I am executing a shell command line in python but would like to change some data of parameter line. For example:
'sudo tools/hcitool -i hci0 cmd 0x08 0x0008 1E 02 01 1A 1A FF 4C 00 02 15 63 6F 3F 8F 64 91 4B EE 95 F7 D8 CC 64 A8 63 B5 00 00 00 00 C8'
Will broadcast a BLE signal with Major 00 and Minor 00
'sudo tools/hcitool -i hci0 cmd 0x08 0x0008 1E 02 01 1A 1A FF 4C 00 02 15 63 6F 3F 8F 64 91 4B EE 95 F7 D8 CC 64 A8 63 B5' + '00 00' + '00 00' + 'C8'
Will not run properly, later will change '00 00' and '00 00' to Major and Minor variables.
How can I run succesfully the second command? Thanks!
Related
I can't think of other way to run a command line that outputs binary files, so I'll have to go with this.
Let's add a binary file to a git repository
mkdir test
cd test
git init .
wget https://upload.wikimedia.org/wikipedia/commons/thumb/8/85/Camelia.svg/320px-Camelia.svg.png
git add 320px-Camelia.svg.png
git commit -am "Added Camelia"
Grab the commit hash that that outputs, we'll use it as <grabbed hash> below.
Now, run this:
say (run "git", "show", "<grabbed hash>:Camelia.svg.png", :out).out
This will return a Malformed UTF-8 message. Fair enough, it's not binary. However, I have tried to capture that exception with try and there's no way. I've tried to separate the run from the out, I still get an exception that can't be captured. Any idea?
Pass the :bin option to run in order to have it do binary I/O instead. Example using curl:
$ raku -e 'say (run "curl", "--no-progress-meter", "https://raku.org/camelia-logo.png", :out, :bin).out.slurp'
Buf[uint8]:0x<89 50 4E 47 0D 0A 1A 0A 00 00 00 0D 49 48 44 52 00 00 01 05 00 00 00 F3 08 06 00 00 00 8F 2A 03 21 00 00 00 01 73 52 47 42 00 AE CE 1C E9 00 00 00 09 70 48 59 73 00 00 0F 61 00 00 0F 61 01 A8 3F A7 69 00 00 00 07 74 49 4D 45 07 D9 07 11 03 07 3A 28 6B FA 81 00 00 00 1A 74 45 58 74 43 6F 6D 6D 65 6E ...>
I would like to know to recover deleted file from FAT. I created fat.img as below.
cd /tmp
dd if=/dev/zero of=fat.img bs=1024 count=100
mkfs.msdos fat.img
mkdir -p /tmp/fs
sudo mount -t msdos fat.img /tmp/fs -o umask=000,loop
Now i am creating file with some text.
cd/tmp/fs
echo "hello world"> name
Using hexdump to see how it was saved
cd ..
