QEMU usb passthrough and the CC2540 BLE packet sniffer

I have one piece of hardware that has stubbornly resisted the permanent move to Debian in my office, an old Texas Instruments CC2540 USB dongle that has Bluetooth Low Energy packet sniffing firmware installed on it.

If you're doing anything out of the ordinary with a BLE device, such as fiddling with the advertisement data or trying to troubleshoot a GATT issue, you will eventually end up with a packet sniffer of some kind. When I originally bought it, the machine I plugged it into was running Windows Server 2016 and it worked fine. However, after I had upgraded that box to Windows Server 2019 the drivers stopped working. I had no further use for it at that stage so I put the CC2540 away. The need for a packet sniffer has returned, hence out it came again. Only now, that machine that was running Windows Server is running Debian and it appears there is no way to directly get something like Wireshark to talk to it.

QEMU to the rescue (again)

I do keep a Windows 10 virtual machine handy for running the odd bit of software that doesn't like Wine. I've never tried to get it to work with USB devices. It turns out to be pretty simple. The output from lsusb and lsusb -t looks like this:

drubie@chungus:/home/scan$ lsusb
Bus 009 Device 002: ID 03f0:1027 HP, Inc Virtual keyboard and mouse
Bus 009 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 002 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 008 Device 003: ID 0451:16b3 Texas Instruments, Inc. CC2540 USB Dongle
Bus 008 Device 002: ID 0a5c:21e8 Broadcom Corp. BCM20702A0 Bluetooth 4.0
...

In this case, I want the CC2540 on bus 8, device 3, to be hooked up to QEMU:

me@chungus:~/VM/Windows10$ cat startwin.sh
/usr/bin/qemu-system-x86_64 \
    -monitor stdio \
    -soundhw ac97 \
    -machine accel=kvm \
    -smp 6 \
    -m 22953 \
    -usb \
    -cdrom /home/drubie/VM/Windows10/en-us_windows_10_consumer_editions_version_2004_updated_october_2021_x64_dvd_36236115.iso \
    -hda /home/drubie/VM/Windows10/Windows_10_Pro_HDA.img \
    -boot order=dc,menu=off \
    -net nic,macaddr=xx:xx:xx:xx:xx:xx \
    -net tap,ifname=tap0 \
    -rtc base=localtime \
    -name "BORIS" \
    -device usb-tablet \
    -device usb-host,hostbus=8,hostaddr=3

It's as simple as that. Installing the Ti "SMARTRF Packet Sniffer" in the Windows VM was trivial and it happily sniffs packets again.

You do have to make sure you have the right permissions (I cheated for the photo above and ran the emulator as root). Should also note that the USB stuff in Windows Server 2019 seems very different to the more consumer friendly Windows 10.

Popular posts from this blog

Tailscale ate my network (and I love it)

Stupid stunts with WSL2 , Python3 and AWS ECS

Time machine: Solaris 2.6 on QEMU