Set bluetooth le device into broadcast mode via command line - linux

Is it possible to set a bluetooth le device into broadcast mode via command line (on Linux)? Is this available through hciconfig or hcitool commands?
I continue to read about broadcast mode, but can't find a way to enter into it in order to explore it.
I'm treating "broadcaster" as this article treats "broadcaster" http://rtcmagazine.com/articles/view/102266. And the wiki article states that "broadcast mode" is "little used" http://en.wikipedia.org/wiki/Bluetooth.
Thanks!

I didn't look at the wikipedia article, but the first article seems to be talking about "advertising broadcasts". You basically set up your system to periodically send out an advertising packet for other devices to "hear" to know that they can connect to it. That's completely all iBeacons are on the BLE side (as far as I can tell). And since it's the only way to find devices to connect to it's very very common.
The advertising packet has a data field so that you can broadcast information out without other devices needing to connect to get data. iBeacons use that to broadcast a GUID, but you could broadcast almost anything with the only restriction being the length
Radius Networks has published a how-to make an ibeacon from a raspberry pi and that gives you the linux commands to send advertising packets from the command line.

Related

Bluez not reading advertisement packet

I'm trying to build a small program that reads the BLE beacons around my devices and parses the ones that I'm interested in to publish on MQTT. I'm using Raspberry Pis to run the code, I develop using my mac. The language is JS (Node 10.x), my Pis are running latest Buster, that is Bluez 5.50 and a fork of Noble to interface with the bluetooth layer.
For some reason, on one of the Pis that I moved to an open area (in order to get clear readings), I only receive the Scan Response Packets. I never receive the Advertisement Packet. I do sometimes receive the Advertisement packet for one of the device that is quite far away, making me suspect that signal comes in play here. From the Pis in the network cabinet (small Faraday cage) I do get inconsistently both packets every now and then (reason for dedicating a Pi in an open location).
Is there any way to force Bluez to always receive the Advertisement packet? Is there a bug somehow or a feature that I am not using properly?
EDIT
I installed tshark to monitor closely, and I do see the advertisement packet reaching my device. This means that BlueZ is ignoring them. Is there some complete documentation on how to use bluetoothctl and how to configure the bluetooth deamon/tool in order for these packets to be read?
After many days investigating, I manage to get the desired result for my project. I first thought of using the bluewalker project to access the raw packets. With this you can scan in passive mode, meaning only the advertising packet is retrieved.
By looking more in depth into noble project, the one I actually use to interface with, there is a workaround to scan in passive mode (https://github.com/noble/noble/issues/701), but also a variable to capture both advertising and response packets: NOBLE_REPORT_ALL_HCI_EVENTS. Setting this to 1 will give me exactly what I need, both the scan request which contains the data that changes more frequently, and the scan response that contains more data, such as min/max 24h values. And as a matter of fact, combining this setting with duplicates=false seems to give me only the scan request data, just like in passive mode.
Question still opened:
Having this, I still don't know how to use bluetoothctl to display both scan request data along with the scan response. Nor did I find a way to force the scan mode to passive. I could investigate more hcitool hciconfig, but they are deprecated (although every article on the internet refers to them).

Can i intercept traffic of all nearby bluetooth devices with built into the laptop bluetooth dongle?

I know that bluetooth uses hoping, and because of this difficult to intercept traffic.
Сan i put my dong into monitoring mode?
If for example are 30 devices nearby, and i will always listen just one bluetooth channel, and my dongle works in monitor mode, should i get sometimes some data?
Can i use for these purposes Hcidump or tcpdump?
If I understand correctly, if bluetooth device does not have a password, i can directly interact with its services(with hcitool and tmux).?
I read that i can watch the battery level, device name, and other information.
PS: sorry for bad english.
It is possible to monitor traffic between Bluetooth devices but I am quite sure that your default laptop dongle is not capable of doing that.
Before establishing connection between two Bluetooth devices, they send connection request/response packets on primary advertising channels (37th, 38th, 39th channel). You need to capture these packets to learn hopping pattern, connection interval and etc. After receiving packets, you can monitor insecure Bluetooth connections. However it is hard to monitor 30 device simultaneously because you need to make time division between each connection.
Let's answer your questions.
It might be possible but you need to write driver level code.
It might be possible. As I mentioned, it is good approach to capture connection request/response packets before monitoring devices.
I have no idea about these tools.
To manipulate services, you need to know service handle and duplicate GATT client's mac address. I am not sure that, this method will work.