hexdump -C fat.img
00000000 eb 3c 90 6d 6b 66 73 2e 66 61 74 00 02 04 01 00 |.<.mkfs.fat.....|
00000010 02 00 02 c8 00 f8 01 00 20 00 40 00 00 00 00 00 |........ .#.....|
00000020 00 00 00 00 80 01 29 3c 69 e6 fb 4e 4f 20 4e 41 |......)<i..NO NA|
00000030 4d 45 20 20 20 20 46 41 54 31 32 20 20 20 0e 1f |ME FAT12 ..|
00000040 be 5b 7c ac 22 c0 74 0b 56 b4 0e bb 07 00 cd 10 |.[|.".t.V.......|
00000050 5e eb f0 32 e4 cd 16 cd 19 eb fe 54 68 69 73 20 |^..2.......This |
00000060 69 73 20 6e 6f 74 20 61 20 62 6f 6f 74 61 62 6c |is not a bootabl|
00000070 65 20 64 69 73 6b 2e 20 20 50 6c 65 61 73 65 20 |e disk. Please |
00000080 69 6e 73 65 72 74 20 61 20 62 6f 6f 74 61 62 6c |insert a bootabl|
00000090 65 20 66 6c 6f 70 70 79 20 61 6e 64 0d 0a 70 72 |e floppy and..pr|
000000a0 65 73 73 20 61 6e 79 20 6b 65 79 20 74 6f 20 74 |ess any key to t|
000000b0 72 79 20 61 67 61 69 6e 20 2e 2e 2e 20 0d 0a 00 |ry again ... ...|
000000c0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
*
000001f0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 aa |..............U.|
00000200 f8 ff ff 00 f0 ff 00 00 00 00 00 00 00 00 00 00 |................|
00000210 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
*
00000400 f8 ff ff 00 f0 ff 00 00 00 00 00 00 00 00 00 00 |................|
00000410 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
*
00000600 4e 41 4d 45 20 20 20 20 20 20 20 20 00 00 00 00 |NAME ....|
00000610 00 00 00 00 00 00 21 86 91 4b 03 00 0c 00 00 00 |......!..K......|
00000620 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
*
00004e00 68 65 6c 6c 6f 20 77 6f 72 6c 64 0a 00 00 00 00 |hello world.....|
00004e10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
*
00019000
After deleting file name we can see change in hexdump
00000600 4e 41 4d 45 20 20 20 20 20 20 20 20 00 00 00 00 |.AME ....|
00000610 00 00 00 00 00 00 21 86 91 4b 03 00 0c 00 00 00 |......!..K......|
00000620 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
And here is my question do you have any suggestion how can i change fat.img to .AME to NAME to recovery my file?
how can i change fat.img to .AME to NAME to recovery my file?
The short answer is with dd, an example with the necessary caveats follows below.
Adding to Martin's answer, while manipulating the bytes to restore the file within the floppy image is a relatively straight-forward proposition with dd, computing where and what within the file allocation table(s) needs to be restored is the challenge. Walking through the use of dd to restore the file itself, knowing what bytes need attention is illustrated by the following example.
Creating a floppy image to work with saves you from having to experiment on your actual image. Simply duplicate your image you wish to work with, or create a new one within a file on your hard drive. You can do that easily with mkfs.msdos (adjust the filesystem type as needed), and then mount the file within your filesystem as follows, e.g.
$ mkfs.msdos -C /home/david/tmp/tt/floppy_144.img 1440
$ sudo mount /home/david/tmp/tt/floppy_144.img /mnt/fd
Now let's add the NAME file:
$ echo "hello world" > NAME
$ sudo cp -a NAME /mnt/fd
$ ls -l /mnt/fd
total 1
-rwxr-xr-x 1 root root 12 Dec 17 13:55 NAME
$ cat /mnt/fd/NAME
hello world
Before deleting the file from your image, hexdump the contents so you can see exactly what needs to be restored. (this is what you must compute in order to know where and what to restore with your original image, you will need to consult a reference for the precise filesystem at issue)
$ hexdump -C floppy_144.img >flpwname.txt
Now delete the file from your image and again save a hexdump showing the changes.
$ sudo rm /mnt/fd/NAME
$ hexdump -C floppy_144.img >flpwoname.txt
Now you can examing the difference with diff. What you find is you must restore more than the first name of the file that was deleted, you will need to restore the file allocation table entries so that the restored file can again be located within the filesystem (both copies of the FAT), e.g.
$ diff flpwname.txt flpwoname.txt
16c16
< 00000200 f0 ff ff 00 f0 ff 00 00 00 00 00 00 00 00 00 00 |................|
---
> 00000200 f0 ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
19c19
< 00001400 f0 ff ff 00 f0 ff 00 00 00 00 00 00 00 00 00 00 |................|
---
> 00001400 f0 ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
22c22
< 00002600 4e 41 4d 45 20 20 20 20 20 20 20 20 00 00 fa 9e |NAME ....|
---
> 00002600 e5 41 4d 45 20 20 20 20 20 20 20 20 00 00 fa 9e |.AME ....|
Note above the entries for the file allocation table(s) at 0x204 and 0x1404 were zeroed when the file was removed. Restoring the bytes to the original can be easily done with dd but pay attention to your options. Specifically your block size (bs), output block size (obs), count and seek must all be in bytes (specified by appending c) to the number and you must set the notrunc conversion option to prevent truncating your image following the changes you make. Lastly, all sizes must be specified in decimal not hexadecimal.
