbe Sodera User Manual Appendicies Author Eric Kaplan Publish Date May 2003 Revised December 2013 31 Appendicies Index A A2DP Decoder Parameters 61 Aborted Frame 256 About Display Filters 121 About L2CAP Decoder Parameters 66 Absolute Time 262 Add a New or Save an Existing Template 60 Adding a New Predefined Stack 89 Adding Comments To A Capture File 243 Advanced System Options 255 Apply Capture Filter
415. the device sending the reference test file to DUT2 Download the third party app to DUT1 and follow the app vendor s instructions for installation and use Load the Audio Expert System reference test file Test_1 02_64 1kHz_16Bit wav on DUT1 The test file is stored on the users computer In the directory Frontline ComProbe Protocol Analysis System Development Tools Audio Expert Test Files delivered with your latest Frontline ComProbe software version may have changed Vi Note Reference test files are periodically updated Shown here is an example Files Contact Frontline Technical Support for information on the latest reference file versions With the Sodera connected to the computer configure the datasource and follow procedures to capture data Launch Audio Expert System by clicking on the Control window rr Turn on Bluetooth on your DUTs DUT1 and DUT2 Turn on the third party Bluetooth app for routing the reference file over A2DP or HFP by following the vendor s directions Send the reference test file from DUT1 to DUT2 via the third party app Observe the events in the Audio Expert System Events Table Look for an event Description TestIDFound REF Test ID 1 02 Channel Gain 11 8 dB TermFreq 400 0 Pi Note This is an example The display may vary with the reference file version The ComProbe analyzer has successfully detected the reference test signal and the system is locked into reference mode 189
416. this field will vary with the Key Type P256 or P196 Allows the user to switch the Private Key between little endian and big endian format The public key will be updated to reflect the changes made to the private key seis ComProbe Sodera User Manual Chapter 3 Configuration Settings Table 3 10 Private Key Entry Dialog Fields continued The Public Key is calculated automatically when the Private Key is completely entered X first half of the key The Public Key is calculated automatically when the Private Key is completely entered Y second half of the key To Add igg a Private Key 1 Select one of the following connection types to set the length of the Private Key field a P256 Secure Connection or b P192 Legacy Connection 2 Enter the Private Key in hexadecimal into the Private Key field a P256 field type takes 64 hexadecimal characters b P196 field type takes 48 hexadecimal characters Note If after entering the private key you change the Key Type from P256 to P192 the Si Private and Public key fields will truncate to the correct length for P192 key type However this does not work in the reverse direction The Private Key may also be pasted in The copied key pasted in may have been in either big endian or little endian format The Reverse button allows the user to reverse the format for use with their particular device 3 Once the Private Key field is completely filled in the Publi
417. time range used by the timelines When no packets are in the time range each of the two packet numbers is drawn with an arrow to indicate the next packet in each direction and can be clicked on to navigate to that packet the packet number changes color when the mouse pointer is placed on it in this case eA arrow points to the next packet when no packets are in the time range 15T Fan arrowed packet number changes color when the mouse pointer is on it Clicking navigates to that packet The header shows information for packets that are selected The footer shows the beginning ending timestamps and visible duration of the timelines The i buttons bring up channel information windows which describe channel details for each technology They make for interesting reading 165 ComProbe Sodera User Manual Chapter 4 Capturing and Analyzing Data 802 11 5 GHz Only channels with a base value of 5 GHz and spacings of either 20 or 40 MHz are shown here Due to space limitations each channel is drawn with fied spacing Instead of being spaced relative to its distance from other channels as 1s done with 2 4 GHz channels with the exception of 802 11 channel 14 Figure 4 70 5 GHz information window Bluetooth Classic There are 79 Classic channels Each channel is 1 MHz wide and has the indicated center frequency Channels do not overlap 0 2402 MHz 1 2403 MHz 2 2404 MHz 3 2405 MHz 4 2406 MHz 5 2407 MHz 6 2408 M
