QEMU usb passthrough and the CC2540 BLE packet sniffer

I have one piece of hardware that has stubbornly resisted the permanent move to Debian in my office, an old Texas Instruments CC2540 USB dongle that has Bluetooth Low Energy packet sniffing firmware installed on it.

If you're doing anything out of the ordinary with a BLE device, such as fiddling with the advertisement data or trying to troubleshoot a GATT issue, you will eventually end up with a packet sniffer of some kind. When I originally bought it, the machine I plugged it into was running Windows Server 2016 and it worked fine. However, after I had upgraded that box to Windows Server 2019 the drivers stopped working. I had no further use for it at that stage so I put the CC2540 away. The need for a packet sniffer has returned, hence out it came again. Only now, that machine that was running Windows Server is running Debian and it appears there is no way to directly get something like Wireshark to talk to it.

QEMU to the rescue (again)

I do keep a Windows 10 virtual machine handy for running the odd bit of software that doesn't like Wine. I've never tried to get it to work with USB devices. It turns out to be pretty simple. The output from lsusb and lsusb -t looks like this:

drubie@chungus:/home/scan$ lsusb
Bus 009 Device 002: ID 03f0:1027 HP, Inc Virtual keyboard and mouse
Bus 009 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 002 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 008 Device 003: ID 0451:16b3 Texas Instruments, Inc. CC2540 USB Dongle
Bus 008 Device 002: ID 0a5c:21e8 Broadcom Corp. BCM20702A0 Bluetooth 4.0
...

In this case, I want the CC2540 on bus 8, device 3, to be hooked up to QEMU:

me@chungus:~/VM/Windows10$ cat startwin.sh
/usr/bin/qemu-system-x86_64 \
    -monitor stdio \
    -soundhw ac97 \
    -machine accel=kvm \
    -smp 6 \
    -m 22953 \
    -usb \
    -cdrom /home/drubie/VM/Windows10/en-us_windows_10_consumer_editions_version_2004_updated_october_2021_x64_dvd_36236115.iso \
    -hda /home/drubie/VM/Windows10/Windows_10_Pro_HDA.img \
    -boot order=dc,menu=off \
    -net nic,macaddr=xx:xx:xx:xx:xx:xx \
    -net tap,ifname=tap0 \
    -rtc base=localtime \
    -name "BORIS" \
    -device usb-tablet \
    -device usb-host,hostbus=8,hostaddr=3

It's as simple as that. Installing the Ti "SMARTRF Packet Sniffer" in the Windows VM was trivial and it happily sniffs packets again.

You do have to make sure you have the right permissions (I cheated for the photo above and ran the emulator as root). Should also note that the USB stuff in Windows Server 2019 seems very different to the more consumer friendly Windows 10.

Popular posts from this blog

Tailscale ate my network (and I love it)

Image
No matter where you go, there you are If you're like me, you travel occasionally. Access to your office from home, or from an airport lounge, or from a hotel room is paramount to being productive for most of us now. While I had a fairly simple Tailscale setup that got me into my test machines in the office, what I really wanted was to integrate my AWS production VPC into that system. It's surprisingly simple. Tailscale AWS instructions What do you want to do that for? In the "before tailscale" times, if I needed to test against the production AWS resources or connect dBeaver for database maintenance, I would edit the security group to add my IP address, do my testing, edit the security group to remove myself. This is as error prone as it sounds. I quite often forgot to remove my IP address from the allowed addresses, a major potential security risk when you are travelling. Tailscale has an extremely nifty way to get around it: if you run up a small ec2 ins
Read more

That magical word: Workstation

Image
Or how I came to own a HP 8760w 17" laptop I am reading a lot of retro-computing articles lately, I grew up in the 8 bit era and I have strong nostalgia for it. It does help to be realistic though, for all the love that things like the Amiga get, they were a dead end in terms of computing. What really ate the world was the boring old IBM-PC: flickery, interlaced multi-sync monitors, beige boxes and productivity software. There was another, relatively brief path the industry could have gone down though. The Workstation was king In retrospect, it might be a bit tough to put a circle around what constituted a workstation . Is a PERQ a workstation? Probably. Xerox Alto and Star? Definitely. Symbolics Lisp machines? Not sure. Probably? The real success stories came out of Apollo , Sun, HP,IBM,NeXT,DEC and Silicon Graphics. For a time it was a hot market, especially in what was known then as technical computing: research, manufacturing, CAD, graphics, simulations. If
Read more

Time machine: Solaris 2.6 on QEMU

Image
You can never go home A big chunk of my professional career in the 1990s was spent with a Sparcstation on my desk. Before that the 68000 Sun2 and Sun3 floated past my sticky fingers but the Sparc machines quickly superseded those. I don't remember too much about which ones: pretty sure there was at least one IPX, one Sparcstation 5, a Sparcstation 10 and then the last one was most likely an Ultra 1 or maybe even an Ultra 5. It was a long time ago. Every now and again I think about how productive those machines were and do a little Ebay digging on how much one would be worth to have around. Except I don't have the room for more machines and the idea of trying to revive 25 year old hardware from that era is well beyond my electronic capabilities. Never fear, QEMU is here. Following these excellent instructions from Adafruit , you too can install Solaris 2.6 and have your very own emulated machine. Note that there is one instruction in there I am not sure you need. A
Read more