Further, if you are using bash, you can use a process redirection to specify the bytes to replace (e.g. if=<(printf "\xf0\xff") to write the hex bytes f0 and ff), otherwise, you will have to prepare input files containing your replacement strings. The dd commands to restore the FAT and the first character of the filename are fairly simple (consult man 1 dd for option explanation).
Below we restore the first copy of the FAT, then the second, and finally restore the first character of the filename. The seek (offset) values are just those provided by hexdump converted to decimal. (you should unmount your filesystem before making changes. you can make changes while your floppy image is mounted, but they won't be reflected until you remount)
$ sudo umount /mnt/fd
$ dd if=<(printf "\xf0\xff") of=floppy_144.img \
bs=1c obs=1c count=2c seek=516c conv=notrunc
$ dd if=<(printf "\xf0\xff") of=floppy_144.img \
bs=1c obs=1c count=2c seek=5124c conv=notrunc
$ dd if=<(printf "N") of=floppy_144.img \
bs=1c obs=1c count=1c seek=9728c conv=notrunc
Now you can create a hexdump of the repaired floppy image and compare that to the original. If all has gone as it should, there will be no difference.
$ hexdump -C floppy_144.img >flprepair.txt
$ diff flpwname.txt flprepair.txt
Finally, just remount your filesystem and confirm the file has been restored.
$ sudo mount /home/david/tmp/tt/floppy_144.img /mnt/fd
$ ls -l /mnt/fd
total 1
-rwxr-xr-x 1 root root 12 Dec 17 13:55 NAME
$ cat /mnt/fd/NAME
hello world
That's it. I hope this is what you were looking for. There are a number of tools that automate this process for you, but dd and a pencil and paper can get you by.
The full hexdumps follow for completeness:
Original/Restored
$ cat flpwname.txt
00000000 eb 3c 90 6d 6b 66 73 2e 66 61 74 00 02 01 01 00 |.<.mkfs.fat.....|
00000010 02 e0 00 40 0b f0 09 00 12 00 02 00 00 00 00 00 |...#............|
00000020 00 00 00 00 00 01 29 2c 72 18 ba 4e 4f 20 4e 41 |......),r..NO NA|
00000030 4d 45 20 20 20 20 46 41 54 31 32 20 20 20 0e 1f |ME FAT12 ..|
00000040 be 5b 7c ac 22 c0 74 0b 56 b4 0e bb 07 00 cd 10 |.[|.".t.V.......|
00000050 5e eb f0 32 e4 cd 16 cd 19 eb fe 54 68 69 73 20 |^..2.......This |
00000060 69 73 20 6e 6f 74 20 61 20 62 6f 6f 74 61 62 6c |is not a bootabl|
00000070 65 20 64 69 73 6b 2e 20 20 50 6c 65 61 73 65 20 |e disk. Please |
00000080 69 6e 73 65 72 74 20 61 20 62 6f 6f 74 61 62 6c |insert a bootabl|
00000090 65 20 66 6c 6f 70 70 79 20 61 6e 64 0d 0a 70 72 |e floppy and..pr|
000000a0 65 73 73 20 61 6e 79 20 6b 65 79 20 74 6f 20 74 |ess any key to t|
000000b0 72 79 20 61 67 61 69 6e 20 2e 2e 2e 20 0d 0a 00 |ry again ... ...|
000000c0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
*
000001f0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 aa |..............U.|
00000200 f0 ff ff 00 f0 ff 00 00 00 00 00 00 00 00 00 00 |................|
00000210 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
*
00001400 f0 ff ff 00 f0 ff 00 00 00 00 00 00 00 00 00 00 |................|
