What are the hardware requirements for btlejuice? Can I simply use a couple of macbooks, or should I run out and buy a couple Raspberry Pi's? Would I need to buy separate BT dongles?

I have a btlejuice proxy running on 127.0.0.1 port 9000:

[i] Using interface hci0
[info] Server listening on port 9000
[info] Client connected
Configuring proxy ...
[status] Acquiring target xx:xx:xx:xx:xx:xx
[info] Proxy successfully connected to the real device
[info] Discovering services and characteristics ...
[status] Proxy configured and ready to relay !

I connect the btlejuice host to this proxy, start the web interface, and select my BLE device.
I get error: cannot register services! and of course no packets captured.

$ sudo btlejuice -u 127.0.0.1 -p 9000 -w
   ___ _   _       __        _          
  / __\ |_| | ___  \ \ _   _(_) ___ ___ 
 /__\// __| |/ _ \  \ \ | | | |/ __/ _ \
/ \/  \ |_| |  __/\_/ / |_| | | (_|  __/
\_____/\__|_|\___\___/ \__,_|_|\___\___|

[i] Using proxy http://127.0.0.1:9000
[i] Using interface hci0
2017-01-12T13:46:57.040Z - info: successfully connected to proxy
2017-01-12T13:47:12.251Z - info: proxy set up and ready to use =)
2017-01-12T13:47:12.256Z - debug: start advertising
2017-01-12T13:47:12.260Z - error: cannot register services !

NB. I run btlejuice with sudo because otherwise I get this warning:

bleno warning: adapter state unauthorized, please run as root or with sudo
               or see README for information on running without root/sudo:
               https://github.com/sandeepmistry/bleno#running-on-linux

FYI, the btlejuice proxy is running inside a docker container. I checked that it has access to my BLE dongle (anyway it would have complained otherwise).

Hi,

After a few tries with different BLE devices, I cannot get Btlejuice to work.

I use 2 Debian VM (also tried with a physical and a VM), with 2 distinct Bluetooth 4.0 adapters.
Here is what happened when I try a MitM between TheQuicklock Doorlock and a Nexus 5X mobile device.
The process seems to work correctly, but once I double-click on the target, I can never use the mobile app to connect to the dummy device. The app just keeps searching for the doorlock without finding anything, and I can never see the "Connected" event on Btlejuice web interface.

After a while, a timeout happens, the connection established between the doorlock and the proxy is stopped.
Then, obviously I can use the mobile app correctly to lock and unlock my doorlock, but Btlejuice is not here watching anymore.

Here is the output:

On VM1 (bluetooth service active & hci0 up) :

sudo btlejuice-proxy

[i] Using interface hci0
[info] Server listening on port 8000
[info] Client connected
Configuring proxy ...
[status] Acquiring target 20:c3:8f:d9:19:09
[info] Proxy successfully connected to the real device
[info] Discovering services and characteristics ...
[status] Proxy configured and ready to relay !
[error] Remote device has just disconnected

On VM 2 (bluetooth service inactive & hci0 up):

sudo btlejuice -u 192.168.5.52 -w

[i] Using proxy http://192.168.5.52:8000
[i] Using interface hci0
2017-01-18T15:40:15.939Z - info: successfully connected to proxy
2017-01-18T15:40:25.118Z - info: proxy set up and ready to use =)
2017-01-18T15:40:27.088Z - debug: start advertising
2017-01-18T15:40:27.110Z - info: BTLE services registered
2017-01-18T15:40:27.113Z - info: Fixing Bleno handles ...
2017-01-18T15:41:23.732Z - warn: remote device has disconnected.

Any ideas ?
Thanks !

Template Literal is fastest, smallest and simplest template engine, because it use JS's literal template feature.

It's 55 times faster than EJS, and it also use less CPU and RAM ressources, so it may be a good idea to use it instead of EJS 😀

So I'm trying to pair my phone with a device through btlejuice and the phone does not pick up the device.

I suspect this is due to the adapter having a different address.

Apologies for making another ticket but is there a way to have btlejuice spoof the address of the victim device?

Hi,

Has anyone tried to use btlejuice with a fitbit surge? I am trying to get the MITM to work and i can't seem to figure out the issue.

My setup is as follows:
2 - separate VMs - They talk to each other successfully
2 - BT adapters. Each assigned to a VM. Model: tbw-106ub

Using the UI, I can select the target device (SURGE).
When I enable BT on my iOS device, it can't connect to the surge anymore. I think its somehow detecting maybe the address is different?

Has anyone had any success with this setup?

Edit:
I have an update based on some observations.
I think that the btleproxy tool is not creating a dummy device after I select my SURGE (or other devices).

The proxy shows:
[status] Acquiring target

When checking in BLE Scanner, we no longer see the SURGE (or other device which i want to "fake") because it is connected to btlejuice.

At this point, I was expecting to see in BLE Scanner the faked/dummy device. The device is never shown.

Any tips?

I'm posting this question again because the other one wasn't answered.
I have ubuntu 16.04 both on host and virtual machine, and was able to install everything correctly, I think, but when I connect to the web interface with the vm ip address I just see a blank page. same thing if I try to connect from the vm. What may be the cause?
Thanks in advance!

root@anonymous:~/btlejuice# btlejuice-proxy
internal/modules/cjs/loader.js:583
throw err;
^

Error: Cannot find module 'bluetooth-hci-socket'
at Function.Module._resolveFilename (internal/modules/cjs/loader.js:581:15)
at Function.Module._load (internal/modules/cjs/loader.js:507:25)
at Module.require (internal/modules/cjs/loader.js:637:17)
at require (internal/modules/cjs/helpers.js:20:18)
at Object. (/root/local/lib/node_modules/btlejuice/node_modules/noble/lib/hci-socket/hci.js:6:26)
at Module._compile (internal/modules/cjs/loader.js:689:30)
at Object.Module._extensions..js (internal/modules/cjs/loader.js:700:10)
at Module.load (internal/modules/cjs/loader.js:599:32)
at tryModuleLoad (internal/modules/cjs/loader.js:538:12)
at Function.Module._load (internal/modules/cjs/loader.js:530:3)
root@anonymous:~/btlejuice#

Hi, I'm very new to this but I have two VMs set up (Both Ubuntu 16.04) One is using my Mac bluetooth adapter (Proxy) and the other is using an ASUS BT dongle 4.0 (Host) When I run the proxy and the web interface they connect find and I press the shackle on a BT padlock I'm testing and it appears on the list of devices. When I double click on the device, the host hangs on 'info: Fixing Bleno handles ...' an then the device will eventually disconnect. Why is this happening?

hello all
My device is connected successfully. but I am unable to capture the device traffic in Btlejuice web host.
Vm terminal output is
xxxx@xxxx-virtual-machine:~$ btlejuice-proxy
[info] Server listening on port 8000
[info] Client connected
[i] Stopping current proxy.
Configuring proxy ...
[status] Acquiring target f8:1d:78:60:7e:42