418. ting ComProbe software data views such as Frame Display Bluetooth Timeline etc to expedite the root cause analysis of Bluetooth protocol related audio issues When a frame is selected in any ComProbe software data views the corresponding audio data associated with those frames is also selected in the Wave Panel Event Timeline and Event Table and vice verse Protocol analysis tools synchronized to the Audio Expert System include e Frame Display e Coexistence View 21 ComProbe Sodera User Manual Chapter 4 Capturing and Analyzing Data e Bluetooth Timeline e Message Sequence Chart e Packet Error Rate Statistics When a portion of the waveform is selected in the Wave Panel all frames within the selection will be highlighted in the Frame Display Coexistence View and Bluetooth Timeline Note If the Frame Display is filtered to show non audio events then the frames associated with H selected audio events may not show 4 6 Data Audio Extraction You use Data Audio Extraction to pull out data from various decoded Bluetooth protocols Once you have extracted the data you can save them into different file types such as text files graphic files email files mp3 files and more Then you can examine the specific files information individually 1 You access this dialog by selecting Extract Data Audio from the View menu or by clicking on the icon from the toolbar D i m Data Audio Extraction Settings
419. tton Clicking the Swap button swaps the positions of the Throughput Graphs and the Timelines 152 Chapter 4 Capturing and Analyzing Data ComProbe Sodera User Manual m Coexistence View bpa bt le wf hs 18 842 packets cfa File Format Zoom Navigate Spectrum Help a D HE ARN Packets O All Selected Viewport Viewport Packet Range 590 Packets Avg throughput 1 sec throughput zg selected Packet None Throughput bits s bits s a j Packet 3 Payload Both Timeline 5GHz 2 4GHz Both selectet Auto Retransmit Bad Packet Can t Decrypt Invalid IFS Discontinuity 2 4 GHz Channels LE Devices Configured All Click on any bold entry above 802 11 Tx 00 00 00 22 21 be to enable navigation H For Help Press Fl Figure 4 51 Small Timeline and large Throughput Graph after pressing the Swap button 44 217 Dots button The dots on the data points can be toggled on and off by clicking the Dots button Dots are different sizes for each technology so that they reveal overlapping data points which otherwise wouldn t be visible A tooltip can be displayed for each dot Dots can be removed for greater visibility of the plots when data points are crowded together 1 Show Zoom Figure 4 52 Dots Toggled On and Off 153 ComProbe Sodera User Manual Overlapping Dots d Classic Bluetooth top 4 Bluetooth low enegy middle r L
420. tton to Analyzing Stop Analyze Stops decoding data from selected wireless devices Performs the same function as setting the Sodera datasource Capture Toolbar Analyze Analyzing button to Analyze Shift Clears or saves the capture file F10 21 ComProbe Sodera User Manual Chapter 2 Getting Started Table 2 7 Control Window Options Menu Selections Live amp Hardware Settings 0 Classic Capture File 1 Bluetooth low energy I O Settings 0 Classic 1 Bluetooth low energy System Settings Alt Opens the System Settings dialog for configuring capture Enter files Directories Opens the File Locations dialog where the user can change the default file locations Check for New When this selection is enabled the program automatically Releases at Startup Protocol Stack checks for the latest Frontline protocol analyzer software releases Opens the Side Names dialog used to customize the names of the slave and master wireless devices Opens the Select a Stack dialog where the user defines the protocol stack they want the analyzer to use when decoding frames Set Initial Decoder Parameters Opens the Set Initial Decoder Parameters window Each entry in the window takes effect from the beginning of the capture onward or until redefined in the Set Subsequent Decoder Parameters dialog This selection is not present if no decoder is loaded that supports this feature Set Subsequent E Op
421. tware and used only for viewing capture files To reframe your data load your capture file select a protocol stack and then select Reframe from the File menu on the Control window Reframe is only available if the frame recognizer used to capture the data is different from the current frame recognizer In addition to choosing to Reframe you can also be prompted to Reframe by the Protocol Stack Wizard 1 Load your capture file by choosing Open from the File menu on the Control window and select the file to load 2 Select the protocol stack by choosing Protocol Stack from the Options menu on the Control window select the desired stack and click Finish 3 Ifyou selected a protocol stack that includes a frame recognizer different from the one used to capture your data the Protocol Stack Wizard asks you if you want to reframe your data Choose Yes 4 The analyzer adds frame markers to your data puts the framed data into a new file and opens the new file The original capture file is not altered See Unframing on page 90 for instructions on removing framing from data 4 2 4 Unframing This function removes start of frame and end of frame markers from your data The original capture file is not altered during this process You cannot unframe from the Capture File Viewer accessed by selecting Capture File Viewer or Load Capture File to start the software and used only for viewing capture files 90 Chapter 4 Capturing and A