00001410 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
*
00002600 4e 41 4d 45 20 20 20 20 20 20 20 20 00 00 fa 9e |NAME ....|
00002610 91 4b 91 4b 00 00 f5 9e 91 4b 03 00 0c 00 00 00 |.K.K.....K......|
00002620 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
*
00004400 68 65 6c 6c 6f 20 77 6f 72 6c 64 0a 00 00 00 00 |hello world.....|
00004410 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
*
00168000
After NAME Deletion
$ cat flpwoname.txt
00000000 eb 3c 90 6d 6b 66 73 2e 66 61 74 00 02 01 01 00 |.<.mkfs.fat.....|
00000010 02 e0 00 40 0b f0 09 00 12 00 02 00 00 00 00 00 |...#............|
00000020 00 00 00 00 00 01 29 2c 72 18 ba 4e 4f 20 4e 41 |......),r..NO NA|
00000030 4d 45 20 20 20 20 46 41 54 31 32 20 20 20 0e 1f |ME FAT12 ..|
00000040 be 5b 7c ac 22 c0 74 0b 56 b4 0e bb 07 00 cd 10 |.[|.".t.V.......|
00000050 5e eb f0 32 e4 cd 16 cd 19 eb fe 54 68 69 73 20 |^..2.......This |
00000060 69 73 20 6e 6f 74 20 61 20 62 6f 6f 74 61 62 6c |is not a bootabl|
00000070 65 20 64 69 73 6b 2e 20 20 50 6c 65 61 73 65 20 |e disk. Please |
00000080 69 6e 73 65 72 74 20 61 20 62 6f 6f 74 61 62 6c |insert a bootabl|
00000090 65 20 66 6c 6f 70 70 79 20 61 6e 64 0d 0a 70 72 |e floppy and..pr|
000000a0 65 73 73 20 61 6e 79 20 6b 65 79 20 74 6f 20 74 |ess any key to t|
000000b0 72 79 20 61 67 61 69 6e 20 2e 2e 2e 20 0d 0a 00 |ry again ... ...|
000000c0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
*
000001f0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 aa |..............U.|
00000200 f0 ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000210 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
*
00001400 f0 ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00001410 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
*
00002600 e5 41 4d 45 20 20 20 20 20 20 20 20 00 00 fa 9e |.AME ....|
00002610 91 4b 91 4b 00 00 f5 9e 91 4b 03 00 0c 00 00 00 |.K.K.....K......|
00002620 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
*
00004400 68 65 6c 6c 6f 20 77 6f 72 6c 64 0a 00 00 00 00 |hello world.....|
00004410 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
*
00168000
I want to use my computer as an iBeacon, and I don't succeed (On a Ubuntu 14.04 running in a virtualBox environement on Windows 8.1)
Here is the code I use
#!/bin/bash
sudo hciconfig hci0 up
sudo hciconfig hci0 noleadv
sudo hcitool -i hci0 cmd 0x08 0x0008 1e 02 01 1a 1a ff 4c 00 02 15 e2 c5 6d b5 df fb 48 d2 b0 60 \
d0 f5 a7 10 96 e0 00 00 00 00 c5 00 00 00 00 00 00 00 00 00 00 00 00 00
sudo hciconfig hci0 leadv
My hciconfig result
hci0: Type: BR/EDR Bus: USB
BD Address: 00:C2:C6:18:C5:E9 ACL MTU: 310:10 SCO MTU: 64:8
UP RUNNING PSCAN ISCAN
RX bytes:5333127 acl:66 sco:0 events:887454 errors:0
TX bytes:40617442 acl:64 sco:0 commands:887224 errors:0
I have the bluez version 5.36 installed (checked with bluetoothd -v)
I have seen many Stack overflow post about this but cannot figure it out!
Check Here, Here or Here.
