PANalyzr Troubleshooting

No GPS Data
If the message “No GPS Data” is displayed repeatedly in the PANalyzr terminal window, this indicates that the GPS device did not initialize properly. Restarting the PANalyzr software usually resolves this issue.

Dumpcap permission error displayed
If the error message “Couldn’t run /usr/bin/dumpcap in child process: Permission denied” is displayed, type the following in a terminal window to resolve the issue:

• cd /usr/bin
• sudo chmod +x dumpcap

PANalyzr gets stuck / No packets in the Wireshark window
If there are no Bluetooth packets in the Wireshark window, attempt to generate the traffic again.

If packets are still not displayed in the Wireshark window, this could be an indication the detection
threshold is too high or low.

If any PANalyzr USB errors are displayed in the terminal window, hit the Enter button to close the
PANalyzr application, then re-attach the PANalyzr hardware to the computer.

If the LED on the PANalyzr Protocol Analyzer has changed to a flashing Red color, then close any open
PANalyzr terminal windows and re-attach the PANalyzr hardware to the computer.

Brackle Troubleshooting

BR/EDR (E0) “SRES Assert” Error
When running brackle for E0 decryption, the user must input a valid master Bluetooth address, slave
Bluetooth address and 128-bit link key. If incorrect values are provided, the brackle utility will generate
an error indicating an issue with the calculated Signed Response (SRES) value.

To resolve this, try the following solution options, then re-run the brackle utility:

• Check the slave Bluetooth address value for typos
• Check that the link key value provided is valid for the encrypted connection in the pcap file used
• Use the master Bluetooth address value in both the slave and master address parameter fields

Missing Packets
When running brackle for E0 decryption, the utility will search the provided pcap file for the necessary packets needed for decryption to work. If all of the required packets are not seen in the capture file, the missing packet types will be listed in the output, and the brackle utility will quit.

To resolve this, it is necessary to generate a new capture file and re-run the brackle utility on that file.

Failed E0 Decryption
Once brackle is done running on a BR/EDR capture file, and the new pcap file has been generated, the
file should be checked for valid decrypted packets. These packets will be displayed after any
LMP_start_encryption_req packet, but before any LMP_stop_encryption_req packet. If these previously
encrypted packets do not appear to have been properly decrypted and dissected in the new capture file,
it is possible the wrong device was used in the master Bluetooth address parameter when brackle was
run.

To resolve this, re-run the brackle application, utilizing the slave Bluetooth address value in both the
master and slave parameter fields.