Last November, we wrote about the WCH BLE Analyzer Pro, an inexpensive (~$20) USB Bluetooth LE sniffer and analyzer, which looked useful and good value for reverse engineering and debugging.One downside is that the WCH BLE Analyzer software was only made for Windows 7 to 11, but Xecaz decided to look into it and reverse-engineered the USB protocol to write Linux software using libusb that outputs a standard pcap compatible with popular tools such as Wireshark, or as he puts it: “WinChipHead forgot to ship a Linux driver. We forgot to ask permission.”As a reminder, the BLE Analyzer Pro features three CH582F Bluetooth LE RISC-V microcontrollers and a CH334 USB hub, supports Bluetooth Low Energy (BLE) 4.0/4.2/5.0, and connects to the host through its USB-C port.The Linux “driver” for the BLE Analyzer Pro tool can be found on GitHub. Building and installing the software is quick and straightforward:
git clone https://github.com/xecaz/BLE-Analyzer-pro-linux-capturecd BLE-Analyzer-pro-linux-capture/sudo apt install libusb-1.0-0-dev makesudo make installsudo udevadm control --reload-rules && sudo udevadm trigger
You can check the option by running the program without parameters:
jaufranc@CNX-LAPTOP-5:~/edev/sandbox/BLE-Analyzer-pro-linux-capture$ ./wch_capture Nothing to do – use -v and/or -w FILE.pcapWCH BLE Analyzer PRO Linux Capture tool by Xecaz 2026!Usage: ./wch_capture [OPTIONS]Options: -v Print packets to stdout -w FILE.pcap Write PCAP (DLT 256, BLE LL + phdr) -p PHY PHY: 1=1M (default), 2=2M, 3=CodedS8, 4=CodedS2 -i ADDR Initiator MAC filter (AA:BB:CC:DD:EE:FF) -a ADDR Advertiser MAC filter (AA:BB:CC:DD:EE:FF) -k KEY LTK, 32 hex chars -K PASSKEY BLE passkey (6-digit decimal) -2 Custom 2.4G mode (default: BLE monitor) -c CHAN Channel 0-39: BLE adv 37/38/39 or 0=all (auto per MCU); 2.4G raw -A AADDR 2.4G access addr (hex, e.g. 8E89BED6) -C CRCINIT 2.4G CRC init (6 hex chars, e.g. 555555) -W WHITEN 2.4G whitening init (hex byte) -h Show this helpCapture stops on SIGINT (Ctrl+C) or SIGTERM.
