These are some Bluetooth dongle, which support changing firmware with dfutool and tuning with bccmd. There is no guarantee that they still support flashing and tuning when you buy them, because vendors often tend to change the hardware without further notice.
Fujitsu Siemens
BLUETOOTH V2.0 USB-Stick
Cellink BTA-6030 Bluetooth Adapter
Other Dongle which seem to work (see comments on this article. not verified.):
Toshiba PA3455U-1BTM
Linksys USBBT100
Aircable Host XR
Hi piit!
I think AirSnifferDev59BC4.dfu is quite an new firmware. As I already pointed out before, frontline might have changed something in the layout of the firmware.
You can use the SPI connector to flash the dongle, but I do not know if there is an SPI connector on the Fujitsu dongle.
For flashing the bricked dongle have a look at this post: http://www.evilgenius.de/2007/06/11/de-bricking-your-bluetooth-dongle/
Hi hosh,
Thanks for your reply. After I’ve written my post I saw the article about de-bricking.
Unfortunately I can’t find some SPI pins. There are some testpoints but I don’t know the functions of them. Also I don’t have access to casira tool kit. So no chance to get this dongle back to life for me.
I’ve found and bought another Fujitsu dongle. Hopefully it arrives soon.
What is the latest correct Firmware to use? Could anyone provide this file?
Best regards,
pììt
If anybody else searches for the correct firmware … google is your friend … “Frontline.Bluetooth.Sniffer.v5.6.9.0.rar” 🙂
Best regards,
pììt
Hi
I am looking for a BC4-External bt dongle.
I guess the Trendnet TBW-104UB is the one I need.
Can any one confirm?
Thanks
Regards
dhcmega
device info:
lsusb
Bus 004 Device 002: ID 0a12:0001 Cambridge Silicon Radio, Ltd Bluetooth Dongle (HCI mode)
hciconfig -a hci0
hci0: Type: USB
BD Address: 00:11:F6:0A:F4:85 ACL MTU: 310:10 SCO MTU: 64:8
UP RUNNING PSCAN ISCAN
RX bytes:964 acl:0 sco:0 events:26 errors:0
TX bytes:351 acl:0 sco:0 commands:25 errors:0
Features: 0xff 0xff 0x8f 0xfe 0x9b 0xf9 0x00 0x80
Packet type: DM1 DM3 DM5 DH1 DH3 DH5 HV1 HV2 HV3
Link policy: RSWITCH HOLD SNIFF PARK
Link mode: SLAVE ACCEPT
Name: ‘localhost.localdomain-0’
Class: 0x000104
Service Classes: Unspecified
Device Class: Computer, Desktop workstation
HCI Ver: 2.0 (0x3) HCI Rev: 0xc5c LMP Ver: 2.0 (0x3) LMP Subver: 0xc5c
Manufacturer: Cambridge Silicon Radio (10)
How can I increase the working range? Besides gain atenna, firmware?
Thanks
dhcmega
hi
anyone know where i can get airsnifferdev46bc2.dfu? i have AirSnifferDev56BC4.dfu but it dont work with my d-link 120 thanks…
For those who have a BT-120. CHECK YOUR HARDWARE!
If you have a BC2 then use Airsnifferdev4Xbc2.dfu.
If you have a BC3 then use a……..4Xbc3.dfu.
And if you have a BC4 then use the file with bc4.dfu at the end.
I couldn’t get the bc4 to work, figured it was due to me having the bc2 hardware and viola!
Now how can I get this thing to capture raw data without specifying a master:slave combo?!!?!
Also, anyone working on a spectrum analyzer application for use with a modified dongle?
Would it be possible to use these kinds of modules for sniffing? These are BC4 with external flash.
http://www.seeedstudio.com/depot/serial-port-bluetooth-module-p-279.html
http://www.sureelectronics.net/goods.php?id=699
(These things can also be found on ebay for $17.99 from the same seller)
Hi,
I bought a D-Link DBT-120 revsion B4 (Bluecore2-External) and tried to flash it.
First I created a backup dfu.
I changed the product and vendor ID and it showed: UP RUNNING RAW and the RX/TX bytes rising.
Then I flashed it with airsnifferdev46bc2.dfu and it still showed: UP RUNNING RAW.