Host terminal output is
xxxxx@xxxxxx:~$ btlejuice -u ipconfig -w

/ \ |_| | ___ \ \ _ () ___ ___
/// | |/ _ \ \ \ | | | |/ / _
/ / \ || | __/_/ / || | | (| __/
__/_||__/ _,|_|__|

[i] Using proxy http://xxx.xxx.xxx.xxx:8000
[i] Using interface hci0
2018-07-06T16:25:48.687Z - info: successfully connected to proxy
2018-07-06T16:26:02.592Z - info: proxy set up and ready to use =)

When I try to run btlejuice-proxy I keep getting the same error:

module.js:487
    throw err;
    ^

Error: Cannot find module 'bluetooth-hci-socket'
    at Function.Module._resolveFilename (module.js:485:15)
    at Function.Module._load (module.js:437:25)
    at Module.require (module.js:513:17)
    at require (internal/module.js:11:18)
    at Object.<anonymous> (/root/local/lib/node_modules/btlejuice/node_modules/noble/lib/hci-socket/hci.js:6:26)
    at Module._compile (module.js:569:30)
    at Object.Module._extensions..js (module.js:580:10)
    at Module.load (module.js:503:32)
    at tryModuleLoad (module.js:466:12)
    at Function.Module._load (module.js:458:3)

Then I tried to npm install bluetooth-hci-socket but I keep getting:

[email protected] install /root/node_modules/bluetooth-hci-socket
node-gyp rebuild

gyp ERR! configure error 
gyp ERR! stack Error: "pre" versions of node cannot be installed, use the --nodedir flag instead
gyp ERR! stack     at install (/root/local/lib/node_modules/npm/node_modules/node-gyp/lib/install.js:66:16)
gyp ERR! stack     at Object.self.commands.(anonymous function) [as install] (/root/local/lib/node_modules/npm/node_modules/node-gyp/lib/node-gyp.js:55:37)
gyp ERR! stack     at getNodeDir (/root/local/lib/node_modules/npm/node_modules/node-gyp/lib/configure.js:77:20)
gyp ERR! stack     at PythonFinder.callback (/root/local/lib/node_modules/npm/node_modules/node-gyp/lib/configure.js:44:7)
gyp ERR! stack     at PythonFinder.<anonymous> (/root/local/lib/node_modules/npm/node_modules/node-gyp/lib/configure.js:470:14)
gyp ERR! stack     at ChildProcess.exithandler (child_process.js:262:7)
gyp ERR! stack     at emitTwo (events.js:125:13)
gyp ERR! stack     at ChildProcess.emit (events.js:213:7)
gyp ERR! stack     at maybeClose (internal/child_process.js:897:16)
gyp ERR! stack     at Process.ChildProcess._handle.onexit (internal/child_process.js:208:5)
gyp ERR! System Linux 4.9.0-kali4-amd64
gyp ERR! command "/root/local/bin/node" "/root/local/lib/node_modules/npm/node_modules/node-gyp/bin/node-gyp.js" "rebuild"
gyp ERR! cwd /root/node_modules/bluetooth-hci-socket
gyp ERR! node -v v9.0.0-pre
gyp ERR! node-gyp -v v3.6.2
gyp ERR! not ok 
npm WARN enoent ENOENT: no such file or directory, open '/root/package.json'
npm WARN root No description
npm WARN root No repository field.
npm WARN root No README data
npm WARN root No license field.
npm WARN You are using a pre-release version of node and things may not work as expected

npm ERR! code ELIFECYCLE
npm ERR! errno 1
npm ERR! [email protected] install: `node-gyp rebuild`
npm ERR! Exit status 1
npm ERR! 
npm ERR! Failed at the [email protected] install script.
npm ERR! This is probably not a problem with npm. There is likely additional logging output above.

npm ERR! A complete log of this run can be found in:
npm ERR!     /root/.npm/_logs/2017-06-11T15_48_24_939Z-debug.log

Can someone help me please?

Could anyone explain me, why this not work in a Docker container?

Hi,
I have the following issue:
When i stop the bluetooth service, the hci0 interface goes down and i can't up it using the command "sudo hciconfig hci0 up". I have the error "Can't init device hci0: Connection timed out". How can i resolve it?

Thanks

I get this error all along..."unable to connect to proxy". Do i need to configure it manually?Help and guidance on this matter would be deeply appreciated.

Hello,

Does Btlejuice work with the new Bluetooth 4.2 functionality ?
I tried to make it work with several connected objects but without success at the connection level.

Thank you for help

Hello, I am very new to reverse engineering, BLE, node, javascript, linux, programming, etc. I am attempting to MitM a specific BLE device (https://www.homedepot.com/p/Genie-Aladdin-Connect-Smartphone-Enabled-Garage-Door-Controller-to-open-and-monitor-your-door-from-anywhere-ALKT1-R/206268108).

I've already determined the device does not use authentication or encryption and sends its payload to the Master every 30 seconds using a Notify of the Battery Level characteristic. The value it puts in for the Battery Level handle is actually the application-layer data the Master needs.

Here's the problem: when I insert the battery so the device starts advertising- it actually crashes btlejuice. I am running the proxy on a Pi 3 and connecting to it from a different Kali laptop. Btlejuice runs fine and shows the other BLE devices in the web interface but when I turn on this BLE device- btlejuice crashes with RangeError: index out of range.

I am so new to this I do not even know where to begin troubleshooting. I've attached a screenshot so you can see the error. It happens every time I turn on the BLE device. I actually get very similar errors when I attempt to use gattacker, the errors seem to be related to node or noble. Any help would be greatly appreciated. Thank you.

I've tried installing it on two macbook (macbook pro 2017 and macbook air 2015) and when running the proxy on one and the app on the other it seems to be able to scan for devices just fine. However, when I try to 'acquire target' it throws the following error:

[info] Server listening on port 8000
[info] Client connected
[i] Stopping current proxy.
Configuring proxy ...
[status] Acquiring target 38:89:2c:ae:ac:23
/Users/daniel/.nvm/versions/node/v8.7.0/lib/node_modules/btlejuice/proxy.js:196
    noble._bindings._gap._hci.on(
                         ^

TypeError: Cannot read property '_hci' of undefined
    at Proxy.acquireTarget (/Users/daniel/.nvm/versions/node/v8.7.0/lib/node_modules/btlejuice/proxy.js:196:26)
    at Proxy.configure (/Users/daniel/.nvm/versions/node/v8.7.0/lib/node_modules/btlejuice/proxy.js:169:10)
    at Proxy.<anonymous> (/Users/daniel/.nvm/versions/node/v8.7.0/lib/node_modules/btlejuice/proxy.js:93:12)
    at emitOne (events.js:115:13)
    at Socket.emit (events.js:210:7)
    at /Users/daniel/.nvm/versions/node/v8.7.0/lib/node_modules/btlejuice/node_modules/socket.io/lib/socket.js:503:12
    at _combinedTickCallback (internal/process/next_tick.js:131:7)
    at process._tickCallback (internal/process/next_tick.js:180:9)

Any ideas on why this may be happening? I saw that _bindings doesn't seem to have _gap or _gatts so it errors in other place if I remove that.