422. udio packets are extracted without inserting the silence packets for the reserved empty slots P Note This option is for SCO eSCO only 7 Select Extract A Save As dialog appears Sever E AFH 0 FH ChangedCfa Frm The application will assign a file name and file type J fan for each profile you select in Step 1 above The file type varies depending on the original profile A separate file for each profile will be created but only for those profiles with available data 8 Selecta location for the file 9 Click Save The Data Extraction Status and Audio Extraction Status dialogs appear When the process is complete the dialogs display what files have been created and where they are located 219 ComProbe Sodera User Manual Chapter 4 Capturing and Analyzing Data Data Extraction Status BipBppFipOppProfiles cfa Audio Extraction Status BiphppFipOppProfile Status Fie Type One Stereo File Bpp dala extraction frashed Path C Documents and Setting wab Desktop dats Fip data extraction started Filename Status Foma Output File Documents and Sethngstab Deskion dela extrachon Ae Fip dala edracton brushed File Documents and SettingstobhDesklop deta extraction Fip dala edraction rashed File Documents mar Pa ana asha drocbon Md Processing Frame 540 1005 Fip data edraction CADocuments and Seltlings tab Deckiop data edractiorn Bipa pp
423. uent Decoder Parameters Show Hidden Panes b Sn 70 Chapter 3 Configuration Settings ComProbe Sodera User Manual Set Subsequent Decoder Parameters 131 RFCOMM Rules in effect from frame 131 onward until redefined here for a later frame On the Slave side with Server Channel 1 DLC 2 RFCOMM is carying Headset Overidden by user Change the Selected temto Cory i Remove Ovemide HS HF Undecoded RFCOMM Frames VCP UDI Raw Data Figure 3 39 Set Subsequent Decoder Parameters selection list Note If the capture has no user defined overrides then the system displays a dialog stating that 4 no user defined overrides exist 3 3 Mesh Security Bluetooth low energy mesh technology decryption requires a key or passphrase This information must be manually entered into the MeshOptions ini file located in the system My Decoders folder Refer to Changing Default File Locations on page 257 for information on folder locations Open a text editor program such as Windows Notepad and make the following changes to the MeshOptions ini file For Smart Mesh Table 3 12 Smart Mesh Keys Format Technology Identifier IV Index 2 bytes hexadecimal Application Key 16 bytes hexadecimal Network Key 16 bytes hexadecimal The following code is an example of Smart Mesh decryption key entry SmartMesh IV INDEX 0000 APP KEY 000000000000000000000000000000
424. uetooth Transmitter Classes Bluetooth transmitters are categorized by power classes that is by the amount of RF power output A Bluetooth Class maximum operating range is directly related to the power output The class is important in conductive testing because the DUTs and the ComProbe Sodera are connected directly to each other usually over small distances The absence of power loss which occurs during over the air transmission means that larger than normal power levels may be present at the receiving port Attenuation may be necessary to protect both the DUT and the ComProbe Sodera from excessive power input and to ensure reliable operation The table lists the maximum power and operating range for each Bluetooth Class Tables A 1 eo owe SESE slas Class M kimum Pow er Operating Range Jperi rating F 100mW 20dBm 100 meters Trw odem B 3 2 Test Equipment While exact conductive test setups are dependent on the specific circumstances surrounding the DUT RF interface the following equipment is required for all test setups 290 ComProbe Sodera User Manual Appendicies 1 Coaxial cable with adapter for connecting to DUT 1 2 Coaxial cable with adapter for connecting to DUT 2 3 Coaxial T connectors 1 for ComProbe Sodera 2 for ComProbe BPA 600 4 SMA adapters for connecting coaxial cable or attenuators to the ComProbe antenna connectors 1 for ComProbe Sodera 2 for ComProbe BPA 600 5 Attenuators depending o
425. uipmentyhMy Log Files My Methods C Users Public DocumentssFrontline Test EquipmentsMy Methods 4 IF Modify CO Use Last Opened Folder for Capture Files Figure 7 4 File Locations dialog 2 Select the default location you wish to change 3 Click Modify 4 Browse to a new location Specify My Decoders directory a di Public b gt di Desktop F d Public Documents r di Frontline Test Equipment di My Capture Files di My Configurations My Decoders di My Log Files gt di My Methods d My Node Databases _ lb e Figure 7 5 File Locations Browse dialog 5 Click OK 6 Click OK when finished 258 Chapter 7 General Information ComProbe Sodera User Manual If a user sets the My Decoders directory such that it is up directory from an installation path multiple instances of a personality entry may be detected which causes a failure when trying to launch Frontline For example if an Frontline product is installed at C Users Public Public Documents Frontline Test Equipment My Decoders then My Decoders cannot be set to any of the following e C My Decoders e C Users My Decoders e C Users Public My Decoders e C Users Public Public Documents My Decoders e or to any directory that already exists in the path C Users Public Public Documents Frontline Test Equipment My Decoders Default Capture File Folder Checkbox If the Use Last Opened Folder for Capture Files che