I have bought a real iBeacon to look about what works to help me, here is what I have:
Using hcidump -R I read this
< 01 0B 20 07 01 10 00 10 00 00 00
> 04 0E 04 01 0B 20 00
< 01 0C 20 02 01 01
> 04 0E 04 01 0C 20 00
> 04 3E 2A 02 01 00 01 4F 00 00 02 4D CD 1E 02 01 06 1A FF 4C
00 02 15 E2 C5 6D B5 DF FB 48 D2 B0 60 D0 F5 A7 10 96 E0 00
00 00 00 C5 BB
> 04 3E 2A 02 01 04 01 4F 00 00 02 4D CD 1E 02 0A F4 08 16 F0
FF 64 00 00 00 00 11 09 4D 69 6E 69 42 65 61 63 6F 6E 5F 30
30 30 37 39 BB
> 04 3E 2A 02 01 00 01 4F 00 00 02 4D CD 1E 02 01 06 1A FF 4C
00 02 15 E2 C5 6D B5 DF FB 48 D2 B0 60 D0 F5 A7 10 96 E0 00
00 00 00 C5 BB
> 04 3E 2A 02 01 04 01 4F 00 00 02 4D CD 1E 02 0A F4 08 16 F0
FF 64 00 00 00 00 11 09 4D 69 6E 69 42 65 61 63 6F 6E 5F 30
30 30 37 39 BB
< 01 0C 20 02 00 01
> 04 0E 04 01 0C 20 00
Problem is I don't understand why there so much different paquet size and type (maybe other bluetooth nonBeacon device).
I'm pretty sure that this is the beacon paquet, but theses data make no sense to me
04 3E 2A 02 01 00 01 4F 00 00 02 4D CD 1E 02 01 06 1A FF 4C
00 02 15 E2 C5 6D B5 DF FB 48 D2 B0 60 D0 F5 A7 10 96 E0 00
00 00 00 C5 BB
I have trying to use this to understand it but failed (using some stack overflow responses like the following)
First, in order to get BlueZ to advertise, the byte sequence you supply must include a valid BLE advertisement header, which is a minimum of 8 bytes. So to advertise "helloworld" you actually need to send:
sudo hcitool -i hci0 cmd 0x08 0x0008 10 02 01 1a 0c ff 18 01 48 45 4c 4c 4f 57 4f 52 4c 44
The first 8 bytes are the header and the next 10 bytes are the string "helloworld" encoded as 8-bit ASCII.
The first 8 bytes can be broken down like this:
10 # Total length of the advertising packet
02 # Number of bytes that follow in first AD structure
01 # Flags AD type
1A # Flags value 0x1A = 000011010
bit 0 (OFF) LE Limited Discoverable Mode
bit 1 (ON) LE General Discoverable Mode
bit 2 (OFF) BR/EDR Not Supported
bit 3 (ON) Simultaneous LE and BR/EDR to Same Device Capable (controller)
bit 4 (ON) Simultaneous LE and BR/EDR to Same Device Capable (Host)
0C # Number of bytes that follow in second (and last) AD structure
FF # Manufacturer specific data AD type
18 01 # Company identifier code (0x0118 == Radius Networks)
---------------------
If you got anything that can help me to understand how iBeacon paquet are constructed, thank you
Oh Gosh! I have found someone with exactly the same problem as me.
Look Here.
Response that helped from #Richard Wifall
I saw the same issue as memoryhole where I had to remove the extra zeros. I also had to enable advertising before I configured the advertising data for it to work properly with my dongle.
Here is the exact sequence/commands that worked for me:
sudo hciconfig hci0 up
sudo hciconfig hci0 leadv 3
sudo hcitool -i hci0 cmd 0x08 0x0008 1e 02 01 1a 1a ff 4c 00 02 15 e2 c5 6d b5 df fb 48 d2 b0 60 d0 f5 a7 10 96 e0 00 00 00 00 c5 00
This is what my version of the Radius script ended up looking like:
#!/bin/sh
../ibeacon.conf
echo "Launching virtual iBeacon..."
sudo hciconfig $BLUETOOTH_DEVICE up
sudo hciconfig $BLUETOOTH_DEVICE leadv 3
sudo hcitool -i $BLUETOOTH_DEVICE cmd 0x08 0x0008 1e 02 01 1a 1a ff 4c 00 02 15 $UUID $MAJOR $MINOR $POWER 00
echo "Complete"
This was on a Rasberry Pi with a ORICO BTA-402-BK branded BLE dongle (CSR8510 A10)
(I would have left this as a comment, but didn't have enough rep)
I have an iBeacon broadcasting every ~1280 ms from my Raspberry Pi, but I need it to broadcast every ~100ms how do I configure this?