Is it possible to scan a bluetooth device to find it's capabilities

I am looking for a way to scan a device I own and discover "what it can do".
In other words, I'd like to know if a device is able to describe the way you have to communicate with it in order to build some application around it.
In my case it is a simple Christmas light that I'd like to play with but this could be used in different situations.
For classic bluetooth (BR/EDR):
When scanning for bluetooth devices (Inquiry), the bluetooth device will send an inquiry response (if it wants to be discovered) and maybe also an extended inquiry response (EIR). This EIR may already contain a list of services, the devices supports. This is a very fast way to get a picture of a remote device.
Moreover, the service discovery protocol (SDP) gives more information on a device. This takes some more steps. In SDP two devices can exchange their capabilites in kind of ping pong process.
For BLE:
After connecting a BLE device usually a service discovery takes place. The BLE peripheral (e.g. headset or a light) reports its capabilities to the central (e.g. smart phone). Some of these services have predefines functionalities. Additionally, it is free to the manufacturer to add custom services.

beaglebone black wireless bluetooth AVRCP

I am working on a project with the beagle bone black wireless, where I need to be able to send music control commands to a phone. Note, I don't want to stream music to my beaglebone. I have spent about a week looking online, and found very little about this.
The OS for the beaglebone is Debian Jessie. I can get things like hci0tool, Bluetoothctl, hciconfig to work. I can detect and pair to a device. It seems though that my connection only lasts for the pairing process, and fails every time afterwards.
My current process is executing:
sudo su
bluetoothctl
power on
agent on
default-agent
scan on
I get the mac address
scan off
pair <MAC Address>
trust <MAC Address>
connect <MAC Address>
As of now pairing and trust succeed, though the connection ends after pairing finishes. And I have no idea of where to start for sending a command to a phone.
Connect call on Device1 interface will tries to connect all the profiles supported between the device and adapter. This happens by negotiating or exchanging the supported profiles.
Connection may not be possible when Adapter doesn't support the minimal requirement of profiles which is needed by the Device. In this case, you may need A2DP provider in adapter end to get connection successful. Yes, this is contradictory to this statement.
If you don't want to connect with all the profiles between Device and Adapter, then you can use ConnectProfile method in Device1 interface.
But bluetoothctl doesn't provide commands to achieve neither ConnectProfile nor you AVRCP commands.
You need to use D-Bus calls to get the communication with Bluetoothd. If your application is command line/shell based, you can use dbus-send/gdbus commands to address the D-Bus interface.
Although bluez-tools implements media control AVRCP commands, it doesn't provide any utility which uses it. Either you can compile bluez-tools as library and develop application using the media control API or use dbus-send/gdbus.
I have started with some samples using GDBUS, but not yet for AVRCP controls. See here : https://gist.github.com/parthitce
and Documentation here: https://www.linumiz.com/category/blog/

Can the Raspberry Pi's Bluetooth be put into "promiscuous" mode?

Can the Bluetooth adapter included in the Raspberry Pi models be put into some sort of "promiscuous" mode -- so that it reports to the host all Bluetooth-activity that it "hears", even if it is not itself part of the conversation?
I'm not trying to break encryption, just want to be aware of any BT-radio activity going on in the device's proximity...
Since there is documentation how to capture Bluetooth traffic with wireshark (or tshark) it might be possible.
Check out this article

Resources