426. ur Android device should show up in this list confirming that ADB is working List of devices attached XXXXXXXXXXX device 5 In the terminal enter the following command to copy the HCI Log to your computer adb pull sdcard btsnoop_hci log B 2 4 Using the ComProbe Software to Get the Link Key You will load the HCI Log file btsnoop_HCl log into the ComProbe Protocol Analysis System on your computer as a capture file Then you can use the Frame Display to locate the link key 1 Activate the ComProbe Protocol Analysis System Refer to the ComProbe BPA 600 User Manual on fte com 2 From the Control window menu select File Open Capture File 3 When the Open window appears set the file type to BTSnoop Files log If not already selected navigate to the My Capture Files directory and select btsnoop_hci log 286 ComProbe Sodera User Manual Appendicies Frontline Test Equipment My Capture Files Organize New folder J E Pictures Name Date modified Type ell Subversion z TTT k __ btsnoop_hci log 2 4 2011 4 45 PM Text Document Videos jk Computer g Local Disk C C3 DVD RW Drive D CP goldmine5 rok GP erp5 ftmas90 G transfer ftshar G ups5 ftship V E document ftst 4 File name btsnoop_hci log oo F Figure 9 Select Capture File 4 Open the Frame Display 6 5 Inthe Frame Display protocol tabs select HCI See image below 6 Select Find AA click on the D
427. ure icon on the Control Event Display or Frame Display windows e Start capturing to a file immediately When the analyzer starts up it immediately opens a capture file and begins data capture to it This is the equivalent of clicking the Start Capture icon The file is given a name based on the settings for capturing to a file or series of files in the System Settings window e Start capturing immediately to the following file Enter a file name in the box below this option When the analyzer starts up it immediately begins data capture to that file If the file already exists the data in it is overwritten 7 1 2 Changing Default File Locations The analyzer saves user files in specific locations by default Capture files are placed in the My Capture Files directory and configurations are put in My Configurations These locations are set at installation Follow the steps below to change the default locations 1 Choose Directories from the Options menu on the Control window to open the File Locations window 257 ComProbe Sodera User Manual Chapter 7 General Information File Locations File Types Location My Capture Files C Users Public DocumentsFrontine Test Equipment hMy Capture Files My Configurations C Users Public DocumentsFronthne Test EquipmentsMy Configurations My Decoders CA sers4Public 3D ocuments4Prontine Test Equipment Decoders My Log Files C AU sers4Publie Documents Frontline Test Eq
428. uring wall be done while the Click the Browse icon to browse to a specific directory file is being svad Otherwise your file is saved in the default capture file directory Click OK when you are finished 242 Chapter 6 Saving and Importing Data ComProbe Sodera User Manual 6 2 Adding Comments to a Capture File The Notes feature allows you to add comments to a CFA file These comments can be used for many purposes For example you can list the setup used to create the capture file record why the file is useful to keep or include notes to another person detailing which frames to look at and why Bookmarks are another useful way to record information about individual frames To open the Notes window 1 Click the Show Notes icon This icon is present on the toolbars of the Frame Display 6 as well as the Event Display PD Notes can be selected from the Edit menu on one of these windows 2 Type your comments in the large edit box on the Notes window The Cut Copy Paste features are K Fs BR are all supported from Edit menu and the toolbar ae at the current cursor location supported from Edit menu and the toolbar when text is selected Undo and Redo features 3 Click the thumbtack icon pg to keep the Notes window on top of any other windows 4 When you re done adding comments close the window 5 When you close the capture file you are asked to confirm the changes to the capture file See Confirming Capture
429. us bar to suit the user s Toolbars Capture preferences Security Standard Event Log Status Piconet View Experimental Private Keys mordy Name Device 30 Chapter 3 Configuration Settings ComProbe Sodera User Manual View Pop Up Menu Right clicking in the toolbar any of the following window panes will display a pop up Cas N View menu that performs the same as the main View menu Private Keys ComProbe Sodera window menu and toolbars area Security Wireless Devices pane toolbar area lower half of pane header Event Log Customize Private Keys pane toolbar area lower half of pane header Capture Options dialog When Capture Options is selected from the Options menu a Capture Options dialog will ean ComProbe Sodera SN A1507 00021 At the top of the of the pop up window is a status Wireless Technologies bar that identifies the serial number of the mi connected Sodera hardware If no hardware is Capture Options connected the status will state ComProbe Sodera M Low Energy Spectrum Interval us 20 not connected and all selections are inactive If Sodera hardware is connected the Capture Options settings previously loaded into that hardware unit are displayed These settings will be Radio used for computer hosted and excursion mode data W Reduce RF sensitivity 20dB reduction captures involving that hardware unit until new Capture Options parameters are stored to the hardware We E