How I'm set up:
I followed this guide:
http://www.wadewegner.com/2014/05/create-an-ibeacon-transmitter-with-the-raspberry-pi/
I have a Cambridge Silicon Radio, Ltd Bluetooth Dongle (HCI mode)
My config string:
hcitool -i hci0 cmd 0x08 0x0008 1E 02 01 1A 1A FF 4C 00 02 15 63 6F 3F 8F 64 91 4B EE 95 F7 D8 CC 64 A8 63 B5 00 00 00 00 C8 00
On my phone I see my iBeacon, the UUID is correct, the Major and Minor versions are correct. The problem I'm having is the broadcast rate.
Can I change this from ~1.2 seconds to ~100 ms?
Update 1:
I'm still getting errors.
pi#raspberrypi ~ $ sudo hciconfig hci0 up
pi#raspberrypi ~ $ sudo hcitool -i hci0 cmd 0x08 0x0008 1e 02 01 1a 1a ff 4c 00 02 15 e2 c5 6d b5 df fb 48 d2 b0 60 d0 f5 a7 10 96 e0 00 00 00 00 c5 00 00 00 00 00 00 00 00 00 00 00 00 00
< HCI Command: ogf 0x08, ocf 0x0008, plen 44
1E 02 01 1A 1A FF 4C 00 02 15 E2 C5 6D B5 DF FB 48 D2 B0 60
D0 F5 A7 10 96 E0 00 00 00 00 C5 00 00 00 00 00 00 00 00 00
00 00 00 00
> HCI Event: 0x0e plen 4
01 08 20 12
pi#raspberrypi ~ $ sudo hcitool -i hci0 cmd 0x08 0x0006 A0 00 A0 00 03 00 00 00 00 00 00 00 00 07 00
< HCI Command: ogf 0x08, ocf 0x0006, plen 15
A0 00 A0 00 03 00 00 00 00 00 00 00 00 07 00
> HCI Event: 0x0e plen 4
01 06 20 0C
pi#raspberrypi ~ $ sudo hcitool -i hci0 cmd 0x08 0x000a 01
< HCI Command: ogf 0x08, ocf 0x000a, plen 1
01
> HCI Event: 0x0e plen 4
01 0A 20 0C
Update 2:
I found a way to make it work:
hciconfig hci0 down
hciconfig hci0 up
hcitool -i hci0 cmd 0x08 0x0008 1E 02 01 1A 1A FF 4C 00 02 15 63 6F 3F 8F 64 91 4B EE 95 F7 D8 CC 64 A8 63 B5 00 00 00 00 C8 00
hcitool -i hci0 cmd 0x08 0x0006 20 00 A0 00 00 00 00 00 00 00 00 00 00 07 00
hcitool -i hci0 cmd 0x08 0x000A 01
hciconfig hci0 noscan
I think the key was the noscan part. I think if scan was on I couldn't change the advertisement frequency.
An additional resource I found useful:
https://www.bluetooth.org/docman/handlers/downloaddoc.ashx?doc_id=229737
Specifically Volume 2, Part E, Section 7.8 This gave me the actual description of the commands I was sending, instead of copy and paste programming.
You can increase the advertising rate to 10 Hz like this:
sudo hciconfig hci0 up
sudo hcitool -i hci0 cmd 0x08 0x0008 1e 02 01 1a 1a ff 4c 00 02 15 e2 c5 6d b5 df fb 48 d2 b0 60 d0 f5 a7 10 96 e0 00 00 00 00 c5 00 00 00 00 00 00 00 00 00 00 00 00 00
sudo hcitool -i hci0 cmd 0x08 0x0006 A0 00 A0 00 03 00 00 00 00 00 00 00 00 07 00
sudo hcitool -i hci0 cmd 0x08 0x000a 01
See here for more info:
Is there a way to increase BLE advertisement frequency in BlueZ?
