CatSniffer is a small, portable device that can sniff, communicate, and attack IoT devices. It supports a wide range of protocols and bands and can be used with different types of software. This makes it a powerful tool for IoT security researchers, developers, and enthusiasts.
What makes CatSniffer an outstanding device?CatSniffer is a versatile IoT hacking tool that is compatible with Windows, Linux, and Mac. It can operate in three different frequencies: LoRa, Sub 1 GHz, and 2.4 GHz. CatSniffer uses the SimpleLink™ CC1352P7 device, a multiprotocol and multi-band Sub-1 GHz and 2.4-GHz wireless microcontroller (MCU). It also uses RP2040 as a USB-UART bridge to communicate with the CC1352 chip.
CatSniffer can be automatically programmed through the bootloader from TI CC, and it does not require an external programmer. It can be debugged with cJTAG through the default pin. CatSniffer has an antenna SMA port for an antenna of your choice, as well as general-purpose LEDs and reset/bootloader buttons for the RP2040, and CC1352.
Differences between versions.The CatSniffer v3 is the latest and greatest iteration of this popular IoT hacking tool. It boasts a powerful RP2040 microcontroller from Raspberry Pi, which is a significant upgrade over the SAMD21E17A microcontroller used in its predecessors. This enhanced processing power translates into improved performance across the board, enabling the CatSniffer v3 to tackle even the most demanding IoT hacking tasks with ease.
The CC1352P7 is a powerful multi-band wireless MCU from Texas Instruments. It features a 48-MHz ARM Cortex-M4F processor, multi-band wireless capabilities, low power consumption, and a wide range of peripherals. It also supports the WiSUN, Amazon Sidewalk, and MIOTY protocols, making it ideal for a variety of IoT applications.
Another notable improvement is the addition of a JTAG connection. This feature proves invaluable in cases where the CC1352P7 chip is incorrectly flashed, rendering it inoperable. With the JTAG connection, users can effortlessly erase all the flash and enable the serial bootloader again, effectively rescuing the CatSniffer v3 from a potential brick.
Furthermore, the CatSniffer v3 features the RP2040 connected internally, providing another avenue for recovery from bad flashes. Additionally, this internal connection facilitates bootloader upgrades on the CC1352P7 chip, ensuring that the CatSniffer v3 remains up-to-date and compatible with the latest advancements in IoT technology.
Tech SpecsRP2040
- Dual ARM Cortex-M0+ @ 133MHz
CC1352P7
- Powerful 48-MHz Arm® Cortex®-M4F processor
- Dynamic multiprotocol manager (DMM) driver
- Dual-band Sub-1 GHz and 2.4 GHz operation
- Programmable radio includes support for 2-(G)FSK, 4-(G)FSK, MSK, OOK, Bluetooth® 5.2 Low Energy, IEEE 802.15.4 PHY and MAC
SX1262
- LoRa and FSK Modem
- Integrated DC-DC converter and LDO
- +22dBm or +15dBm high-efficiency PA
- Low RX current of 4.6mA
- 88dB blocking immunity at 1MHz offset
- Automatic Channel Activity Detection (CAD) with ultra-fast AFC
Supported antennas
- 433 MHz up to 13dBm
- 2.4 GHz up to 10 dBm
There are multiple ways to flash/upload firmware to the different chips on the CatSniffer.
Using precompiled .uf2 files - Onlyfor RP2040
The easiest way to program CatSniffer is to use precompiled .uf2 files. These files are available for download from the CatSniffer GitHub repository. It is as simple as dragging and dropping a file to an external storage device.
Using the Python tool cc2538-bsl
Using the Python tool is the easiest and most recommended way to flash firmware to the CC1352, since it works on any operating system.
To learn more about the step-by-step procedure, please visit the CatSniffer Upload Firmware wiki section.
CatSniffer Hands OnCatSniffer, offers a range of firmware options to suit diverse needs. These include:
- catSniffer_LoRa: Enables string transmission (up to 256 characters) over LoRa networks.
- Sniffle: Boasts a comprehensive feature set, including BT5/4.2 support, channel selection, PHY mode compatibility, selective sniffing, parameter modification, advertisement filtering, extended advertising, multichannel capture, Python extension, PCAP export, and Wireshark compatibility.
- Air Tag Scanner: Detects AirTags in proximity and displays their information on the serial monitor.
- Air Tag Spoofer: Emulates an AirTag, allowing CatSniffer to be detected as such by compatible devices.
- Sniffer: Analyzes various IoT protocols and the packets they transmit.
Additionally, CatSniffer empowers users to develop custom firmware for specialized applications, catering to unique needs and exploration of new possibilities.
Here are some examples of the CatSniffer uses:
Using SniffleSniffle is a Bluetooth 5 and 4.x using TI CC1352 hardware. All the following instructions are obtained from the CatSniffer wiki, for further instructions visit it!
1. We have to upload the Serialpassthroughwithboot firmware to the RP2040 by dragging and dropping the.uf2 file.
2. Download the Sniffle.hex file and save it in a folder that we can access easily.
3. Download the cc2538-bls.py tool and save it in the same folder as the sniffle file.
4. Open a command window in the path where the files are located and run the commands specified in the section CC1352P7/P1/R1 of the CatSniffer wiki.
pip install pyserial
pip install intelhex
pip install python-magic
5. Use the command mode
to check what port the CatSniffer is using.
6. Once the com is identified we will run cc2538-bsl.py
tool in the CatSniffer.
Note: If you face any issue with connecting with the board you must put the CC1352P7 in bootloader mode.
7. Upload the sniffle.hex
firmware file to CatSniffer by using the following command: python cc2538-bsl.py -e -w -v -p COMXX sniffle.hex
8. Download or clone the Sniffle repository.
9. Open a new command window in the python-cli folder included in the Sniffle repository.
10. Run the python script sniff_receiver.py.
You can find more commands and examples in the section Usage Examples of the Sniffle repository.
In this case, we use the command python sniff_receiver.py -2 COMXX -c 38 -r 50 -a
. Allowing us to sniff all the advertisements on channel 38, ignore RSSI < - 50, and stay on the advertising channel even when CONNECT_REQs are seen.
CatSniffer is a versatile and powerful tool for wireless protocol analysis. It offers a wide range of pre-developed firmware to meet diverse needs, as well as the ability to create custom firmware for specialized applications.
If you are interested in learning more about CatSniffer, we recommend visiting the project's GitHub repository at the following link: CatSniffer Wiki.
In the repository, you will find detailed documentation about the board, as well as code examples and pre-developed firmware.
Visit our store to learn more about the Electronic Cats products: Electronic Cats Store.
Comments
Please log in or sign up to comment.