Hello,

First thanks for this great tool.
I started using it and it works great but I'm facing a problem when I enable notifications.
The write operation on the characteristic's descriptor is received by btlejuice but it is not correctly forwarded to the target device.
I used Wireshark to try to understand what happens :

• The "Write request" for the characteristic descriptor is sent by the central device to the fake peripheral
• The fake peripheral receive the request but forward a "Read by type request" to the target peripheral.

Do you have any idea from where this issue comes from ?
Thanks

Wireshark between central and fake peripheral :

BtleJuice log :

Wireshark between fake central and target peripheral :

Hi everybody,

I am having an installation issue that is killing me.
I want to install bleno on my raspberry pi 3b+ running raspbian buster. I used

npm install bleno

But I get the following error mnessages:

gyp WARN EACCES current user ("pi") does not have permission to access the dev dir "/root/.cache/node-gyp/12.16.1"
gyp WARN EACCES attempting to reinstall using temporary dev dir "/home/pi/bleproject/node_modules/bluetooth-hci-socket/.node-gyp"

...
../src/BluetoothHciSocket.cpp: In static member function ‘static void BluetoothHciSocket::Init(Nan::ADDON_REGISTER_FUNCTION_ARGS_TYPE)’:
../src/BluetoothHciSocket.cpp:128:82: error: no matching function for call to ‘v8::FunctionTemplate::GetFunction()’
   target->Set(Nan::New("BluetoothHciSocket").ToLocalChecked(), tmpl->GetFunction());

...
../src/BluetoothHciSocket.cpp:275:72: error: no matching function for call to ‘v8::Function::NewInstance(int, v8::Local<v8::Value> [1])’
   Local<Value> error = errorConstructor->NewInstance(1, constructorArgs);

...
gyp ERR! build error 
gyp ERR! stack Error: `make` failed with exit code: 2
gyp ERR! stack     at ChildProcess.onExit (/usr/local/lib/node_modules/npm/node_modules/node-gyp/lib/build.js:194:23)
gyp ERR! stack     at ChildProcess.emit (events.js:311:20)
gyp ERR! stack     at Process.ChildProcess._handle.onexit (internal/child_process.js:275:12)
gyp ERR! System Linux 4.19.75-v7+
gyp ERR! command "/usr/local/bin/node" "/usr/local/lib/node_modules/npm/node_modules/node-gyp/bin/node-gyp.js" "rebuild"
gyp ERR! cwd /home/pi/bleproject/node_modules/bluetooth-hci-socket
gyp ERR! node -v v12.16.1
gyp ERR! node-gyp -v v5.0.5
gyp ERR! not ok 
npm WARN saveError ENOENT: no such file or directory, open '/home/pi/bleproject/package.json'
npm notice created a lockfile as package-lock.json. You should commit this file.
npm WARN optional SKIPPING OPTIONAL DEPENDENCY: xpc-connection@~0.1.4 (node_modules/bleno/node_modules/xpc-connection):
npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for [email protected]: wanted {"os":"darwin","arch":"any"} (current: {"os":"linux","arch":"arm"})
npm WARN enoent ENOENT: no such file or directory, open '/home/pi/bleproject/package.json'
npm WARN bleproject No description
npm WARN bleproject No repository field.
npm WARN bleproject No README data
npm WARN bleproject No license field.
npm WARN optional SKIPPING OPTIONAL DEPENDENCY: [email protected] (node_modules/bluetooth-hci-socket):
npm WARN optional SKIPPING OPTIONAL DEPENDENCY: [email protected] install: `node-gyp rebuild`
npm WARN optional SKIPPING OPTIONAL DEPENDENCY: Exit status 1

+ [email protected]
added 4 packages from 5 contributors and audited 107 packages in 59.06s

1 package is looking for funding
  run `npm fund` for details

found 0 vulnerabilities

I tried installing bleno with alll kinds of node versions (different versions v12.x, v13.x, v10.x, v8.x, v11.x with nvm), none seem to work. It also seems like it has something to do with bluetooth-hci-socket that apparently can't be found.
I've tried installing it a bunch of time but I get similar errors, also this gyp ERR! stack Error: make failed with exit code: 2.

I'm grateful for any help!

Hello,
I was able to run the webserver and showed nearby ble devices:

Btlejuice created the dummy device for the pulse oximeter but when my oximeter application device was trying to connect to the dummy device its always showed "connecting"

For the Quardioarm it was always trying to make the dummy device but was never successful.

Does anyone face the same issue? I would really appreciate any suggestion here.

When selecting a target from the web interface the proxy seems to hang:

btlejuice-proxy

[i] Using interface hci0
[info] Server listening on port 8000
[info] Client connected
[i] Stopping current proxy.
Configuring proxy ...
[status]Â Acquiring target 00:0b:57:0c:61:c7

root@anonymous:~/btlejuice# btlejuice-proxy
internal/modules/cjs/loader.js:583
throw err;
^

Error: Cannot find module 'bluetooth-hci-socket'
at Function.Module._resolveFilename (internal/modules/cjs/loader.js:581:15)
at Function.Module._load (internal/modules/cjs/loader.js:507:25)
at Module.require (internal/modules/cjs/loader.js:637:17)
at require (internal/modules/cjs/helpers.js:20:18)
at Object. (/root/local/lib/node_modules/btlejuice/node_modules/noble/lib/hci-socket/hci.js:6:26)
at Module._compile (internal/modules/cjs/loader.js:689:30)
at Object.Module._extensions..js (internal/modules/cjs/loader.js:700:10)
at Module.load (internal/modules/cjs/loader.js:599:32)
at tryModuleLoad (internal/modules/cjs/loader.js:538:12)
at Function.Module._load (internal/modules/cjs/loader.js:530:3)
root@anonymous:~/btlejuice#

Hi, I'm trying to do a MiTM with two of my devices using btlejuice, it looks promising, but I am facing a problem, all steps work nicely until the using web interface section where I can connect but when I do it the proxy says Stopping current proxy without more details, it is when I press the Select target button that it throws an error:

/usr/lib/node_modules/btlejuice/node_modules/noble/lib/noble.js:76
throw error;
^

Error: Could not start scanning, state is unsupported (not poweredOn)
at Noble.startScanning (/usr/lib/node_modules/btlejuice/node_modules/noble/lib/noble.js:71:17)
at Proxy.scanDevices (/usr/lib/node_modules/btlejuice/proxy.js:656:9)
at null. (/usr/lib/node_modules/btlejuice/proxy.js:98:12)
at emitNone (events.js:67:13)
at Socket.emit (events.js:166:7)
at /usr/lib/node_modules/btlejuice/node_modules/socket.io/lib/socket.js:503:12
at nextTickCallbackWith0Args (node.js:489:9)
at process._tickCallback (node.js:418:13)

It is in the noble.js file line 76. I was trying a lot of things, enabling BT, disabling, connecting both devices and more without any success, Does the unsupported state means my BT adapter isn't right to do this? It is BT2.0
Thank you

hi,
i have made a set up with a Ubunut (Host) machine and a VM (Ubuntu -16.04) on it. Both are configured as per the instruction provided in BTLEJUICE home page. ran the BtleProxy in VM and could see the message "[status] Proxy configured and ready to relay".
Ran the command for web interface in host machine and could see the message " proxy set up and ready to use =)". i am unable to proceed further with data interception and data modification.