430. ut the pairing in three phases 1 The two connected Bluetooth low energy devices announce their input and output capabilities and from that information determine a suitable method for phase 2 2 The purpose of this phase is to generate the Short Term Key STK used in the third phase to secure key distribution The devices agree on a Temporary Key TK that along with some random numbers creates the STK 3 In this phase each device may distribute to the other device up to three keys a the Long Term Key LTK used for Link Layer encryption and authentication b the Connection Signature Resolving Key CSRK used for data signing at the ATT layer and 306 Appendicies ComProbe Sodera User Manual c the Identity Resolving Key IRK used to generate a private address Of primary interest in this paper is the LTK CSRK and IRK are covered briefly at the end Bluetooth low energy uses the same pairing process as Classic Bluetooth Secure Simple Pairing SSP During SSP initially each device determines its capability for input and output IO The input can be None Yes No or Keyboard with Keyboard having the ability to input a number The output can be either None or Display with Display having the ability to display a 6 digit number For each device in a paring link the IO capability determines their ability to create encryption shared secret keys The Pairing Request message is transmitted from the initiator containing the IO capab
431. value Figure 31 Sample Initiator Pairing Request used to identify the LTK A new EDIV is generated Decode ComProbe Frame Display BPA 600 each time a new LIK is distributed low energy capture 5 Random Number RAND 64 bit stored value used to identify the LTK A new RAND is generated each time a unique LTK is distributed Of particular importance to decrypting the encrypted data on a Bluetooth low energy link is LTK EDIV and RAND B 5 3 Pairing Methods The two devices in the link use the IO capabilities from Pairing Request and Pairing Response packet data to determine which of two pairing methods to use for generation of the Temporary Key TK The two methods are Just Works and Passkey Entry An example of when Just Works method is appropriate is when the IO capability input None and output None An example of when Passkey Entry would be appropriate would be if input Keyboard and output Display There are 25 combinations that result in 13 Just Works methods and 12 Passkey Entry methods In Just Works the TK O In the Passkey Entry method _ 6 numeric digits Input Keyboard 6 random digits Input Display lA third method Out Of Band OOB performs the same as Pass Key but through another external link such as NFC 307 ComProbe Sodera User Manual Appendicies SMP Code Pairing Confirm Contin Value Oxfade3 9494094 cbedbblfeeSiS9ScSd5 Figure 32 Initiator Pairing Confirm Example ComP
432. vent Display window To access the search by time function 1 Opena capture file to search 2 Open the Event Display BP or Frame Display 5 window 3 Click on the Find icon Ah or choose Find from the Edit menu 4 Click on the Time tab of the Find dialog Note The tabs displayed on the Find dialog depend on the product you are running and the content V4 of the capture file you are viewing Decode Pattem Time GoTo Special Event Bookmark Relative kamal sarap ataizi Bapu EET How Second 1 1 000000 Second a dh dl da Bilis e Go bo the bmestamp CG On o baoe the specified lima O Onor after the specihed lime Figure 5 6 Find by Time tab The analyzer can search by time in several different ways Search for Absolute Relative timestamp 226 Chapter 5 Navigating and Searching the Data ComProbe Sodera User Manual e Absolute An absolute timestamp search means that the analyzer searches for an event at the exact date and time specified If no event is found at that time the analyzer goes to the nearest event either before or after the selected time based on the Go to the timestamp selection e Relative A relative search means that the analyzer begins searching from whatever event you are currently on and search for the next event a specific amount of time away 1 Select Absolute or Relative 2 Select the date and time using the drop down lists for Month Year Day Hour Minute
433. vent Display KIER choose to search without regard for data origin the analyzer looks Fie Edt View Format Options Window Help for a pattern coming from one or both sides For example if you Pa a MB bi S2 AF ss 8 choose to search for the pattern ABC and you choose to search without regard for data origin the analyzer finds all three instances of ABC shown here The first pattern with the A and the C coming from the DTE device Event 16to 42 of Ea a and the B coming from the DCE is a good example of how using a Rate Deka CRC DTE CRC DCE side restriction differs from searching without regard to data origin No Timestamp No Timestamp 9c 35 While searching without regard for data origin finds all three For Help Press F1 patterns searching using a side restriction never finds the first pattern because it does not come wholly from one side or the other If you choose to search for the pattern ABC and you restrict the 4 Event Display f all search to just the DTE side the analyzer finds the following pattern Fie Ect Yew Format Options Window aga maisama In this example the analyzer finds only the second pattern highlighted above because we restricted the search to just the DTE side The first pattern doesn t qualify because it is split between the DTE and DCE sides and the third pattern though whole comes from just the DCE side Evert 16 to 42 of 6 425 27 events Rate Deka CREDTE CRC DCE NG Timestamp
