Implement bt_packet_logger

tools/Cargo.toml

@@ -109,6 +109,10 @@ path = "src/mobilebackup2.rs"
 name = "diagnosticsservice"
 path = "src/diagnosticsservice.rs"
 
+[[bin]]
+name = "bt_packet_logger"
+path = "src/bt_packet_logger.rs"
+
 [dependencies]
 idevice = { path = "../idevice", features = ["full"], default-features = false }
 tokio = { version = "1.43", features = ["full"] }

tools/src/bt_packet_logger.rs

@@ -0,0 +1,104 @@
+// Jackson Coxson
+
+use clap::{Arg, Command};
+use futures_util::StreamExt;
+use idevice::{IdeviceService, bt_packet_logger::BtPacketLoggerClient};
+use tokio::io::AsyncWrite;
+
+use crate::pcap::{write_pcap_header, write_pcap_record};
+
+mod common;
+mod pcap;
+
+#[tokio::main]
+async fn main() {
+    env_logger::init();
+
+    let matches = Command::new("amfi")
+        .about("Capture Bluetooth packets")
+        .arg(
+            Arg::new("host")
+                .long("host")
+                .value_name("HOST")
+                .help("IP address of the device"),
+        )
+        .arg(
+            Arg::new("pairing_file")
+                .long("pairing-file")
+                .value_name("PATH")
+                .help("Path to the pairing file"),
+        )
+        .arg(
+            Arg::new("udid")
+                .value_name("UDID")
+                .help("UDID of the device (overrides host/pairing file)")
+                .index(1),
+        )
+        .arg(
+            Arg::new("about")
+                .long("about")
+                .help("Show about information")
+                .action(clap::ArgAction::SetTrue),
+        )
+        .arg(
+            Arg::new("out")
+                .long("out")
+                .value_name("PCAP")
+                .help("Write PCAP to this file (use '-' for stdout)"),
+        )
+        .get_matches();
+
+    if matches.get_flag("about") {
+        println!("bt_packet_logger - capture bluetooth packets");
+        println!("Copyright (c) 2025 Jackson Coxson");
+        return;
+    }
+
+    let udid = matches.get_one::<String>("udid");
+    let host = matches.get_one::<String>("host");
+    let pairing_file = matches.get_one::<String>("pairing_file");
+    let out = matches.get_one::<String>("out").map(String::to_owned);
+
+    let provider = match common::get_provider(udid, host, pairing_file, "amfi-jkcoxson").await {
+        Ok(p) => p,
+        Err(e) => {
+            eprintln!("{e}");
+            return;
+        }
+    };
+
+    let logger_client = BtPacketLoggerClient::connect(&*provider)
+        .await
+        .expect("Failed to connect to amfi");
+
+    let mut s = logger_client.into_stream();
+
+    // Open output (default to stdout if --out omitted)
+    let mut out_writer: Box<dyn AsyncWrite + Unpin + Send> = match out.as_deref() {
+        Some("-") | None => Box::new(tokio::io::stdout()),
+        Some(path) => Box::new(tokio::fs::File::create(path).await.expect("open pcap")),
+    };
+
+    // Write global header
+    write_pcap_header(&mut out_writer)
+        .await
+        .expect("pcap header");
+
+    // Drain stream to PCAP
+    while let Some(res) = s.next().await {
+        match res {
+            Ok(frame) => {
+                write_pcap_record(
+                    &mut out_writer,
+                    frame.hdr.ts_secs,
+                    frame.hdr.ts_usecs,
+                    frame.kind,
+                    &frame.h4,
+                )
+                .await
+                .unwrap_or_else(|e| eprintln!("pcap write error: {e}"));
+            }
+            Err(e) => eprintln!("Failed to get next packet: {e:?}"),
+        }
+    }
+}

tools/src/pcap.rs

@@ -0,0 +1,60 @@
+use idevice::bt_packet_logger::BtPacketKind;
+use tokio::io::{AsyncWrite, AsyncWriteExt};
+
+// Classic PCAP (big-endian) global header for DLT_BLUETOOTH_HCI_H4_WITH_PHDR (201)
+const PCAP_GLOBAL_HEADER_BE: [u8; 24] = [
+    0xA1, 0xB2, 0xC3, 0xD4, // magic (big-endian stream)
+    0x00, 0x02, // version maj
+    0x00, 0x04, // version min
+    0x00, 0x00, 0x00, 0x00, // thiszone
+    0x00, 0x00, 0x00, 0x00, // sigfigs
+    0x00, 0x00, 0x08, 0x00, // snaplen = 2048
+    0x00, 0x00, 0x00, 201, // network = 201 (HCI_H4_WITH_PHDR)
+];
+
+#[inline]
+fn be32(x: u32) -> [u8; 4] {
+    [(x >> 24) as u8, (x >> 16) as u8, (x >> 8) as u8, x as u8]
+}
+
+#[inline]
+fn dir_flag(kind: BtPacketKind) -> Option<u32> {
+    use BtPacketKind::*;
+    Some(match kind {
+        HciCmd | AclSent | ScoSent => 0,
+        HciEvt | AclRecv | ScoRecv => 1,
+        _ => return None,
+    })
+}
+
+pub async fn write_pcap_header<W: AsyncWrite + Unpin>(w: &mut W) -> std::io::Result<()> {
+    w.write_all(&PCAP_GLOBAL_HEADER_BE).await
+}
+
+pub async fn write_pcap_record<W: AsyncWrite + Unpin>(
+    w: &mut W,
+    ts_sec: u32,
+    ts_usec: u32,
+    kind: BtPacketKind,
+    h4_payload: &[u8], // starts with H4 type followed by HCI bytes
+) -> std::io::Result<()> {
+    // Prepend 4-byte direction flag to the packet body
+    let Some(dir) = dir_flag(kind) else {
+        return Ok(());
+    };
+    let cap_len = 4u32 + h4_payload.len() as u32;
+
+    // PCAP record header (big-endian fields to match magic above)
+    // ts_sec, ts_usec, incl_len, orig_len
+    let mut rec = [0u8; 16];
+    rec[0..4].copy_from_slice(&be32(ts_sec));
+    rec[4..8].copy_from_slice(&be32(ts_usec));
+    rec[8..12].copy_from_slice(&be32(cap_len));
+    rec[12..16].copy_from_slice(&be32(cap_len));
+
+    // Write: rec hdr, dir flag (as 4 BE bytes), then H4 bytes
+    w.write_all(&rec).await?;
+    w.write_all(&be32(dir)).await?;
+    w.write_all(h4_payload).await?;
+    Ok(())
+}