In Host machine, though i have connected a CSR 4.0 BT dongle, it is not listed for hciconfig command. and also how to spoof the BTADDR of target device connected with proxy. Kindly provide the instruction and let me know if anything is missing

When I do sudo btlejuice-proxy -i hci1

I get Using interface hciNaN

Any idea what is up with that?

Hi, thank you so much for this very helpful tool.

I'm able to successfully launch a MITM attack using my existing configuration. However, on one subset of devices I get a timeout on service discovery. IOW, the proxy is able to connect to the device, but not discover its services:

[info] Proxy successfully connected to the real device
[info] Discovering services and characteristics ...
[error] discovery timed out, stopping proxy.

I am able to connect to these devices and browse their services using the Apple Developer Tool Bluetooth Explorer. See a sample screenshot here:

I was wondering if you'd encountered this issue before and had any idea what could cause it.

Thanks so much.

Hello everyone, attempting to run btle-proxy on my macbook I get the following:

module.js:487
throw err;
^

Error: Cannot find module './build/Release/binding.node'
at Function.Module._resolveFilename (module.js:485:15)
at Function.Module._load (module.js:437:25)
at Module.require (module.js:513:17)
at require (internal/module.js:11:18)
at Object. (/usr/local/lib/node_modules/btlejuice/node_modules/xpc-connection/index.js:3:15)
at Module._compile (module.js:569:30)
at Object.Module._extensions..js (module.js:580:10)
at Module.load (module.js:503:32)
at tryModuleLoad (module.js:466:12)
at Function.Module._load (module.js:458:3)

Have also created a symbolic sudo ln -s nodejs node in usr/lib
Anyone could help me please?

Hi,

I have set up everything according the readme.

Client is successfully connected to the proxy.

But when I try to connect to the page (browser) I'm just getting a blank page.

I have a "error" on the guest machine.
After starting the btlejuice-proxy the shell is keep spamming the message: "noble warning: unknown handle 72 disconnected!".

I'm not sure if this is the entire problem or it should working with this "error" aswell.

Thanks!

Hello all,

Before you begin,

the command
"sudo btlejuice --iface hciX --mac [SPOOF] --proxy [IP] --web"
always answers me
"Can't open device hci-XXXXXXXXXX: No such device (19)
[!] The MAC address wasn't successfully spoofed:"
Without "Spoof the MAC address" option, btlejuice work correctly.
(why?)

the command
"sudo service bluetooth stop" always return after a "service bluetooth status"
#==========================================================================================
bluetooth.service - Bluetooth service
Loaded: loaded (/lib/systemd/system/bluetooth.service; enabled; vendor preset: enabled)
Active: active (running) since sam. 2017-07-29 13:40:35 CEST; 13min ago
Docs: man:bluetoothd(8)
Main PID: 2915 (bluetoothd)
Status: "Running"
CGroup: /system.slice/bluetooth.service
└─2915 /usr/lib/bluetooth/bluetoothd
#==========================================================================================
(why still in process ?)

I test the object in the title of this article but the object disconnects without stopping after proxy ready for replay.
The problems are they related ?

Thanks.

Hi

I would like to setup BtleJuice but i'm currently not able to get a working setup.

Tl;Dr

I can select a BLE device in the web interface but the web interface stays empty and I'm also not able to connect to the new advertised device.

Details

VM Setup

Used VirtualBox version:

$ virtualbox  -h
Oracle VM VirtualBox VM Selector v6.0.10
[...]

Download latest Kali VM for VirtualBox:

$ curl -LO https://images.offensive-security.com/virtual-images/kali-linux-2019.2-vbox-amd64.ova

Install VM:

• Import downloaded OVA in VirtualBox
• Network: Bridge to WiFI interface
• Create Snapshot

Start the VM. Change keyboard layount and timezone.

Update the VM:

# apt-get -y update && apt-get -y upgrade && apt-get -y dist-upgrade && apt-get -y autoremove && apt-get -y autoclean  && apt-get -y clean

Install basic software:

# apt-get install bluetooth bluez libbluetooth-dev libudev-dev

Install Node Version Manager (nvm):

# curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.34.0/install.sh | bash

Install and configure node version 8:

# nvm install 8
Downloading and installing node v8.16.0...
Downloading https://nodejs.org/dist/v8.16.0/node-v8.16.0-linux-x64.tar.xz...
########################################################################################################################### 100.0%
Computing checksum with sha256sum
Checksums matched!
Now using node v8.16.0 (npm v6.4.1)
Creating default alias: default -> 8 (-> v8.16.0)
# nvm use 8
Now using node v8.16.0 (npm v6.4.1)
# node --version
v8.16.0

Install BtleJuice

# npm install btlejuice

Installed in:

# ls -l node_modules/btlejuice/
total 268
drwx------ 2 root root   4096 Jul 26 10:36 bin
-rw------- 1 root root   1153 Sep 15  2016 CHANGELOG.md
-rwx------ 1 root root  10722 Jan 12  2017 core.js
drwx------ 3 root root   4096 Jul 26 10:36 doc
-rwx------ 1 root root  17080 Jan 13  2017 fake.js
-rwx------ 1 root root    623 Aug  5  2016 logging.js
drwx------ 3 root root   4096 Jul 26 10:38 node_modules
-rw------- 1 root root   1887 Jul 26 10:38 package.json
-rw------- 1 root root 175484 Jul 12  2017 package-lock.json
-rwx------ 1 root root  23458 Oct  5  2017 proxy.js
-rwx------ 1 root root   7173 Aug 24  2017 README.md
drwx------ 5 root root   4096 Jul 26 10:36 resources
drwx------ 2 root root   4096 Jul 26 10:36 views

Poweroff and clone the machine. Start these machines. Now there are two machines:

- Kali BLE 1
- Kali BLE 2

BLE Configuration

Start VM "Kali BLE 1".