I tried to follow the steps provided by davidgyoung in this question. Here are the commands I use:
hciconfig hci0 up
hciconfig hci0 noleadv
hcitool -i hci0 cmd 0x08 0x0008 48 45 4c 4c 4f 57 4f 52 4c 44
hciconfig hci0 leadv
Which gives me this output:
LE set advertise enable on hci0 returned status 12
< HCI Command: ogf 0x08, ocf 0x0008, plen 10
48 45 4C 4C 4F 57 4F 52 4C 44
> HCI Event: 0x0e plen 4
01 08 20 12
Note that I can't use the advised command hciconfig hci0 leadv 0 because it will throw the error Warning: unknown command - "0".
However, when I try to read out (e.g. with a hcidump --raw) the payload in the advertised package from another device I'm getting an output like this:
hcitool lescan -- duplicates output snippet (both entries are repeated over and over again, looking at the MAC it should be the same device, though):
00:1A:7D:DA:71:14 mint17-0
00:1A:7D:DA:71:14 (unknown)
matching hcidump --raw output snippet:
> 04 3E 16 02 01 04 00 14 71 DA 7D 1A 00 0A 09 09 6D 69 6E 74 31 37 2D 30 BE
> 04 3E 12 02 01 00 00 14 71 DA 7D 1A 00 06 02 01 02 02 0A 08 AD
I'm using Bluez 5.26 and CSR4.0 dongles.
This is the hciconfig output of the advertisier:
hci0: Type: BR/EDR Bus: USB
BD Address: 00:1A:7D:DA:71:14 ACL MTU: 310:10 SCO MTU: 64:8
UP RUNNING PSCAN ISCAN
RX bytes:1242 acl:0 sco:0 events:77 errors:0
TX bytes:2079 acl:0 sco:0 commands:77 errors:0
And this is the hciconfig output from the 'scanner':
hci0: Type: BR/EDR Bus: USB
BD Address: 00:1A:7D:DA:71:13 ACL MTU: 310:10 SCO MTU: 64:8
UP RUNNING PSCAN ISCAN
RX bytes:11753 acl:0 sco:0 events:552 errors:0
TX bytes:1842 acl:0 sco:0 commands:75 errors:0
What did I miss to get it to work?
Update:
Following David's advice I changed the cmd values to
hcitool -i hci0 cmd 0x08 0x0008 10 02 01 1a 0c ff 18 01 48 45 4c 4c 4f 57 4f 52 4c 44
getting this output
< HCI Command: ogf 0x08, ocf 0x0008, plen 18
10 02 01 1A 0C FF 18 01 48 45 4C 4C 4F 57 4F 52 4C 44
> HCI Event: 0x0e plen 4
01 08 20 12
but still gibberish payloads (payload portion of the hcidump --raw output)
af:08:0a:02:02:01:02
b7:08:0a:02:02:01:02
be:08:0a:02:02:01:02
...
Update 2:
Following the next advice I tried adding some 00 to the payload:
< HCI Command: ogf 0x08, ocf 0x0008, plen 42
10 02 01 1A 0C FF 18 01 48 45 4C 4C 4F 57 4F 52 4C 44 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00
> HCI Event: 0x0e plen 4
01 08 20 12
And here the hcidump --raw output
> 04 3E 16 02 01 04 00 14 71 DA 7D 1A 00 0A 09 09 6D 69 6E 74
31 37 2D 30 BF
> 04 3E 12 02 01 00 00 14 71 DA 7D 1A 00 06 02 01 02 02 0A 08
AC
> 04 3E 12 02 01 00 00 14 71 DA 7D 1A 00 06 02 01 02 02 0A 08
BF
> 04 3E 16 02 01 04 00 14 71 DA 7D 1A 00 0A 09 09 6D 69 6E 74
31 37 2D 30 BF
> 04 3E 12 02 01 00 00 14 71 DA 7D 1A 00 06 02 01 02 02 0A 08
AD
So still no joy.
