Crackle exploits a flaw in the BLE pairing process that allows an attacker to guess or very quickly brute force the TK (Temporary Key). With the TK and other data collected from the pairing process, the STK (Short Term Key) and later the LTK (Long Term Key) can be collected.
With the STK and LTK, all communications between the master and the slave can be decrypted.
crackle -i <input.pcap> [-o <output.pcap>] [-l <ltk>]
-v Be verbose -t Run tests against crypto engine
cyborg@cyborg:~$ crackle -i ltk_file.pcap -o ltk-output_decrypted.pcap !!! TK found: 000011 ding ding ding, using a TK of 0 and 1! Just Cracks(tm) !!! LTK found: 4ea5d45862a4eadccb1448aec15d15e Done, processed 1912 total packets, decrypted 2