This tutorial is intended to get you up and running with your CatSniffer. It is supposed to be a starting point for any new user looking to learn how to use their board. We will take you from loading firmware to your board for the first time to your first sniffing.
What is CatSniffer?Before getting into it, we need to understand what the CatSniffer is. CatSniffer is a versatile IoT hacking tool that is compatible with Windows, Linux, and macOS. It can operate in three different frequencies: LoRa, Sub 1 GHz, and 2.4 GHz. CatSniffer uses the SimpleLink™ CC1352P7 device, a multiprotocol and multiband sub-1 GHz and 2.4 GHz wireless microcontroller (MCU). It also uses RP2040 as a USB-UART bridge to communicate with the CC1352 chip.
CatSniffer can be automatically programmed through the bootloader from TI CC, and it does not require an external programmer. It can be debugged with cJTAG. CatSniffer has an SMA antenna port for an antenna of your choice, as well as general-purpose LEDs and reset/bootloader buttons for user interaction.
ToolsThere are two main Python-based tools developed by us that we will use to interact with the board: Catnip and PyCatSniffer. Catnip is the preferred way of loading firmware to our board. It streamlines the process with features like automatic port detection and downloading the latest available firmware directly from our repository. Catnip is simple to use and works on any operating system. PyCatSniffer is a new tool we have developed to work with CatSniffer. It is based on the Texas Instruments packet sniffer firmware used with their Smart RF Packet Sniffer software. It is the main way to interact with the CatSniffer now. This tool currently supports BLE, Zigbee, Thread, and LoRa, but we are working on implementing more protocols as time goes on. This tool can also work with Wireshark.
Sniffing BLENow that we understand CatSniffer and the available tools, we can start with our first sniffing session. In this case, we will be sniffing BLE packets and displaying them on Wireshark. Wireshark is a network protocol analyzer that is really useful for displaying and decoding protocol packets. If you do not have Wireshark installed already, we suggest downloading it now from their official page. The installation process is very simple; just follow the installation wizard.
Note: We will be using Windows as our OS in this tutorial, but all the commands should be very similar if you are following along on Linux or MacOS.
1. We need to verify if our CatSniffer has the latest version of the RP2040 firmware in it. We can download the latest version of the firmware from the CatSniffer-Firmware repository. Go to the repository, and in the releases section, download the latest version of the SerialPassthroughwithboot_RP2040_v1.1.uf2 firmware.
2. Using the combination shown below, get the RP2040 into bootloader mode.
3. A new file explorer window will open. Drag and drop the downloaded file to this new window. If the loading process is successful, the window will close automatically. With the RP2040 ready, we can now focus on using Catnip to load firmware to the CC1352.
4. Clone the CatSniffer-Tools repository; this repository contains both Catnip and PyCatSniffer. You can do this by running the command:
git clone https://github.com/ElectronicCats/CatSniffer-Tools
Or by downloading the zip file from the GitHub page in the desired location.
5. Open a terminal window in the location of the repository and navigate to the Catnip folder. Before using Catnip, we have to install some necessary dependencies. We can do this using the command:
pip install -r requirements.txt
Now, to see the available firmwares, run the command:
python .\catnip_uploader.py releases
6. With your CatSniffer plugged into your computer, load the sniffer_fw_cc1252p_7 by running the command:
python .\catnip_uploader.py load sniffer --validate
7. There is one last thing that we need to do before starting to sniff. For Wireshark to be able to decode the BLE packets, we first need to configure the dissectors. We have our own dissectors that you can download from the releases section of the CatSniffer-Wireshark repository. There should be two files: catsniffer.dll and catsnifferx1262.dll. The first is used for IEEE 802.15.4, and the latter is used for LoRa.
8. Once you have downloaded the dissectors that match your operating system, open a new file explorer window and navigate to C:\Program Files\Wireshark\plugins\4.4\epan or the equivalent path for your OS. Copy the downloaded dissector here; you might require administrator privileges to do it.
9. We now need to set both dissectors in Wireshark. Open Wireshark and go to Edit > Preferences > Protocols > DLT_USER. Click on Edit… and, using the plus sign, add another entry with the following values:
catsniffer.dll
- DLT: User 0 (DLT=147)
- Payload dissector: catsniffer_rpi
- Header size: 0
- Trailer size: 0
catsnifferx1262.dll
- DLT: User 0 (DLT=147)
- Payload dissector: catsnifferx1262_rpi
- Header size: 0
- Trailer size: 0
Click OK, Apply, and then OK again. Close Wireshark.
10. We are now ready to use PyCatSniffer. Navigate to the previous folder using "cd..", then go to the PyCatSniffer folder using: "cd.\pycatsniffer_bv3\."
11. We will be sniffing BLE on channel 39 with a pipeline to Wireshark. If you would like to sniff something else, you can check the documentation for the tools on the CatSniffer Wiki. To begin sniffing, run the command:
python cat_sniffer.py sniff -phy ble --channel 39 -ff -ws
A Wireshark window will open automatically, and if the dissectors were correctly set up, you will see the parsed packets.
Ready to Start Sniffing?
Now that you’ve set up your CatSniffer and configured the tools, it’s time to put your board to the test! Plug in your CatSniffer, fire up PyCatSniffer, and explore the wireless traffic around you, whether it’s BLE, Zigbee, or LoRa. The best way to learn is by doing, so grab your board, follow the steps, and see what signals you can capture. Have questions or discoveries? Share them with the community and keep experimenting. Need more help or want to go further? Check out all the information and examples on our Wiki! Happy sniffing!
Comments
Please log in or sign up to comment.