No Bluetooth dongle available:

# hciconfig

Insert the Bluetooth dongle:

# journalctl -f
[...]
Jul 25 11:48:15 kali kernel: usb 2-2: new full-speed USB device number 4 using ohci-pci
Jul 25 11:48:16 kali kernel: usb 2-2: New USB device found, idVendor=0a12, idProduct=0001, bcdDevice=88.91
Jul 25 11:48:16 kali kernel: usb 2-2: New USB device strings: Mfr=0, Product=2, SerialNumber=0
Jul 25 11:48:16 kali kernel: usb 2-2: Product: CSR8510 A10
Jul 25 11:48:16 kali systemd[1]: Starting Load/Save RF Kill Switch Status...
Jul 25 11:48:16 kali systemd[1]: Reached target Bluetooth.
Jul 25 11:48:16 kali systemd[1]: Started Load/Save RF Kill Switch Status.
[...]

Bluetooth dongle is now available:

# lsusb
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 002 Device 004: ID 0a12:0001 Cambridge Silicon Radio, Ltd Bluetooth Dongle (HCI mode)
Bus 002 Device 002: ID 80ee:0021 VirtualBox USB Tablet
Bus 002 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub

# hciconfig
hci0:   Type: Primary  Bus: USB
        BD Address: 11:11:11:11:11:11  ACL MTU: 310:10  SCO MTU: 64:8
        DOWN
        RX bytes:574 acl:0 sco:0 events:30 errors:0
        TX bytes:368 acl:0 sco:0 commands:30 errors:0

# hciconfig  hci0 version
hci0:   Type: Primary  Bus: USB
        BD Address: 11:11:11:11:11:11  ACL MTU: 310:10  SCO MTU: 64:8
        HCI Version: 4.0 (0x6)  Revision: 0x22bb
        LMP Version: 4.0 (0x6)  Subversion: 0x22bb
        Manufacturer: Cambridge Silicon Radio (10)

# btmgmt info
Index list with 1 item
hci0:   Primary controller
        addr 11:11:11:11:11:11 version 6 manufacturer 10 class 0x000000
        supported settings: powered connectable fast-connectable discoverable bondable link-security ssp br/edr hs le advertising secure-conn debug-keys privacy static-addr
        current settings: br/edr
        name CSR8510 A10
        short name

Enable Bluetooth Low Energy (BLE):

# btmgmt le on
hci0 Set Low Energy complete, settings: br/edr le

# btmgmt info
Index list with 1 item
hci0:   Primary controller
        addr 11:11:11:11:11:11 version 6 manufacturer 10 class 0x000000
        supported settings: powered connectable fast-connectable discoverable bondable link-security ssp br/edr hs le advertising secure-conn debug-keys privacy static-addr
        current settings: br/edr le
        name CSR8510 A10
        short name

Briing the Adapter up:

# hciconfig hci0 up
# hciconfig
hci0:   Type: Primary  Bus: USB
        BD Address: 11:11:11:11:11:11  ACL MTU: 310:10  SCO MTU: 64:8
        UP RUNNING
        RX bytes:1172 acl:0 sco:0 events:64 errors:0
        TX bytes:1062 acl:0 sco:0 commands:64 errors:0

Bluetooth LE works:

# hcitool lescan
LE Scan ...
37:0A:E7:5B:01:A1 (unknown)
27:41:48:4D:31:1F (unknown)
10:B4:D6:63:32:44 (unknown)
59:1F:51:62:1E:BF (unknown)
37:0A:E7:5B:01:A1 (unknown)
27:41:48:4D:31:1F (unknown)
10:4E:89:41:0E:52 (unknown)
10:4E:89:41:0E:52 (unknown)
37:0A:E7:5B:01:A1 (unknown)
10:4E:89:41:0E:52 (unknown)
27:41:48:4D:31:1F (unknown)
10:B4:D6:63:32:44 (unknown)
37:0A:E7:5B:01:A1 (unknown)
27:41:48:4D:31:1F (unknown)
41:E3:D4:60:68:C1 (unknown)
41:E3:D4:60:68:C1 (unknown)
59:1F:51:62:1E:BF (unknown)
[...]

BtleJuice Setup

On Kali BLE 2 (Proxy)

Start BtleJuice Proxy:

# ./bin/cmd_btlejuice_proxy.js
[info] Server listening on port 8000
[info] Client connected

On Kali BLE 1 (Master)

Start BtleJuice Web Interface:

# ./bin/cmd_btlejuice.js -u 10.5.23.88 -w
   ___ _   _       __        _
  / __\ |_| | ___  \ \ _   _(_) ___ ___
 /__\// __| |/ _ \  \ \ | | | |/ __/ _ \
/ \/  \ |_| |  __/\_/ / |_| | | (_|  __/
\_____/\__|_|\___\___/ \__,_|_|\___\___|

[i] Using proxy http://10.5.23.88:8000
[i] Using interface hci0
2019-07-26T08:57:36.615Z - info: successfully connected to proxy

Access the web interface:

Scan for devices and select a device (the device LED shows that it is connected now):

On the proxy:

# ./bin/cmd_btlejuice_proxy.js
[info] Server listening on port 8000
[info] Client connected
[i] Stopping current proxy.
Configuring proxy ...
[status] Acquiring target 30:45:11:44:ee:30
[info] Proxy successfully connected to the real device
[info] Discovering services and characteristics ...
[status] Proxy configured and ready to relay !

On the web interface console:

# ./bin/cmd_btlejuice.js -u 10.5.23.88 -w
   ___ _   _       __        _
  / __\ |_| | ___  \ \ _   _(_) ___ ___
 /__\// __| |/ _ \  \ \ | | | |/ __/ _ \
/ \/  \ |_| |  __/\_/ / |_| | | (_|  __/
\_____/\__|_|\___\___/ \__,_|_|\___\___|

[i] Using proxy http://10.5.23.88:8000
[i] Using interface hci0
2019-07-26T08:57:36.615Z - info: successfully connected to proxy
2019-07-26T09:02:29.900Z - info: proxy set up and ready to use =)
2019-07-26T09:02:30.037Z - debug: start advertising
2019-07-26T09:02:30.048Z - info: BTLE services registered
2019-07-26T09:02:30.051Z - info: Fixing Bleno handles ...
2019-07-26T09:05:57.577Z - info: dummy: accepted connection from address: 40:b8:77:06:de:85
2019-07-26T09:05:57.578Z - info: dummy: disconnected from address: 40:b8:77:06:de:85
2019-07-26T09:06:07.383Z - debug: start advertising
2019-07-26T09:06:07.385Z - info: proxy set up and ready to use =)
2019-07-26T09:06:07.469Z - info: BTLE services registered
2019-07-26T09:06:07.470Z - info: Fixing Bleno handles ...

The fake device is advertised:

The web interface does not list any services of the device:

It's not possible to connect:

Trying to connect to the spoofed device. However, for example the offical Android App used for this device does not connect and also the nRF application is not able to connect. I assume that nRF should be able to connect, even if the MAC address was not spoofed to the original one.

Question

Does someone has an idea what I'm doing wrong? I don't see why my setup does not work.