434. vent Log To set a tabbed pane to full view left click and drag the tab outside the target pane The cursor positioning control will appear Position the pane using the positioning control and release the mouse key Using the View Menu The Sodera window View menu can be used to close or open the panes 3 1 3 Excursion Mode Excursion Mode allows the user to capture Bluetooth data while untethered from a computer This feature can make it easier to capture data while in a moving vehicle to capture data in places where a laptop cannot readily be used or to capture data in confined spaces for example Sodera s internal battery complements Excursion mode by providing sufficient power to capture data for up to an hour without being connected to an external power source 56 Chapter 3 Configuration Settings ComProbe Sodera User Manual Enable Excursion mode 1 Connect the Sodera hardware to a computer with a USB cable and start the ComProbe Protocol Analysis System 2 Inthe ComProbe Sodera window select Capture Options from the Options menu 3 Verify that the status message on the pop up indicates the serial number of the connected hardware 4 Check the box next to Enable Excursion mode captures and press OK The pop up will close and the Capture Options are saved to the connected Sodera hardware The saved Capture Options will travel with that specific Sodera hardware module and affect all subsequent captures performed with that un
435. vent Timeline Selected Event Pop Up 4 5 6 3 Event Table The Event Table lists all audio stream events Clicking on an event will select that event in the Event Timeline in the Wave Panel If the selected event is outside the visible area of the waveform the waveform will move and bring the selected event to the center of the display The event icon in the Event Timeline is also centered and the selected icon will be larger than the non selected event icons Selecting one or more events in the table will highlight the associated frames in the standard ComProbe software windows such as Frame Display Coexistence View Bluetooth Timeline etc Lock Event Table F Seventy Stream Id Event Type Mode Frame Number Description Timestamp N A Packet retransmission Mar 31 2014 12 52 38 080991 PM N A A2DP paused between devices 98 0D 2E 23 B6 2E and 00 07 62 0F 00 00 for stream 1 using codec SBC Mar 31 2014 12 52 45 553569 PM N A A2DP paused between devices 98 0D 2E 23 B6 2E and 00 07 62 0F 00 00 for stream 1 using codec SBC Mar 31 2014 12 52 45 617944 PM N A SCO connection request Mar 31 2014 12 52 46 151071 PM N A SCO connection established between devices 98 0D 2E 23 B6 2E and 00 07 62 0F 00 00 for stream 2 using cod Mar 31 2014 12 52 46 504191 PM N A SCO connection established between devices 00 07 62 0F 00 00 and 98 0D 2E 23 B6 2E for stream 3 using cod Mar 31 2014 12 52 46 504191 PM N A Codec CVSD Frequency 64000 Bits Pe
436. vent Type Audio continued Event Unexpected Duration Amplitude Fluctuations Unexpected Phase Change Reported when a tone segment of the Reference Audio file is shorter or longer than expected The system knows the Reference Audio file that is being played on the Source DUT and therefore knows how long a specific tone segment should last If either a change of amplitude or frequency arrives either before or after that programmed duration then the change is by definition unexpected This type of audio impairment can be caused by lost or corrupted data repeated data faulty packet loss concealment algorithms etc Reported if the system detects unexpected amplitude changes over a given interval The test tones in Frontline s Reference Audio files have a fixed amplitude level over their duration Therefore if the corresponding audio levels received over the air by the system fluctuates more than a specified level this level is based on the received audio stream parameters then the system generates an Amplitude Fluctuations event Provides a fine grained indication of lost or repeated energy The system knows when a specific tone should be expected During this interval the system checks that the measured average frequency is the same as the expected frequency If this is correct the system will continue to monitor the instantaneous frequency If the instantaneous frequency deviates sufficiently from the current av
