Overview & Background
Bluetooth — whether it’s the chatty Classic version or the energy-efficient BLE — operates in the ever-crowded 2.4 GHz ISM band. It tries to maintain some digital civility by hopping across frequencies (Classic) or broadcasting on fixed channels (BLE). But toss a Bluetooth jammer into the mix, and it's like starting an air raid siren while communicating with someone or while others try to communicate.
A jammer doesn’t care about your wireless earbuds, smart lock, or yoga playlist. It floods the airwaves with interference, making it virtually impossible for devices to connect. In more polite terms, it “prevents devices in the locality from communicating.” In reality, it just makes everything fall apart.
Early academic work (e.g. an ETHZ bachelor’s thesis) describes how one might discover a Classic link’s hop pattern by decoding its access code and then jam it. What you need to remember is "Jammers “overwrite” the legitimate Bluetooth signals, causing a denial-of-service"
How Jamming Works
The idea is simple: generate so much RF noise that legitimate Bluetooth signals are drowned out. It’s like trying to whisper in a hurricane. Either the signal never arrives, or it’s too garbled to be of any use.
Classic Bluetooth jumps around like it’s had too much coffee BLE is more strategic, operating on 40 channels with only three used for advertising: 2402, 2426, and 2480 MHz. Want to disrupt connections? Flood those three with noise or fake packets and you've already won.
Classic Bluetooth’s rapid channel hopping — 79 channels, from 2402 to 2480 MHz, at 1600 hops per second. makes targeted jamming tricky. Ideally, you'd predict the hopping pattern to disrupt specific links, but in practice, most jammers opt for the brute-force method — flooding the entire band. BLE is far more vulnerable. Since advertising usually happens on just three channels, jamming them effectively blocks device discovery and connection.
Arduino-based jammers simply use the radio module in “constant carrier” or high-rate transmit mode on one or more channels. Any strong emission in a Bluetooth channel will disrupt communication there. (By contrast, “deauthentication” attacks target Wi‑Fi by exploiting 802.11 frames – a different mechanism – whereas jamming is broad-spectrum.)
Hardware for Controlled Chaos
A microcontroller and a $10 transceiver can get the job done. DIY jammers often use affordable 2.4 GHz modules to transmit static or malformed packets.
The nRF24L01 is a popular option — a 2.4 GHz radio module that, with a little coaxing, can be turned into a jammer. Pair it with an ESP32 or even an ESP8266, and you’ve got a functional signal disruptor. The ESP32 is particularly nice thanks to its dual SPI buses, letting you connect two radios for broader coverage. For overachievers, the STM32 Bluepill can manage three radios at once.
Feeling fancy? A Flipper Zero with an nRF add-on makes for a slick jamming platform. Tools like the Ubertooth One are better suited for analysis, but with the right firmware tweaks, they can join the fun. If you want wideband chaos, a software-defined radio like the HackRF or LimeSDR lets you flood entire portions of the spectrum — just remember that you’ll need a power amp if you want more than a whisper.
Basically, if it transmits at 2.4 GHz, you can probably turn it into a jammer. Whether you should is a different question entirely.
Firmware That Brings the Mayhem
Hardware is only half the equation. You’ll need firmware to make it sing (or scream).
ESP32-BlueJammer by EmenstaNougat is the go-to solution for most hobbyists. It supports both BLE and Classic Bluetooth, Wi-Fi and RC drones, is actively maintained, and works with just one nRF24L01 module. It “disrupts 2.4 GHz communications” by generating noise and junk packets. Flash it via the Arduino IDE, and you're set. Users report it easily jams devices up to ~30 m (with stock antennas)
If you like tactile buttons and blinking LEDs, RF-Clown is a fun alternative. It uses two nRF24L01 modules with an ESP32 and lets you trigger jamming with physical inputs. It explicitly supports “jamming for BLE, Classic Bluetooth, or both simultaneously”. A button toggles modes (BLE-only, Classic-only, or combined), indicated by a NeoPixel LED
FazJammer is even simpler, designed for the ESP8266 with just one radio. It lacks Classic support, but can jam wifi networks. It’s essentially an earlier incarnation of the ESP-based jammer concept
For those who prefer GUIs, nRF24_jammer offers a sleek web interface for controlling two radios. It’s designed as a multi-protocol jammer: “disrupting … Bluetooth devices, BLE technology drones, Wi‑Fi, and Zigbee”
Meanwhile, BLE-Jammer for the STM32 targets BLE specifically, offering surgical precision with not one, not two but a three module setup. the design floods 2402, 2426, and 2480 MHz with rapid transmissions (“we will use 3 nRF24L01+ modules and transmit a single character ‘x’ repeatedly… set data rate to 2Mbps” for maximum bandwidth). A spectrogram in the README shows all three adv channels “clearly flooded” so BLE scanners cannot see other beacons. This project illustrates the “best-case” BLE jamming strategy but requires extra hardware (3 radios).
Whether you're after simplicity, style, or sheer power, there's firmware out there to match your approach. Some send unmodulated carriers, others send maximal-rate “invalid” packets. In each case, the affected Bluetooth devices see only noise.
Comparison of Jamming Tools
| Feature | ESP32-BlueJammer | RF-Clown | BLE-Jammer (lws803) | FazJammer | Noisy Boy | nRF24_jammer |
|---|---|---|---|---|---|---|
| Coverage | Full 2.4 GHz: Classic BT, BLE, Wi-Fi | Full 2.4 GHz: Classic BT, BLE, Wi-Fi | BLE advertising channels only | BLE + Wi-Fi | BLE + Wi-Fi | Full 2.4 GHz (depends on config) |
| Hardware | ESP32 + 1× nRF24L01 | Microcontroller + 2× nRF24L01 | STM32 + 3× nRF24L01 | ESP8266 + 1× nRF24L01 | ESP32 + 1× nRF24L01 | ESP32 + 2× nRF24L01 |
| Interface | Auto-start | Pushbutton + LED toggle | Auto-start | Auto-start | Auto-start | Web interface |
| Code & Flashing | Arduino (C/C++), USB flashing | Arduino (C/C++), USB flashing | Arduino (C/C++), USB flashing | Arduino (C/C++), USB flashing | Arduino (C/C++), USB flashing | Arduino (C/C++), USB flashing |
| Implementation | Uses RF24 lib, sends constant carrier per channel | RF24 lib, with sample code in README | RF24 lib, uses 2 Mbps for wideband | RF24 lib, similar approach | RF24 lib, simple carrier gen |
RF24 lib, user-selectable via GUI |
Instalation
If you're just getting into Bluetooth mischief and only have one nRF24L01 to work with, skip the spaghetti wiring and go straight for Noisy Boi on an ESP32.
It’s a lean, mean jamming machine — supporting both Bluetooth Classic and BLE out of the box. Just wire up your radio to the HSPI pins, flash the firmware (either via Arduino IDE or their no-fuss web installer), and you’re off to the races. No dual-radio setup, no mystery errors, just reliable chaos.
This setup keeps things simple, cheap, and frustration-free — perfect for a first dive into the noisy underworld of Bluetooth disruption.