Note: I have the same issues when I use gattacker.

Can I verify somehow if my Bluetooth dongles are "good" ones?

Thanks & best regards,
Emanuel

When I entered this: sudo btlejuice -u -w

/usr/local/lib/node_modules/btlejuice/bin/cmd_btlejuice.js:21
var btim = optional('btim');
^

TypeError: optional is not a function
at Object. (/usr/local/lib/node_modules/btlejuice/bin/cmd_btlejuice.js:21:12)
at Module._compile (module.js:577:32)
at Object.Module._extensions..js (module.js:586:10)
at Module.load (module.js:494:32)
at tryModuleLoad (module.js:453:12)
at Function.Module._load (module.js:445:3)
at Module.runMain (module.js:611:10)
at run (bootstrap_node.js:387:7)
at startup (bootstrap_node.js:153:9)
at bootstrap_node.js:500:3

Can I get some help. Is this an installation problem?

Thanks!!

Hi,

I cannot get it work!
I'm running Linux Min 17.2 in VirtualBox and I use one Dongle and the internal chip of my laptop.
But I get this error all the time:

btlejuice-proxy:

[i] Using interface hci0
[info] Server listening on port 8000
[info] Client connected
Configuring proxy ...
[status] Acquiring target e1:83:ce:44:3b:4d
[info] Proxy successfully connected to the real device
[info] Discovering services and characteristics ...
[status] Proxy configured and ready to relay !

btlejuice :

[i] Using proxy http://127.0.0.1:8000
[i] Using interface hci1
2016-09-01T11:44:48.684Z - info: successfully connected to proxy
2016-09-01T11:45:59.301Z - info: proxy set up and ready to use =)
2016-09-01T11:45:59.315Z - debug: start advertising
2016-09-01T11:45:59.321Z - error: cannot register services !

Any Ideas?
Thanks

Hi

I am doing research on BLE security. Your work is really helpful. However i am facing following issue

Scenario:
Two Kali Linux machines each having CSR 8510 Bluetooth dongle in a VM environment. VM's successfully connect to eachother but when i double click to connect to BLE device (a simple VR box bluetooth controller) error occurs (detailed error file attached) in discovering its services and characteristics. Moreover is there any way I can simulate BLE advertising device via nrf Connect so that i dont have to use physical ble device?

Your help is really appreciated in this!!!

error.txt

I was able to setup the proxy on a raspberry pi and use a virtual machine on my Macbook Pro as the host and have the host connect to the proxy. I then double-click the device (which happens to be a BLE smart lightbulb) in btlejuice web front-end and then the host connecting to the proxy throws the following error:

buffer.js:831
throw new RangeError('Index out of range');
^

RangeError: Index out of range
at checkOffset (buffer.js:831:11)
at Buffer.readUInt8 (buffer.js:869:5)
at Hci.processCmdCompleteEvent (/usr/lib/node_modules/btlejuice/node_modules/bleno/lib/hci-socket/hci.js:503:21)
at Hci.onSocketData (/usr/lib/node_modules/btlejuice/node_modules/bleno/lib/hci-socket/hci.js:427:12)
at emitOne (events.js:96:13)
at BluetoothHciSocket.emit (events.js:188:7)

I also have a question regarding the bluetooth adapter versions. My Macbook Pro's built-in bluetooth adapter is being shared with my linux VM and it is a 5.0 adapter. Does this matter if the adapter is 5.0 capable? My raspberry pi has a 4.0 adapter.

EDIT: Error Message

Hi all,

First thanks for this amazing tool?

I've created a demo environment with the CC2650STK and two raspberry pi. One execute BtleJuice and the other run a gateway based on Node.js.

Both, proxy and core are launched (Fig 1 and Fig 2). In addition, the dummy device is generated (Fig 3), but only appear 4 services incompletes. Finally, the BtleJuice UI allows intercepting and writing, however the value does not appear in gateway interface (Fig 4).

The question is: Why doesn't BtleJuice recognize all the services when it builds the fictitious device? Is there any way to add them?

I'll appreciate the responses.

Best regards,

Santiago

Hi. I am trying to use the web interface of btlejuice but as soon as I open it on the virtual machine I have :
[i] Stopping current proxy.

How should I solve this problem? The previous solutions did not help me.

Hello,
I have installed recent version of node and npm:

After that trying to install btlejack and got this error:

I am using csr4.0 usb for bluetooth.
Would really appreciate any help. Thanks

after installation

1. iot@ubuntu:~$ sudo btlejuice-proxy
   [info] Server listening on port 8000
   [info] Client connected

2. iot@ubuntu:~$ sudo btlejuice -u 127.0.0.1 -w

   ---

/ \ |_| | ___ \ \ _ () ___ ___
/// | |/ _ \ \ \ | | | |/ / _
/ / \ || | __/_/ / || | | (| __/
__/_||__/ _,|_|__|

[i] Using proxy http://127.0.0.1:8000
[i] Using interface hci0
2019-12-17T09:11:58.205Z - info: Stopping BT service ...
2019-12-17T09:11:58.236Z - info: successfully connected to proxy
2019-12-17T09:12:00.736Z - info: Making sure interface hci0 is up ...

looks everything installed properly but ui is not loading

Machine details
iot@ubuntu:$ nodejs -v
v8.10.0
iot@ubuntu:$ npm -v
3.5.2
iot@ubuntu:$ uname -a
Linux ubuntu 5.0.0-37-generic #4018.04.1-Ubuntu SMP Thu Nov 14 12:06:39 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux

iot@ubuntu:~$ hciconfig
hci0: Type: Primary Bus: USB
BD Address: 00:1A:7D:DA:71:13 ACL MTU: 310:10 SCO MTU: 64:8
UP RUNNING
RX bytes:1286 acl:0 sco:0 events:83 errors:0
TX bytes:3861 acl:0 sco:0 commands:83 errors:0
Mozilla latest version

root@kali:~/BLE# npm install -g btlejuice
...
node-pre-gyp ERR! Tried to download: https://github.com/tessel/node-usb/releases/download/1.2.0/usb_bindings-v1.2.0-node-v11-linux-x64.tar.gz
node-pre-gyp ERR! Pre-built binaries not found for [email protected] and [email protected] (node-v11 ABI) (falling back to source compile with node-gyp)

-->the url does no longer exists

[Edit]
below more logs

Hi !
I'm trying to mitm my smart bulb with btlejuice but i got the error

[error] discovery timed out, stopping proxy.