But after I re-plugged the dongle, it was dead …
Linux (Ubuntu and BT3) doesn’t show it in lsusb or hciconfig. And Windows XP only shows: USB device was not recognized (unknown device).
And I’m not able to re-flash it with my backup dfu: Can’t find any dfu devices
Anybody an idea why this happend? I thought the airsniffer with bc2 at the end is the right firmware…
Help would be great! Thanks.
Used a DBT-120. Set the vendor and product ID with DFU. Did that on linux. Switched over to windows. Downloaded frontline. Went to update dongle firmware with the frontline maintenance utility: get USB error, blah blah could not be accessed. The device may be in use by another application. Ideas?
Hey jen,
I had the same problem with my second DBT-120 B4. I got the same error as you. I clicked OK and tried it again later. It worked at the second try.
This time I flashed it on windows with the airsnifferdev47bc2.dfu and … now it’s working ;D
Some quick observations:
* A new DeLock 61478 (BT V2.0 Class 2, ModelNo. MDB-C4.20-2) has BlueCore4-ROM – sadly unusable
* An old Belkin F8T003 has BlueCore2-Ext, but when flashing with v2 firmware everything looks fine – RAW capability, RX/TX packet counter increasing – but it does not sniffer (via frontline -e). Has anyone actually managed a successful sniffing with BlueCore2 hardware? So far I’ve only seen definitive proof for BlueCore4…
– mS
* The 3com 3REB96B has BlueCore2-Ext and has the same problems as the Belkin F8T003. I’d advise to keep clear of BlueCore2-Ext dongles, unless someone manages to patch the firmware…
I am sorry I am not a programmer and Linux-expert.
Could someone list tool-names that run on windows?
I am not sure I even need to flash new firmware; although I would like tool-names for that.
But I am specifically interested in finding a windoze tool which displays signal-strength with good resolution, and reasonably fast update.
The signal-level display in the terrible Widcomm stack is really abysmal. Slooowwww update, and resolution is so bad it only has 4 levels…LOL
I am working on antenna tuning and positioning of various audio-links.
thanks much everyone,
grub
Hi,
I’m trying to set maximum transmit power bluetooth module (Free2Move 03GX). I know
bccmd Linux command, but using it, power didn’t change:
I’ve send
./bccmd psset 17 18
where 17 is pskey ‘Maximum transmit power’ and 18 is power value that
I want to set.
I’ve not any error but if I use my power
meter anything change.
(bccmd singlechan command work correctly)
Can you help me please? I’m student in Pisa
(Italy).
Thanks,
Alberto Vigolo
i am in south africa and i am looking for bluecore1 dongle.is there anybody who hane it in south africa,i am really looking for it.
can someone write for me steps on changing the transmission range of bluecore4 from class 2 to class 3(less than 1m communication)
There is any improvement of usability of the bluetooth device (BlueCore2DBT120) over the old firmwares? Not to sniff, but to use as a normal device, it would be somehow “upgraded” by this firmware? i actualy use the 18.2 HCI from apple 1.2 update and thats just terrible regarding a2dp (indeed has the hid function).
Can someone give a tip if installing this will serve for the user-only as an improvement? if not, where could i get the latest firmware to BlueCore2??
Hi guys,
I also have a D-link DBT-120 with bluecore02-ext and i confirm that I have patched successfully with bc2 firmware.
I also confirm testing it on windows for sniffing but I cannot make it work under linux for sniffing.
Any ideas?
Is it the fronline (or the csr_sniffer) code that does not work with bluecore02 devices?
Out of my own research looking for something that was initially used in the same way as most of these dongles are hoped to be used. Hospitals use hand held scanners for bar codes, etc. Socket Communications is a company that supplies some hospitals with equipment to talk to these scanning devices wirelessly. They use a Scanner Companion for this, and it’s a bluetooth usb dongle with a BC04-EXT (BlueCore4 external (memory) chip. For this specific purpose of scanning for devices in a professional environment, Socket Communications had asked CSR to partner with them for the term of this product. BL4543-734<————–product/manufacturer #. You may find some that have a different model #, but this is the one that I know has the BC04-EXT.
