Skip to content

Instantly share code, notes, and snippets.

@ViktorSchlaffer

ViktorSchlaffer/guardian_connect.md

Last active June 23, 2023 08:15
Show Gist options
  • Save ViktorSchlaffer/75a1b6a6a9dff961da58fdaa6f40d8fa to your computer and use it in GitHub Desktop.
Save ViktorSchlaffer/75a1b6a6a9dff961da58fdaa6f40d8fa to your computer and use it in GitHub Desktop.
Download ZIP
Medtronic Guardian Connect transmitter
Raw
guardian_connect.md

Note: real MAC address and transmitter serial information is not shown below.

Documentation:

Bluetooth specification for "Continuous Glucose Monitoring Service" https://www.bluetooth.com/specifications/specs/continuous-glucose-monitoring-service-1-0-1/

Bluetooth specification for "Continuous Glucose Monitoring Profile" https://www.bluetooth.com/specifications/specs/continuous-glucose-monitoring-profile-1-0-1/

Assigned numbers document: https://www.bluetooth.com/wp-content/uploads/2022/11/assigned_numbers_release-1.pdf

Attempts to reveal information about the transmitter:

hcitool lescan

sudo hcitool lescan
…
DC:00:00:00:00:00 CGM GT1234567M
DC:00:00:00:00:00 (unknown)

gatttool

connect:

$ sudo gatttool -b DC:00:00:00:00:00 -I
[DC:00:00:00:00:00][LE]> connect
Attempting to connect to DC:00:00:00:00:00
Error: connect error: Function not implemented (38)

[DC:00:00:00:00:00][LE]> sec-level medium
[DC:00:00:00:00:00][LE]> connect DC:00:00:00:00:00
Attempting to connect to DC:00:00:00:00:00
Connection successful
[DC:00:00:00:00:00][LE]>

### Primary Service Discovery
[DC:00:00:00:00:00][LE]> primary
// Note: UUID-s are resolved based on "Assigned numbers document"
attr handle: 0x0001, end grp handle: 0x0004 uuid: 00001801-0000-1000-8000-00805f9b34fb   #Generic Attribute service
attr handle: 0x0005, end grp handle: 0x000b uuid: 00001800-0000-1000-8000-00805f9b34fb   #Generic Access service
attr handle: 0x000c, end grp handle: 0x001e uuid: 0000180a-0000-1000-8000-00805f9b34fb   #Device Information service
attr handle: 0x001f, end grp handle: 0x0024 uuid: 4484fae0-be34-11e4-851e-0002a5d5c51b   
attr handle: 0x0025, end grp handle: 0x0028 uuid: 0000180f-0000-1000-8000-00805f9b34fb   #Battery service
attr handle: 0x0029, end grp handle: 0x0030 uuid: 15dbcd61-6388-4c33-b9d8-580254fed03b
attr handle: 0x0031, end grp handle: 0x0035 uuid: 0000fe82-0000-1000-8000-00805f9b34fb   #Medtronic Inc
attr handle: 0x0036, end grp handle: 0x003f uuid: 00000300-0000-1000-0000-009132591325 
attr handle: 0x0040, end grp handle: 0x0064 uuid: 0000181f-0000-1000-8000-00805f9b34fb   #Continuous Glucose Monitoring service
// seems like Medtronic implements the service based on the Bluetooth spec?