437. ware and it provides indicators to show the power battery and capture status ComProbe Sodera User Manual Chapter 2 Getting Started Capture Battery Charge Indicator Antenna Connector SMA Hidden in this view Power and Capture Indicators Power Button Figure 2 1 Sodera Front Panel Controls and Indicators Power On Off Button Press and hold the button for at least 1 2 second and then release the button to power on or power off the system Pressing and holding the button for at least five seconds will initiate an emergency shut down sequence Status Indicators Colored LEDs show the status of power and capture Table 2 1 Sodera Front Panel Status Indicators Color State Status Indicated None Off Unit is powered off Unit is switched on m Blinking Unit is approaching its maximum thermal load and should be shut down Constant Unit has been al disabled due to thermal overload fins or Notstoy een Green Battery present and is at normal operating voltage Battery charging Chapter 2 Getting Started ComProbe Sodera User Manual Table 2 1 Sodera Front Panel Status Indicators continued Color State Status Indicated No host interface is connected Host interface is connected Amber Constant Internal error Unit is not actively capturing data Unit is capturing data Unit has engaged RF overload protection the RF signal is too strong Antenna SMA Connector Antenna attaching point
438. will display more data points Should the number of data points exceed 30 000 no data is displayed and a warning will appear in the graph area 4 4 2 19 Zoom Cursor Selecting the Zoom Cursor button changes the cursor to the zoom cursor Qi The zoom cursor is controlled by the mouse wheel and zooms the viewport and thus the Timelines and the Zoomed Throughput Graph The zoom cursor appears everywhere except the Throughput Graph which is not zoomable in which case the scroll cursor is shown When the zoom cursor is in the Timelines or Zoomed Throughput Graph zooming occurs around the point in time where the zoom cursor is positioned When the zoom cursor is outside the Timelines and the Zoomed Throughput Graph the left edge of those displays is the zoom point 4 4 2 20 Comparison with the Bluetooth Timeline s Throughput Graph The Throughput Graphs for Classic Bluetooth in the Coexistence View and the BluetoothTimeline can look quite different even though they are plotting the same data The reason is that the Coexistence View uses timestamps while the B uetoothTimeline uses Bluetooth clocks and they do not always match up exactly This mismatch can result in the data for a particular packet being included in different intervals in the two Throughput Graphs and can have a significant impact on the shapes of the two respective graphs This can also result in the total duration of the two Throughput Graphs being different Another facto
439. xport Event Table 2 22 oie a 217 4 5 7 Frame Packet and Protocol Analysis Synchronization 2 20 2 cece cece eee eceeceeeeeeee 217 46 Dia AUGIO EXTACUION aghast een cnet a aa deed samen AU Aa ha 218 Chapter 5 Navigating and Searching the Data u 22 2 cece cee cee eee eee eceeeeeeeeeees 221 Sal FUNG eee AA AA AND see seeeeaueecnte ai scensocceneeeed ETA E E ete ete sto 221 5 1 1 Searching within Decodes 2 2 eee a 222 5 1 2 Searching by Pattern lie eee ec cee cece eee eee eee eee eee eeeeeeeeeeees 224 5 1 3 Searching by Time 2 a 226 SI RA were see aces 228 5 1 5 Searching for Special Events eee eee cece eee cece cece cece cece cence eceeceeceeees 229 5 1 6 Searching by Signal _ 2 22 eee cece eee c ee cee eee cece eee eee e ee eeeeeeeeeeeees 230 5 1 7 Searching for Data Errors _ 22 22 cece cece ccc cee cee cece cece cece cece eceeceeceeceseeeees 233 5 1 8 Find Bookmarks 2 22 e eee cece ccc eee eee ce eee cece eee cence eceeeeceeceeeeees 235 5 1 9 Changing Where the Search Lands a 236 5 1 10 Subtleties of Timestamp Searching ee eee cece eee eee cee cece ee eeeeeeeees 237 Dez BOOKINGS AA ee eceeueecensceeseeees 237 5 2 1 Adding Modifying or Deleting a Bookmark e cece eee cece cece eee eeeeeee 237 5 2 2 Displaying All and Moving Between Bookmarks ee cee cece cece ceccccec
440. y and Character panes See Physical vs Logical Byte Display for more information Colors are used to show which protocol layer each byte belongs to The colors correspond to the layers listed in the Decode pane The Event Radix Binary Character and Decode panes are all synchronized with one another Clicking on an element in any one of the panes highlights the corresponding element in all the other panes 4 4 1 11 9 Change Text Highlight Color Whenever you select text in the Binary Radix or Character panes in Frame Display the text is displayed Text Higham oe with a highlight color You can change the color of the highlight Select Color 1 Select Change Text Highlight Color from the Cancel Options menu You can also access the option by right clicking in any of the panes Defaults 2 Selecta color from the drop down menu 3 Click OK The highlight color for the text is changed 119 ComProbe Sodera User Manual Chapter 4 Capturing and Analyzing Data Select Cancel to discard any selection Select Defaults to return the highlight color to blue 4 4 1 12 Protocol Layer Colors 4 4 1 12 1 Data Byte Color Notation The color of the data in the panes specifies which layer of the protocol stack the data is from All data from the first layer is bright blue the data from the second layer is green the third layer is pink etc The protocol name for each layer in the Decode pane is in the same color Note t