Of course you can bash me for the history lesson, its the internet:)
Acid190,
i’ve bought the BL4543-734 but i tried to push firmware and it’s not went well, which firmware did you used for is, and can you send it to
roee83 at gmail dot com.
thanks alot!
did any one managed to make the sniffer of BL4543-734 if yes please send me the dfu file you used to roee83 at gamil dot com, thanks alot!
Hello,
Newbie question… What tool are you using to display a dongle’s chipset and internally, as posted above?
I have some ingles i’d like to check.
I’m up interested in repurposing cheap BT dongles for a project i have in mind. I’ll be needing to dissassemble / reassemble software changes to activate I/O pins on disconnect. Or else I’ll have to add a low power, small mcu to do the work (inelegant).
Any pointers to info on hacking the code on these chipsets, like the bluecore-4 ext, or KC-22 is greatly appreciated.
Thanks
Kevin
Corrected!!!
Newbie questions… (1) What tool are you using to display a dongle’s chipset and internally, as posted above?
I have some dongles I’d like to check out.
I’m up interested in repurposing cheap BT dongles for a project I have in mind. I’ll be needing to dissassemble / reassemble software changes to activate I/O pins on disconnect of a BT pair. Or else I’ll have to add a low power, small mcu to do the work (inelegant, expensive, power hungry, real estate).
(2) Any pointers to information, how-to’s, tools, etc. on hacking the code of these chipsets, like the bluecore-4 ext, or KC-22, or others is greatly appreciated.
Thanks
Kevin
hey so im just getting into this stuff, and have been trying to track down a bc4-ext dongle for a while now anyway in case anyone else is still looking, i found one from digikey.
740-1004-ND ADAPTER BLUETOOTH 2.0 ECCN: 5A002A1
http://parts.digikey.com/1/parts/1390514-adapter-bluetooth-2-0-usb-rn-usb-t.html
root@bt:~# hciconfig -a
hci0: Type: BR/EDR Bus: USB
BD Address: 00:06:66:08:4C:07 ACL MTU: 384:8 SCO MTU: 64:8
UP RUNNING PSCAN
RX bytes:926 acl:0 sco:0 events:35 errors:0
TX bytes:494 acl:0 sco:0 commands:35 errors:0
Features: 0xff 0xff 0x8f 0xfe 0x9b 0xf9 0x00 0x80
Packet type: DM1 DM3 DM5 DH1 DH3 DH5 HV1 HV2 HV3
Link policy: RSWITCH HOLD SNIFF PARK
Link mode: SLAVE ACCEPT
Name: ‘bt-0’
Class: 0x480100
Service Classes: Capturing, Telephony
Device Class: Computer, Uncategorized
HCI Version: 2.0 (0x3) Revision: 0x6e6
LMP Version: 2.0 (0x3) Subversion: 0x6e6
Manufacturer: Cambridge Silicon Radio (10)
root@bt:~# hciconfig hci0 revision
hci0: Type: BR/EDR Bus: USB
BD Address: 00:06:66:08:4C:07 ACL MTU: 384:8 SCO MTU: 64:8
Build 1766
Chip version: BlueCore4-External
Max key size: 56 bit
SCO mapping: HCI
Bc4-ext shabang!!!!
Unfortunately, i just brick an USB BlueTooth Dongle which chipset is BC417-Ext.
The Dongle has chip BC417143 and K8D1716, i upgrade the firmware with airsnifferdev46bc4.dfu. But, at the last, it display:
bt tools # sudo ./dfutool -d hci0 archive firmware-backup.dfu
Available devices with DFU support:
1) Bus 2 Device 2: ID 0a12:0001 Interface 2
Select device (abort with 0): 1
Firmware upload … 646866 bytes
bt tools # sudo ./dfutool -d hci0 upgrade airsnifferdev46bc4.dfu
Filename airsnifferdev46bc4.dfu
Filesize 325936
Checksum d1bc6fd8 (valid)
Available devices with DFU support:
1) Bus 2 Device 4: ID 0a12:0002 Interface 2
Select device (abort with 0): 1
Can’t get status: No such device (19)
And, the Dongle is dead. So bad.
Could some one tell me, why? If i upload the wrong DFU file?
@king:
Have you tried this generic CSR DFU
http://www.insanelymac.com/forum/topic/266591-possible-csr-native-bluetooth/
Please tell me if it worked!