I can connect to the smart bulb from my smartphone without problem...
Do you have an idea what the problem might be ?
Thanks

Setup: 2 Raspberry PI B 3+ with Raspbian GNU/Linux 9; clean install; npm install of btlejuice.
hciconfig -a reports (changed MAC to XX):

root@rpi2:~ hciconfig -a
hci0: Type: Primary Bus: UART
BD Address: XX:XX:XX:XX:XX:XX ACL MTU: 1021:8 SCO MTU: 64:1
UP RUNNING
RX bytes:2736 acl:0 sco:0 events:166 errors:0
TX bytes:4997 acl:0 sco:0 commands:164 errors:0
Features: 0xbf 0xfe 0xcf 0xfe 0xdb 0xff 0x7b 0x87
Packet type: DM1 DM3 DM5 DH1 DH3 DH5 HV1 HV2 HV3
Link policy: RSWITCH SNIFF
Link mode: SLAVE ACCEPT
Name: 'rpi2'
Class: 0x000000
Service Classes: Unspecified
Device Class: Miscellaneous,
HCI Version: 4.2 (0x8) Revision: 0xfc
LMP Version: 4.2 (0x8) Subversion: 0x6119
Manufacturer: Broadcom Corporation (15)

when starting, I get:

root@rpi2:~ btlejuice-proxy
[info] Server listening on port 8000
[info] Client connected
[i] Stopping current proxy.

and

root@rpi1:~ btlejuice -u 192.168.1.20 -w

---

/ \ |_| | ___ \ \ _ () ___ ___
/// | |/ _ \ \ \ | | | |/ / _
/ / \ || | __/_/ / || | | (| __/
__/_||__/ _,|_|__|

[i] Using proxy http://192.168.1.20:8000
[i] Using interface hci0
info: successfully connected to proxy

the line with

[i] Stopping current proxy.

appears right when opening the web interface with a browser from a different pc on the same network; just as the page finishes loading.
Clicking on the target selection opens the popup - but no devices are listed.
An bluetoothctl / scan on executed directly on either rpi does list ble devices though.

Hi,

I've installed the dependencies and npm 5.6.0 and when I run the proxy command I'm getting the following error:

Error: Cannot find module 'bluetooth-hci-socket'

Could you please add the exact requirements (eg: node and npm versions) in the installation guide?

Thanks

It's a bit obvious, but you need to install npm to use btlejuice ;-) and it is not in the requirements...

Cheers

Hello everyone, I am new to this so sorry for any stupid questions. I want to intercept some infro transmitted between an IoT device and a smart phone. Could someone describe to be the process of using this program? As I pair the device successfully with the btlejuice but then it is unavailable to connect to the app of the smartphone.

Using two vm, both Ubuntu 16.04 os, on two different laptops.
On both machines everything seems fine but when I try to connect to a device the loading continues and on the host terminal it stops at [info] fixing bleno handles..
Im trying to connect to a Magic Blue smart bulb.
Don't know what's wrong.
Regards

After running the commands below (trying to intercept Fitbit Flex), I am seeing basic services such as device name show up on the web module. However, after the proxy is up, I am unable to connect my Fitbit to the app so I can intercept more useful data. I have disabled the bluetooth service in both VMs and have just recently installed BTLEJuice.

Host VM Commands (Kali):

hciconfig
service bluetooth stop
hciconfig hci0 up
btlejuice -u xxx.xxx.xxx.xxx -w

Proxy VM Commands (Kali):

hciconfig
service bluetooth stop
hciconfig hci0 up
btlejuice-proxy

OUTPUT
Using proxy http://proxy_ip:8000
[i] Using interface hci0
2018-07-23T16:05:22.966Z - info: successfully connected to proxy
2018-07-23T16:07:16.173Z - info: proxy set up and ready to use =)
2018-07-23T16:07:17.891Z - debug: start advertising
2018-07-23T16:07:17.904Z - info: BTLE services registered
2018-07-23T16:07:17.907Z - info: Fixing Bleno handles ...
2018-07-23T16:07:17.938Z - info: dummy: accepted connection from address: BD_ADDR
2018-07-23T16:07:18.294Z - info: [NOTIFY][adab40f06e7d4601bda2bffaa68956ba][adabfb016e7d4601bda2bffaa68956ba]
2018-07-23T16:07:18.295Z - debug: register callback for adab40f06e7d4601bda2bffaa68956ba:adabfb016e7d4601bda2bffaa68956ba
2018-07-23T16:07:18.353Z - info: [WRITE][adab40f06e7d4601bda2bffaa68956ba][adabfb026e7d4601bda2bffaa68956ba]
2018-07-23T16:07:20.063Z - info: [READ][1800][2a00]
2018-07-23T16:07:30.352Z - info: [WRITE][adab40f06e7d4601bda2bffaa68956ba][adabfb026e7d4601bda2bffaa68956ba]
2018-07-23T16:07:45.473Z - info: dummy: disconnected from address: BD_ADDR
2018-07-23T16:07:47.445Z - info: dummy: accepted connection from address: BD_ADDR
2018-07-23T16:07:47.888Z - info: [NOTIFY][adab40f06e7d4601bda2bffaa68956ba][adabfb016e7d4601bda2bffaa68956ba]

Hi, I'm new on BTLEJuice Framework, and I'm testing for a thesis over Security in IOT the framework between two real physical machine (PC: Ubuntu 16.04).
When one of this laptop runs as the proxy, I get an error message in its terminal: "Disable watchdog".
This happens during the connection between proxy and the real device (a Genuino 101); the connection starts from core's web interface (of the other PC, obviously).
I'm looking around for the problem, but it seems to me something related the PC (or kernel's problem), or due to poor network connectivity: in fact, switching laptops' roles (proxy <-> core), the problem doesn't appear, so I connect through the real device, but in this case the framework can't instanciate the "fake" Genuino (hcitool lescan doesn't find it).
Is this could be related to poor network connectivity?

nice to talk with you.
when i do:

sudo btlejuice-proxy

module.js:472
    throw err;
    ^

Error: Cannot find module 'bluetooth-hci-socket'
    at Function.Module._resolveFilename (module.js:470:15)
    at Function.Module._load (module.js:418:25)
    at Module.require (module.js:498:17)
    at require (internal/module.js:20:19)
    at Object.<anonymous> (/usr/local/lib/node_modules/btlejuice/node_modules/noble/lib/hci-socket/hci.js:6:26)
    at Module._compile (module.js:571:32)
    at Object.Module._extensions..js (module.js:580:10)
    at Module.load (module.js:488:32)
    at tryModuleLoad (module.js:447:12)
    at Function.Module._load (module.js:439:3)

npm install bluetooth-hci-socket

> [email protected] install /btlejuice/node_modules/usb
> node-pre-gyp install --fallback-to-build

