I wanted to get into Bluetooth Low Energy for quite some time now, but due to my OSCP studies I had other priorities. Thankfully, last month I passed, so now I can focus a bit on IoT/hardware hacking and my first step was the BLE_CTF project by @hackgnar.
To do the BLE_CTF I had two options: buy the pre-flashed ESP32 (this also supports @hackgnar) or build the whole thing from source. As I have too many microcontrollers lying around I choose the latter and documented the steps as well.
First we need to install a list of dependencies that will be used later.
sudo apt-get install gcc git wget make libncurses-dev flex bison gperf python python-pip python-setuptools python-serial
Download and extract toolchain
Next we will create the directories for the toolchain, wget the archive and extract it. The toolchain contains the compiler, linker and other required tools.
mkdir -p ~/esp cd ~/esp wget https://dl.espressif.com/dl/xtensa-esp32-elf-linux64-1.22.0-80-g6c4433a-5.2.0.tar.gz tar -xzf ~/Downloads/xtensa-esp32-elf-linux64-1.22.0-80-g6c4433a-5.2.0.tar.gz
Install Espressif IoT Development Framework
We need this as well for the ble_ctf build to work.
git clone --recursive https://github.com/espressif/esp-idf.git export IDF_PATH=~/esp/esp-idf python -m pip install --user -r $IDF_PATH/requirements.txt
Export toolchain location
We need this so make knows where to find our toolchain.
Cloning the ble_ctf git repository into our home folder
cd ~ git clone https://github.com/hackgnar/ble_ctf cd ble_ctf
Adding your user to the dialout group
In most cases you probably don’t have the permissions to read/write /dev/ttyUSB0. Adding yourself to the dialout group fixes it.
sudo usermod -a -G dialout $USER
Compiling and flashing the ESP32
Check if PATH contains the toolchain and that IDF_PATH exists. Check whether /dev/ttyUSB0 (or similar) is accessible. make menuconfig changes are only required if you don’t use the default /dev/ttyUSB0.
make menuconfig make make flash
The make should compile ble_ctf from source and make flash should flash the ESP32 with the binary.
If something went wrong you should probably check the following first:
- Is the toolchain in the PATH variable?
- Does the IDF_PATH variable exist?
- Are the paths correct? Is everything where it should be?
- Does /dev/ttyUSB0 exist? Are you using non-‘power only’ USB cable?
- Do you have read/write access to /dev/ttyUSB0?
If you are still stuck, follow the official steps for installing the toolchain and the development framework: Setup Toolchain If that didn’t work either, you probably should buy the pre-flashed ESP32 instead.