Capturing Cozmo Communication


Capturing the communication between the Cozmo app and Cozmo is very valuable for understanding how Cozmo works.

One way to achieve this is by placing a Linux machine between the two as shown on the following diagram.

+---------------+         Wi-Fi          +---------------+          Wi-Fi         +---------------+
|               |                        |               |                        |               |
| Mobile Device | ---------------------> | Linux Machine | ---------------------> |     Cozmo     |
|               |                  wlan1 |               | wlan0                  |               |
+---------------+                        +---------------+                        +---------------+

The Linux machine acts as a Wi-Fi client on one interface (wlan0) and associates with Cozmo. It acts as a Wi-Fi access point (AP) on the other interface and allows a mobile device, running the Cozmo app to associate with it.

With appropriate network configuration such a setup allows capturing Cozmo communication in pcap files using tcpdump.


Connecting to Cozmo

Ensure that wireless tools and wpa_supplicant are installed.

$ sudo apt-get install wireless-tools wpasupplicant

Wake up Cozmo but placing it on the charging platform.

Make Cozmo display it’s Wi-Fi PSK key by rising and lowering its lift.

Get Cozmo’s Wi-Fi SSID by scanning for Wi-Fi devices:

$ sudo iwlist wlan0 scan
wlan0     Scan completed :
          Cell 01 - Address: 5E:CF:7F:XX:XX:XX
                    Protocol:IEEE 802.11bg
                    Frequency:2.412 GHz (Channel 1)
                    Encryption key:on
                    Bit Rates:54 Mb/s
                    IE: IEEE 802.11i/WPA2 Version 1
                        Group Cipher : TKIP
                        Pairwise Ciphers (2) : CCMP TKIP
                        Authentication Suites (1) : PSK
                    Quality=100/100  Signal level=100/100  

Open wpa_supplicant’s configuration file:

$ sudo vi /etc/wpa_supplicant/wpa_supplicant.conf

Configure wpa_supplicant to automatically connect to Cozmo by adding the following:


Load the new configuration (or reboot):

$ sudo wpa_cli -i wlan0 reconfigure

At this point the Linux machine should be associated with Cozmo:

$ ip addr
3: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 80:1f:02:XX:XX:XX brd ff:ff:ff:ff:ff:ff
    inet brd scope global wlan0
       valid_lft forever preferred_lft forever
    inet6 fe80::1d4b:9d3b:c6f0:f5b1/64 scope link 
       valid_lft forever preferred_lft forever

Cozmo should respond to ping:

$ ping
PING ( 56(84) bytes of data.
64 bytes from icmp_seq=1 ttl=128 time=1.94 ms
64 bytes from icmp_seq=2 ttl=128 time=2.28 ms

Masquerading as a Cozmo

Install hostapd and dnsmasq:

$ sudo apt-get install hostapd dnsmasq

Edit dhcpdcd`s configuration file:

$ sudo vi /etc/dhcpcd.conf

Disable wpa_supplicant on wlan1 and configure a static IP address by adding the following:

interface wlan1
nohook wpa_supplicant
static ip_address=

Edit dnsmasq’s configuration file:

$ sudo vi /etc/dnsmasq.conf

Configure DHCP on wlan1 by adding the following:


Restart dnsmasq

$ sudo systemctl start dnsmasq

Create a configuration file for hostapd:

$ sudo vi /etc/hostapd/hostapd.conf 

Configure a Wi-Fi AP with WPA2 PSK on wlan1 by adding the following:


The SSID should be different from Cozmo’s SSID and should follow the form Cozmo_XXXXXX, where XXXXXX are upper-case hexadecimal digits as this is what the Cozmo app looks for.

The passphrase should consist of exactly 12 upper-case hexadecimal digits as this is what the Cozmo app expects.

Edit /etc/default/hostapd:

$ sudo vi /etc/default/hostapd

Configure the newly created configuration file:


Enable and start hostapd:

$ sudo systemctl unmask hostapd
$ sudo systemctl enable hostapd
$ sudo systemctl start hostapd

Ensure that IP forwarding is enabled on boot:

$ sudo vi /etc/sysctl.conf

The following line should be uncommented:


Ensure that IP forwarding is enabled:

$ sudo sysctl net.ipv4.ip_forward=1

The Cozmo app always tries to communicate with Cozmo using the IP address .

Configure masquerading on wlan0 so that packets, coming from the Cozmo app, with source IP in the range, reach Cozmo with the wlan0 IP address of the Linux machine.

$ sudo iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE

This is necessary, because Cozmo only responds to UDP packets with source IP address in the range .

Capturing Communication

Ensure that tcpdump is installed:

$ sudo apt-get install tcpdump

At this point, it should be possible to capture Cozmo communication using tcpdump:

$ sudo tcpdump -i wlan0 -w cozmo.pcap

Connect to cozmo from the app. The app should find at least 2 Cozmos (one being the masqueraded Linux machine) and a selection screen should show up.

The captured PCAP file can be analyzed with Wireshark or with