LieBtrau/ble-scan.md

## ble-scan.md

      
    Raw
  

              ble-scan.md
            
          
    Get the ID of your local device

$ hcitool dev
Devices:
hci0	00:1A:7D:DA:71:13

Scan for BLE devices

$ sudo hcitool -i hci0 lescan
LE Scan ...
54:60:09:4A:6D:D9 (unknown)

   ^C
Getting device manufacturer

The MAC-address can be looked up on the IEEE website.  Select "All MAC" and then filter for "546009". It looks like 54:60:09 has been registered by Google.
Getting more info about the device

$ sudo hcitool -i hci0 leinfo 54:60:09:4A:6D:D9
Requesting information ...
Handle: 43 (0x002b)
LMP Version: 4.1 (0x7) LMP Subversion: 0x7304
Manufacturer: Marvell Technology Group Ltd. (72)
Features: 0x01 0x00 0x00 0x00 0x00 0x00 0x00 0x00

Connecting to the device

$ sudo gatttool -i hci0 -b 54:60:09:4A:6D:D9 -I
[54:60:09:4A:6D:D9][LE]> connect
Attempting to connect to 54:60:09:4A:6D:D9
Connection successful
[54:60:09:4A:6D:D9][LE]>

Listing device services

[54:60:09:4A:6D:D9][LE]> primary
attr handle: 0x0001, end grp handle: 0x0005 uuid: 00001801-0000-1000-8000-00805f9b34fb
attr handle: 0x0014, end grp handle: 0x001c uuid: 00001800-0000-1000-8000-00805f9b34fb
attr handle: 0x0028, end grp handle: 0xffff uuid: 0000fea0-0000-1000-8000-00805f9b34fb

On the Bluetooth website a list of public services is given.  The services listed in this device are:

0X1801: Generic Attribute
0X1800: Generic Access
0xFEA0: ???

List characteristics

The characteristic properties are given by an 8bit value (see BLUETOOTH SPECIFICATION Version 4.0 [Vol 3], §3.3.1.1).  If bit 1 is set, this means the characteristic is readable.
Generic Attribute (0x1801)

[54:60:09:4A:6D:D9][LE]> characteristics 1 5
handle: 0x0002, char properties: 0x20, char value handle: 0x0003, uuid: 00002a05-0000-1000-8000-00805f9b34fb

No reading handle.
Generic Access (0x1800)

[54:60:09:4A:6D:D9][LE]> characteristics 14 1C
handle: 0x0015, char properties: 0x02, char value handle: 0x0016, uuid: 00002a00-0000-1000-8000-00805f9b34fb
handle: 0x0017, char properties: 0x02, char value handle: 0x0018, uuid: 00002a01-0000-1000-8000-00805f9b34fb
handle: 0x0019, char properties: 0x02, char value handle: 0x001a, uuid: 00002a05-0000-1000-8000-00805f9b34fb

Device Name (0x2A00)

[54:60:09:4A:6D:D9][LE]> char-read-hnd 16
Characteristic value/descriptor: 54 56 

The value is 0x54 0x56, which is UTF8S for "TV".  A "TV" device by "Google"?  Hmm...must be a Chromecast then.
Appearance (0x2A01)

[54:60:09:4A:6D:D9][LE]> char-read-hnd 18
Characteristic value/descriptor: 00 00 

Service Changed (0x2A05)

[54:60:09:4A:6D:D9][LE]> char-read-hnd 1A
Characteristic value/descriptor: 00 

??? (0xFEA0)

[54:60:09:4A:6D:D9][LE]> characteristics 28 FFFF
handle: 0x0029, char properties: 0x02, char value handle: 0x002a, uuid: 007c6160-fab2-11e4-9fbb-0002a5d5c51b
handle: 0x002b, char properties: 0x02, char value handle: 0x002c, uuid: 017c6160-fab2-11e4-9fbb-0002a5d5c51b
handle: 0x002d, char properties: 0x02, char value handle: 0x002e, uuid: 037c6160-fab2-11e4-9fbb-0002a5d5c51b
handle: 0x002f, char properties: 0x12, char value handle: 0x0030, uuid: 0c7c6160-fab2-11e4-9fbb-0002a5d5c51b
handle: 0x0031, char properties: 0x02, char value handle: 0x0032, uuid: 0d7c6160-fab2-11e4-9fbb-0002a5d5c51b
handle: 0x0033, char properties: 0x02, char value handle: 0x0034, uuid: 127c6160-fab2-11e4-9fbb-0002a5d5c51b
handle: 0x0035, char properties: 0x12, char value handle: 0x0036, uuid: 157c6160-fab2-11e4-9fbb-0002a5d5c51b
handle: 0x0037, char properties: 0x0a, char value handle: 0x0038, uuid: 156c6160-fab2-11e4-9fbb-0002a5d5c51b
handle: 0x0039, char properties: 0x02, char value handle: 0x003a, uuid: 197c6160-fab2-11e4-9fbb-0002a5d5c51b
handle: 0x003b, char properties: 0x0a, char value handle: 0x003c, uuid: 196c6160-fab2-11e4-9fbb-0002a5d5c51b
handle: 0x003d, char properties: 0x02, char value handle: 0x003e, uuid: 1a7c6160-fab2-11e4-9fbb-0002a5d5c51b
handle: 0x003f, char properties: 0x0a, char value handle: 0x0040, uuid: 1a6c6160-fab2-11e4-9fbb-0002a5d5c51b
handle: 0x0041, char properties: 0x02, char value handle: 0x0042, uuid: 1b7c6160-fab2-11e4-9fbb-0002a5d5c51b
handle: 0x0043, char properties: 0x0a, char value handle: 0x0044, uuid: 1b6c6160-fab2-11e4-9fbb-0002a5d5c51b
handle: 0x0045, char properties: 0x02, char value handle: 0x0046, uuid: 1c7c6160-fab2-11e4-9fbb-0002a5d5c51b
handle: 0x0047, char properties: 0x0a, char value handle: 0x0048, uuid: 1c6c6160-fab2-11e4-9fbb-0002a5d5c51b
handle: 0x0049, char properties: 0x08, char value handle: 0x004a, uuid: 0028fe40-002f-11e5-87d0-0002a5d5c51b
handle: 0x004b, char properties: 0x08, char value handle: 0x004c, uuid: 0228fe40-002f-11e5-87d0-0002a5d5c51b
handle: 0x004d, char properties: 0x08, char value handle: 0x004e, uuid: 0328fe40-002f-11e5-87d0-0002a5d5c51b
handle: 0x004f, char properties: 0x08, char value handle: 0x0050, uuid: 0428fe40-002f-11e5-87d0-0002a5d5c51b
handle: 0x0051, char properties: 0x08, char value handle: 0x0052, uuid: 0528fe40-002f-11e5-87d0-0002a5d5c51b
handle: 0x0053, char properties: 0x08, char value handle: 0x0054, uuid: 137c6160-fab2-11e4-9fbb-0002a5d5c51b
handle: 0x0055, char properties: 0x08, char value handle: 0x0056, uuid: 147c6160-fab2-11e4-9fbb-0002a5d5c51b
handle: 0x0057, char properties: 0x0a, char value handle: 0x0058, uuid: 0128fe40-002f-11e5-87d0-0002a5d5c51b

Source


Experiments with Bluetooth Low Energy (4.0) under Linux
Bluetooth Recon With BlueZ
gatttool in bluez over BR/EDR