The scenario:
I have one device (Android Phone) that I can control and I want to analyse the Bluetooth capabilities of a different device of which I have limited control/ information - I can only accept/ reject pairing, but I don't known what versions or features are supported (this is that I want to find out).
Question:
From the recorded HCI logs (in the Android Phone), can you determine what version/ technology was actually used in a successful pairing?
In other words, how can you tell whether Bluetooth low energy was used or the Classic Bluetooth (BR/EDR)?
Note: I am not looking for:
the LMP advertisement of the "remote host" as this will only tell
which Bluetooth version is supported (e.g. 4.1) but will not tell
which technology is actually used
also, not looking for the remote extended features telling what
technologies are supported (such as BR/EDR and LE) but without giving
details about which technology is actually used
Thanks :)
If the LE link is set up, HCI LE Meta Event 0x3E with sub event LE Connection Complete 0x01 will be seen in the logs. See core spec v5 Vol 2, part E.
If pairing occurs over the LE link, then SMP PDUs related to pairing will be seen in the HCI logs as pairing occurs on the host. See core spec Vol 3, Part H.
In LE, GATT is used to discover services of the remote device.
If the BR/EDR link is up, HCI Connection Complete event 0x03 will be seen in the logs. In BR/EDR, SDP is used to discover services of the remote device.
Related
In the Advertising section of a BLE, The Bluetooth SIG Define the "Flags"
which has these plus a few more.
BR/EDR Not Supported
Simultaneous LE and BR/EDR to Same Device Capable (Controller)
Simultaneous LE and BR/EDR to Same Device Capable (Host)
I am having an issue on a CSR chipset design that does not support GATT over BR/EDR.
Apple works great, as it always connects to LE.
..but android devices persistently try to connect GATT over BR/EDR if the audio is already up; therefore fail because CSR cant handle BR/EDR transport for GATT.
I am thinking these flags are at the core of the problem.
In CSR's demo code they do not set "any" of the above flags. I have had limited success with my problem on some handsets by setting the "Not Supported" flag.
The issue is the other two flags. How does Controller/ Host relate to other LE terms. For example Central/Peripheral or later Master/Slave.
I dont know what flags to set for my use case. Any suggestions welcome?
You can use a Static Random address for all LE operations. That way the Android device thinks it's a different device than when talking over Bluetooth Classic since that uses the public BD_ADDR.
Or, one variant of the connectGatt takes a transport parameter which you can set to TRANSPORT_LE to force communication over BLE.
If your device supports BLE and BR/EDR at the same time you should set these flags:
BR/EDR Not Supported=0
Simultaneous LE and BR/EDR to Same Device Capable (Controller)=1
Simultaneous LE and BR/EDR to Same Device Capable (Host)=1
If the flag data is missing completely, it's the same as if all fields are zero.
I am debugging an android disconnection issue and have gathered bluetooth hci snoop logs and have browsed it via wireshark tool but i am not able to understand the datapackets being shown in the logs. Is there any official /non official documentation for understanding these hci snoop logs?
It's the Bluetooth HCI protocol. You can download the manual at https://www.bluetooth.com/specifications/adopted-specifications. Press "Core Version 5.0" to download the current version (5). If you check out Vol 2 Part E chapter 7, you will see all kind of packets. The ACL data packets depend on what kind of data it is (higher layer specification). For example GATT, you will find the documentation in Vol 3 Part G.
Is it possible to make a peripheral scan for advertisments while connected to a central? It seems like it is either scanning for advertisments or have your peripheral connected but I need to do both. The peripheral should be able to report RSSI measurements from advertisements it picks up.
I'm using 'bleno' for the peripheral and 'noble' for the scanning on a linux box (bluez)
The answer to this differs depending on the version of Bluetooth that your device is on.
For Bluetooth v4.0:
A peripheral cannot scan at all, whether in a connection or not. The peripheral can only send out adverts or accept incoming connections. For more information you can have a look at this document, page 18:-
http://chapters.comsoc.org/vancouver/BTLER3.pdf
For Bluetooth v4.1 onwards:
A device can be in central and peripheral role at the same time. By implication, this means that if a peripheral is connected to a central device, it can still scan for devices in it's "central mode". More information can be found in this link, page 5:-
http://www.ietf.org/proceedings/89/slides/slides-89-6lo-4.pdf
So in conclusion, if your device is BT v4.1 or newer, then this is dependant on the chip manufacturer, and if it is v4.0, then no, because the Bluetooth specification does not allow it.
I have small question about HM-10 ble module and master role.
I tried 2 scenarios.
Android app as master and hm-10 as slave:
From android app I can connect to hm-10 and its characteristic .
Everything works OK.
I have problem with second scenario: HM-10 as master and my ble device (LEGO SBRICK) as slave.
What I've done:
AT+ROLE1 - Set up to Central
Mode AT+IMME1 - Start from RESET
AT+SHOW1 - Show discovered devices
AT+DISC? - Discover Devices
AT+CON connect
Now my question is:
SBRICK is listening for ble command on service X and characteristic Y.
How can I send data from my HM-10 to specific characteristic of my SBRICK device ?
I can not find AT command for that.
I hope I didn't miss something from ble specification.
Any help please...
I am afraid there isn't an AT command to set a specific characteristic value.
The HM10 is a serial-port emulation device - It has a BLE characteristic, which displays all serial data (except AT commands). You will likely be able to find the service and characteristics details in the documentation (although I had a quick look and couldn't see anything).
So, data written to the serial port should appear as the value of that characteristic. Data written to that characteristic should be delivered out of the TX serial port pin on the HM10 module.
If you want to interrogate the device to find out it's serial and characteristic values, try using a debugging app - I use Light Blue on iOS, which will show all services and characteristics present on a device and show their properties and details.
pfodApp now supports BLE devices including HM-10. The free pfodDesigner lets you create custom custom Android menus and then generate the Arduino code for your particular hardware.
pfodApp supports data logging and plotting also.
I'm writing (and copying) some Bluetooth LE scanner software to find and connect to a heart rate monitor. I used to be able to find this device by using scanForPeripheralsWithServices method to perform a generic scan by setting services to nil. But in the recent few days, I noticed that my same Bluetooth LE device (my heart rate monitor) can no longer be scanned (perhaps it is not advertising the same way it used to?) but my iPhone can still pair with it under settings and can connect to it with commercial apps such as "Polar Beat" and "Strava". So what changed? Can a Bluetooth LE device stop advertising and still be connected to (paired with) and share data as a peripheral?
The strange thing is that your device doesn't advertise.
However, it's normal that your iPhone can connect to it because the smartphone executed "bonding" procedure in the past. Bonding is another security procedure than simple pairing. With Bonding, heart rate device and smartphone exchanges keys and store them in a non volatile memory so that they can connect quickly.
With simple pairing the keys are temporary and advertising is needed.