441. y and Private Key Encryption _ 48 Figure 3 16 Bluetooth low energy Passkey Decryption Not Enabled 48 Figure 3 17 Bluetooth low energy Passkey Entry a 48 Figure 3 18 Bluetooth low energy Passkey Decryption Enabled 22 2022 eee eee eee ee ee 49 Figure 3 19 Bluetooth low energy Passkey Invalid 2 22 2 c cece e cece eee cece cece eceeceeeeeeees 49 Figure 3 20 Private Keys Pane 12 2200 cee cee ce eee ee eee e cee ee ce eeeeee 50 X ComProbe Sodera User Manual Figure 3 21 Private Key Entry Dialog 2 iii cee cece cece eee anaa 51 Figure 3 22 Sodera Event Log Pane aa 53 Figure 3 23 Positioning by Cursor cece eee cece ence cece cece cece cece ccccccccncccceecnes 55 Figure 3 24 Position Control for Setting Tabbed Security Pane 2 22 cece cee eee cece eee eeee 56 Figure 3 25 Select Set Initial Decoder Parameters from Control window 2 58 Figure 3 26 Tabs for each decoder requiring parameters _ 2 2 2 e eee eee eee ee cece cece eceeeeeeees 58 Figure 3 27 Set Subsequent Decoder Parameters from Control window 2 2 2 2 59 Figure 3 28 Example Set Subsequent Decode for Frame 52 RFCOMM eee eee ee eee 59 Figure 3 29 A2DP Decoder Settings eee eee cece cece cece eee
442. y the filter criteria That is the criteria could be a single link or data for a particular technology 133 ComProbe Sodera User Manual Chapter 4 Capturing and Analyzing Data Display Example 1 Bluetooth low energy Access Address selected p Frame 1 Len 53 LE BB i Header Length 13 Header Version 3 H CP H 1 iw Channel Index 37 2402 MHz Meets Predefined Filter Criteria fo i Receive Status Received witho Decryption Initiated No Signal Strength 7 medium PDU Length 37 B LE PKT i Preamble Oxaa Access Address Ox8e89bed6 ke CRC Oxfe96e6 LE ADY i PDU Type ADY_IND i Advertiser Address Type random iv Payload Length 35 AD Data GAD Element i Length 2 i i AD Type Flags 3 GAD Data BR EDR Not Support LE General Discoverg B AD Element Length 11 i AD Type Complete list off i G AD Data UUID Health Therma UUID Heart Rate Map UUID Blood Pressurg UUID Weight Scale i i UID Body Composilf CG AD Element Length 13 NI Total Frames 6 767 Frames Filtered In For Help Press F1 Advertiser Address 0x712500000 File Edit View Format Filter Bookmarks Options Window Help GAS YY Se n GF LP Li 4 LA LA GS li ki protocol tabs a DoE 8 Q 909 Find Errors LE BB m LE PKT LE ADY LE DATA LE LL L2CAP SMP ATT Data L File Edit View Format Filter Bookmarks Options Win
443. yers from the list box 4 Click on selected layers in the list to de select or click the Reset Selected Layers button to de select all selected layers 245 ComProbe Sodera User Manual Chapter 6 Saving and Importing Data Frame Display Print Prowde mfomaton to expat dala trom the cunnently selected fiber tab Inoki Lieted Section Summary E Mo decode section C All layers O Selected layers onks 012 11 AMP BLETO SIF Frame Range E Selecion pen i AMP Manager ao Delete File Hote Binasa pani option map alfect whether ang gray background ic parted See Help ice info ok cance Hop Figure 6 1 Frame Display Print Dialog 5 Select the range of frames to include All or Selection in the Frame Range section of the Frame Display Print dialog Choosing All prints up to 1000 frames from the buffer Choosing Selection prints only the frames you select in the Frame Display window 6 Selecting the Delete File deletes the temporary html file that was used during printing 7 Click the OK button Frame Display Print Preview The Frame Display Print Preview feature provides the user with the option to export the capture buffer to an html file The maximum file size however that can be exported is 1000 frames If you chose Print Preview the system displays your data in a browser print preview display with options for printing such as page orientation and paper size You can also use your Printer Preferences
444. ze The size of the file will depend of the available hard disk space 1 Click the Min button to see set the minimum acceptable value for the file size 2 Click the Max button to see set the maximum acceptable value for the file size 254 Chapter 7 General Information ComProbe Sodera User Manual FTS4USB dl You can accept these values or you can enter a unique file size Butif you try to close the dialog after entering a value greater A Enter an integer between 1096 and 1848267 than the maximum or less than the minimum you will see the following dialog e Start up Opens the Program Start up Options window Start up options let you choose whether to start data capture immediately on opening the analyzer e Advanced Opens the Advanced System Options window The Advanced Settings should only be changed on advice of technical support 7 1 1 1 System Settings Disabled Enabled Options Some of the System Settings options are disabled depending upon the status of the data capture session e As the default all the options on the System Settings dialog are enabled e Once the user begins to capture data by selecting the Start Capture button some of the options on the System Settings dialog are disabled until the user stops data capture and either saves or erases the captured data e The user can go into the Startup options and Advanced system options on the System Settings dialog and make changes to the settings at

Download Pdf Manuals

image

Related Search

Related Contents

fichier 3 - CRDP de Montpellier  Manual Cover Pages  取扱説明書 - デロンギ・ジャパン  Vantec UGT-PC2S1P      STAR RAIDERS II  CONSOLE-KLIMAANLAGE INSTALLATIONSHANDBUCH  

Copyright © All rights reserved.
Failed to retrieve file