Would it make sense to try a different (maybe older) version of bluez? Or can it be hardware related and I should try to get different Bluetooth dongles?
Update 3:
Tried the same with bluez 5.21 which works for David.
Here's a snippet of the hcidump --raw output
> 04 3E 0C 02 01 04 00 14 71 DA 7D 1A 00 00 D7
> 04 3E 22 02 01 00 00 14 71 DA 7D 1A 00 16 02 01 0A 02 0A 08
0F 09 72 73 73 6D 74 2D 63 6C 69 65 6E 74 2D 30 D4
> 04 3E 0C 02 01 04 00 14 71 DA 7D 1A 00 00 D4
> 04 3E 22 02 01 00 00 14 71 DA 7D 1A 00 16 02 01 0A 02 0A 08
0F 09 72 73 73 6D 74 2D 63 6C 69 65 6E 74 2D 30 D2
The hostname has changed (tested on the third machine so far), so the output is a bit different but I still don't see 'hello world' anywhere.
At this point any ideas are more than welcome!
Update 4:
Tried a different hardware dongle (IOGEAR GBU521W6 as suggested by David) and this looks very promising now!
When using this advertising config:
hcitool -i hci0 cmd 0x08 0x0008 10 02 01 1a 0c ff 18 01 48 45 4c 4c 4f 57 4f 52 4c 44
I get this hcidump --raw output:
> 04 3E 1C 02 01 00 00 BA D0 63 70 F3 5C 10 02 01 1A 0C FF 18 01 48 45 4C 4C 4F 57 4F 52 4C B5
As you can see the payload is almost complete, but the last char is missing. By changing the length attribute to 11 I get the full payload:
hcitool -i hci0 cmd 0x08 0x0008 11 02 01 1a 0c ff 18 01 48 45 4c 4c 4f 57 4f 52 4c 44
----
> 04 3E 1D 02 01 00 00 BA D0 63 70 F3 5C 11 02 01 1A 0C FF 18 01 48 45 4C 4C 4F 57 4F 52 4C 44 AB
So for the future (and different payloads): the required length seems to be the bytes of the payload (without the length attribute) - 17 in this case.
Important: It does not work with bluez 5.26 for me, I'm using bluez 5.21 now.
Two issues:
First, in order to get BlueZ to advertise, the byte sequence you supply must include a valid BLE advertisement header, which is a minimum of 8 bytes. So to advertise "helloworld" you actually need to send:
sudo hcitool -i hci0 cmd 0x08 0x0008 10 02 01 1a 0c ff 18 01 48 45 4c 4c 4f 57 4f 52 4c 44
The first 8 bytes are the header and the next 10 bytes are the string "helloworld" encoded as 8-bit ASCII.
The first 8 bytes can be broken down like this:
10 # Total length of the advertising packet
02 # Number of bytes that follow in first AD structure
01 # Flags AD type
1A # Flags value 0x1A = 000011010
bit 0 (OFF) LE Limited Discoverable Mode
bit 1 (ON) LE General Discoverable Mode
bit 2 (OFF) BR/EDR Not Supported
bit 3 (ON) Simultaneous LE and BR/EDR to Same Device Capable (controller)
bit 4 (ON) Simultaneous LE and BR/EDR to Same Device Capable (Host)
0C # Number of bytes that follow in second (and last) AD structure
FF # Manufacturer specific data AD type
18 01 # Company identifier code (0x0118 == Radius Networks)
Note that this header contains two different length fields that you must adjust if you change the length of the "helloworld" payload. Also, for experimentation purposes, you are welcome to use any two bytes for the company identifier that you want.
Second, you can't see the raw bytes of a detected advertisement with the hcitool lescan command. To see the raw bytes, you have to use this command in combination with the hcidump command. See here for details: https://stackoverflow.com/a/21790504/1461050