Skip to main content
Android Debug Bridge (ADB) is essential for accessing Bluetooth HCI snoop logs on Android devices. These logs contain all Bluetooth communication that can be analyzed in Wireshark.

Prerequisites

  • Android device with Developer Options enabled
  • ADB installed on your computer
  • USB cable for device connection

Verifying Device Connection

Before capturing logs, confirm your device is properly connected: 
adb devices -l
Expected output: 
List of devices attached
XXXXXXXXXXXX   device usb:1-1 product:model transport_id:1
If no devices appear:
  • Ensure USB debugging is enabled on your device
  • Check your USB cable (some cables are charge-only)
  • Accept the debugging authorization prompt on your device

Capturing Bluetooth HCI Logs

Android can log all Bluetooth HCI (Host Controller Interface) traffic, which includes every BLE packet sent and received.
1

Enable HCI snoop logging

On your Android device:
  1. Go to Settings > Developer options
  2. Enable Bluetooth HCI snoop log
The exact location may vary by device. On some devices it’s under Bluetooth HCI snoop log or Enable Bluetooth HCI snoop log.
2

Use the Whoop app

Interact with the Whoop device through the app to generate the traffic you want to analyze (set alarms, toggle features, sync data, etc.).
3

Capture bugreport

Generate an ADB bugreport, which includes the HCI log:
adb bugreport logs
This creates a file named logs.zip containing system diagnostics and Bluetooth logs. The command may take 1-2 minutes to complete.
4

Extract HCI log

Unzip the bugreport archive:
unzip logs.zip
The Bluetooth HCI log is located at:
FS/data/log/bt/btsnoop_hci.log
5

Analyze in Wireshark

Open the HCI log file directly in Wireshark:
wireshark FS/data/log/bt/btsnoop_hci.log

When to Use Bugreport vs Live Capture

Bugreport Method

Best for:
  • Capturing extended sessions (overnight syncs, long activities)
  • When you need to reproduce behavior multiple times before analyzing
  • Documenting complete workflows for correctness verification
Limitations:
  • No real-time feedback
  • Must complete the entire workflow before analysis
  • Generates large files with system-wide logs

Live Wireshark Capture

Best for:
  • Real-time packet inspection during reverse engineering
  • Immediate feedback when testing custom commands
  • Interactive exploration of device behavior
Requirements:
  • ADB connection maintained during capture
  • Wireshark running with root privileges
See Wireshark for live capture setup.

Common ADB Commands

Check ADB Connection

adb devices -l

Restart ADB Server

If devices aren’t showing up: 
adb kill-server
adb start-server
adb devices -l

Pull Logs Manually

If bugreport is too slow, pull the HCI log directly (requires root): 
adb pull /data/log/bt/btsnoop_hci.log

Clear Bluetooth Logs

Before capturing a specific session: 
adb shell rm /data/log/bt/btsnoop_hci.log
Then disable and re-enable HCI logging in Developer Settings.

Troubleshooting

  1. Check USB debugging is enabled
  2. Try a different USB cable or port
  3. Revoke USB debugging authorizations in Developer Settings and reconnect
  4. Run adb kill-server && adb start-server
  1. Verify HCI logging was enabled before using the Whoop app
  2. Some devices store logs in different locations
  3. Try pulling the log directly: adb pull /data/log/bt/btsnoop_hci.log
The HCI log file requires root access on most devices. Use the adb bugreport method instead, which packages the logs with proper permissions.

Next Steps

Once you have HCI logs:
  • Open them in Wireshark and filter with btatt
  • Identify packet patterns for specific device features
  • Extract command sequences for replication with gatttool or Python

Build docs developers (and LLMs) love

Get started for freeTalk to us