node-pre-gyp ERR! Tried to download: https://github.com/tessel/node-usb/releases/download/1.2.0/usb_bindings-v1.2.0-node-v51-linux-x64.tar.gz
node-pre-gyp ERR! Pre-built binaries not found for [email protected] and [email protected] (node-v51 ABI) (falling back to source compile with node-gyp)
gyp ERR! configure error
gyp ERR! stack Error: "pre" versions of node cannot be installed, use the --nodedir flag instead
gyp ERR! stack     at install (/usr/local/lib/node_modules/npm/node_modules/node-gyp/lib/install.js:66:16)
gyp ERR! stack     at Object.self.commands.(anonymous function) [as install] (/usr/local/lib/node_modules/npm/node_modules/node-gyp/lib/node-gyp.js:66:37)
gyp ERR! stack     at getNodeDir (/usr/local/lib/node_modules/npm/node_modules/node-gyp/lib/configure.js:75:20)
gyp ERR! stack     at /usr/local/lib/node_modules/npm/node_modules/node-gyp/lib/configure.js:42:7
gyp ERR! stack     at /usr/local/lib/node_modules/npm/node_modules/node-gyp/lib/configure.js:441:9
gyp ERR! stack     at ChildProcess.exithandler (child_process.js:202:7)
gyp ERR! stack     at emitTwo (events.js:106:13)
gyp ERR! stack     at ChildProcess.emit (events.js:191:7)
gyp ERR! stack     at maybeClose (internal/child_process.js:885:16)
gyp ERR! stack     at Socket.<anonymous> (internal/child_process.js:334:11)
gyp ERR! System Linux 4.0.0-kali1-amd64
gyp ERR! command "/usr/local/bin/node" "/usr/local/lib/node_modules/npm/node_modules/node-gyp/bin/node-gyp.js" "configure" "--fallback-to-build" "--module=/btlejuice/node_modules/usb/src/binding/usb_bindings.node" "--module_name=usb_bindings" "--module_path=/btlejuice/node_modules/usb/src/binding"
gyp ERR! cwd /btlejuice/node_modules/usb
gyp ERR! node -v v8.0.0-pre
gyp ERR! node-gyp -v v3.4.0
gyp ERR! not ok
node-pre-gyp ERR! build error
node-pre-gyp ERR! stack Error: Failed to execute '/usr/local/bin/node /usr/local/lib/node_modules/npm/node_modules/node-gyp/bin/node-gyp.js configure --fallback-to-build --module=/btlejuice/node_modules/usb/src/binding/usb_bindings.node --module_name=usb_bindings --module_path=/btlejuice/node_modules/usb/src/binding' (1)
node-pre-gyp ERR! stack     at ChildProcess.<anonymous> (/btlejuice/node_modules/usb/node_modules/node-pre-gyp/lib/util/compile.js:83:29)
node-pre-gyp ERR! stack     at emitTwo (events.js:106:13)
node-pre-gyp ERR! stack     at ChildProcess.emit (events.js:191:7)
node-pre-gyp ERR! stack     at maybeClose (internal/child_process.js:885:16)
node-pre-gyp ERR! stack     at Process.ChildProcess._handle.onexit (internal/child_process.js:226:5)
node-pre-gyp ERR! System Linux 4.0.0-kali1-amd64
node-pre-gyp ERR! command "/usr/local/bin/node" "/btlejuice/node_modules/usb/node_modules/.bin/node-pre-gyp" "install" "--fallback-to-build"
node-pre-gyp ERR! cwd /btlejuice/node_modules/usb
node-pre-gyp ERR! node -v v8.0.0-pre
node-pre-gyp ERR! node-pre-gyp -v v0.6.30
node-pre-gyp ERR! not ok
Failed to execute '/usr/local/bin/node /usr/local/lib/node_modules/npm/node_modules/node-gyp/bin/node-gyp.js configure --fallback-to-build --module=/btlejuice/node_modules/usb/src/binding/usb_bindings.node --module_name=usb_bindings --module_path=/btlejuice/node_modules/usb/src/binding' (1)

> [email protected] install /btlejuice/node_modules/bluetooth-hci-socket
> node-gyp rebuild

gyp ERR! configure error
gyp ERR! stack Error: "pre" versions of node cannot be installed, use the --nodedir flag instead
gyp ERR! stack     at install (/usr/local/lib/node_modules/npm/node_modules/node-gyp/lib/install.js:66:16)
gyp ERR! stack     at Object.self.commands.(anonymous function) [as install] (/usr/local/lib/node_modules/npm/node_modules/node-gyp/lib/node-gyp.js:66:37)
gyp ERR! stack     at getNodeDir (/usr/local/lib/node_modules/npm/node_modules/node-gyp/lib/configure.js:75:20)
gyp ERR! stack     at /usr/local/lib/node_modules/npm/node_modules/node-gyp/lib/configure.js:42:7
gyp ERR! stack     at /usr/local/lib/node_modules/npm/node_modules/node-gyp/lib/configure.js:441:9
gyp ERR! stack     at ChildProcess.exithandler (child_process.js:202:7)
gyp ERR! stack     at emitTwo (events.js:106:13)
gyp ERR! stack     at ChildProcess.emit (events.js:191:7)
gyp ERR! stack     at maybeClose (internal/child_process.js:885:16)
gyp ERR! stack     at Socket.<anonymous> (internal/child_process.js:334:11)
gyp ERR! System Linux 4.0.0-kali1-amd64
gyp ERR! command "/usr/local/bin/node" "/usr/local/lib/node_modules/npm/node_modules/node-gyp/bin/node-gyp.js" "rebuild"
gyp ERR! cwd /btlejuice/node_modules/bluetooth-hci-socket
gyp ERR! node -v v8.0.0-pre
gyp ERR! node-gyp -v v3.4.0
gyp ERR! not ok
npm WARN You are using a pre-release version of node and things may not work as expected
npm WARN optional SKIPPING OPTIONAL DEPENDENCY: [email protected] (node_modules/usb):
npm WARN optional SKIPPING OPTIONAL DEPENDENCY: [email protected] install: `node-pre-gyp install --fallback-to-build`
npm WARN optional SKIPPING OPTIONAL DEPENDENCY: Exit status 1
npm ERR! Linux 4.0.0-kali1-amd64
npm ERR! argv "/usr/local/bin/node" "/usr/local/bin/npm" "install" "bluetooth-hci-socket"
npm ERR! node v8.0.0-pre
npm ERR! npm  v4.0.5
npm ERR! code ELIFECYCLE

npm ERR! [email protected] install: `node-gyp rebuild`
npm ERR! Exit status 1
npm ERR!
npm ERR! Failed at the [email protected] install script 'node-gyp rebuild'.
npm ERR! Make sure you have the latest version of node.js and npm installed.
npm ERR! If you do, this is most likely a problem with the bluetooth-hci-socket package,
npm ERR! not with npm itself.
npm ERR! Tell the author that this fails on your system:
npm ERR!     node-gyp rebuild
npm ERR! You can get information on how to open an issue for this project with:
npm ERR!     npm bugs bluetooth-hci-socket
npm ERR! Or if that isn't available, you can get their info via:
npm ERR!     npm owner ls bluetooth-hci-socket
npm ERR! There is likely additional logging output above.

npm ERR! Please include the following file with any support request:
npm ERR!     /btlejuice/npm-debug.log

can you help me to fix it? thans.