i'm just beginning my bluetooth journey, and have some basic questions about sniffing/spoofing a BT remote control for an audio device (Topping DAC D50 iii)...
my goal: make a remote of my own design to control an audio device (and other AV devices) because the current remote goes to sleep too often and takes too long to wake up (sa well as to reduce the number of remotes required to drive my system)
if i have wireshark capture options set to bluetooth0 or bluetooth-monitor and have the BT remote paired to my computer, i see packets showing up that appear to correspond to the various buttons on the remote being pressed (all are ATT protocol, Info is "Rcvd Handle Value Notification, Handle: 0x0023 (Unknown)", 17 bytes, same handle, but a value that is unique to each button), and the remote is able to do some basic things like mute/unmute the sound on my computer and turn it off.
but if i use the "nRF Sniffer for Bluetooth LE" option and re-pair to the DAC during capture, i see the CONNECT_IND packet with the DAC as the source and the remote as the destination, the remote is able to control the DAC as expected (mute/unmute/etc), but i don't see any of the packets showing up when i push the buttons on the remote...
my limited understanding makes me wonder if the signals between the remote and the DAC are encrypted, and therefore not sniffable (though i read something in another post here that made me think that if i was capturing during the pairing of the devices, the required encryption key would be captured at pairing and subsequently used to capture encrypted packets, but as a beginner, i doubt my reasoning more than anything else)....
does anyone have any suggestions on how to capture the data being sent from my remote to the DAC so that i can program another device to send the appropriate info as if it was coming from the original remote?
thanks!