[DC:00:00:00:00:00][LE]> included
No included services found for this range
[DC:00:00:00:00:00][LE]> characteristics
handle: 0x0002, char properties: 0x20, char value handle: 0x0003, uuid: 00002a05-0000-1000-8000-00805f9b34fb #Service Changed
handle: 0x0006, char properties: 0x0a, char value handle: 0x0007, uuid: 00002a00-0000-1000-8000-00805f9b34fb # Device Name
handle: 0x0008, char properties: 0x02, char value handle: 0x0009, uuid: 00002a01-0000-1000-8000-00805f9b34fb #Appearance
handle: 0x000a, char properties: 0x02, char value handle: 0x000b, uuid: 00002a04-0000-1000-8000-00805f9b34fb #Peripheral Preferred Connection Parameters
handle: 0x000d, char properties: 0x02, char value handle: 0x000e, uuid: 00002a29-0000-1000-8000-00805f9b34fb #Manufacturer Name String
handle: 0x000f, char properties: 0x02, char value handle: 0x0010, uuid: 00002a24-0000-1000-8000-00805f9b34fb #Model Number String
handle: 0x0011, char properties: 0x02, char value handle: 0x0012, uuid: 00002a25-0000-1000-8000-00805f9b34fb #Model Serial
handle: 0x0013, char properties: 0x02, char value handle: 0x0014, uuid: 00002a26-0000-1000-8000-00805f9b34fb #Firmware Revision
handle: 0x0015, char properties: 0x02, char value handle: 0x0016, uuid: 00002a27-0000-1000-8000-00805f9b34fb #Hardware Revision
handle: 0x0017, char properties: 0x02, char value handle: 0x0018, uuid: 00002a28-0000-1000-8000-00805f9b34fb #Software Revision
handle: 0x0019, char properties: 0x02, char value handle: 0x001a, uuid: 00002a23-0000-1000-8000-00805f9b34fb #System ID
handle: 0x001b, char properties: 0x02, char value handle: 0x001c, uuid: 00002a2a-0000-1000-8000-00805f9b34fb #IEEE 11073­20601 Regulatory Certification Data List
handle: 0x001d, char properties: 0x02, char value handle: 0x001e, uuid: 00002a50-0000-1000-8000-00805f9b34fb #PnP ID 
handle: 0x0020, char properties: 0x0a, char value handle: 0x0021, uuid: 500d8e40-be34-11e4-9b24-0002a5d5c51b
handle: 0x0022, char properties: 0x22, char value handle: 0x0023, uuid: 5f0b2420-be34-11e4-bc62-0002a5d5c51b
handle: 0x0026, char properties: 0x12, char value handle: 0x0027, uuid: 00002a19-0000-1000-8000-00805f9b34fb #Battery Level
handle: 0x002a, char properties: 0x20, char value handle: 0x002b, uuid: c774edac-e573-45e1-97c6-8b5c18cc571a
handle: 0x002d, char properties: 0x02, char value handle: 0x002e, uuid: de3e5221-1308-439c-a13a-884ddc387ca7
handle: 0x002f, char properties: 0x08, char value handle: 0x0030, uuid: 8484039e-97d3-40c0-bb55-c70c17badae2
handle: 0x0032, char properties: 0x18, char value handle: 0x0033, uuid: 0000fe82-0000-1000-0000-009132591325
handle: 0x0037, char properties: 0x28, char value handle: 0x0038, uuid: 00002a52-0000-1000-8000-00805f9b34fb #Record Access Control Point -> fetch previous measurements
handle: 0x003a, char properties: 0x28, char value handle: 0x003b, uuid: 00000360-0000-1000-0000-009132591325
handle: 0x003d, char properties: 0x10, char value handle: 0x003e, uuid: 00000350-0000-1000-0000-009132591325
handle: 0x0041, char properties: 0x30, char value handle: 0x0042, uuid: 00002aa7-0000-1000-8000-00805f9b34fb #CGM Measurement
handle: 0x0045, char properties: 0x02, char value handle: 0x0046, uuid: 00000200-0000-1000-0000-009132591325
handle: 0x0048, char properties: 0x02, char value handle: 0x0049, uuid: 00000205-0000-1000-0000-009132591325
handle: 0x004a, char properties: 0x02, char value handle: 0x004b, uuid: 00002aa8-0000-1000-8000-00805f9b34fb #CGM Feature
handle: 0x004c, char properties: 0x02, char value handle: 0x004d, uuid: 00002aa9-0000-1000-8000-00805f9b34fb #CGM Status
handle: 0x004e, char properties: 0x0a, char value handle: 0x004f, uuid: 00002aaa-0000-1000-8000-00805f9b34fb #CGM Session Start Time 
handle: 0x0050, char properties: 0x22, char value handle: 0x0051, uuid: 00002aab-0000-1000-8000-00805f9b34fb #CGM Session Run Time
handle: 0x0053, char properties: 0x20, char value handle: 0x0054, uuid: 00000203-0000-1000-0000-009132591325
handle: 0x0056, char properties: 0x28, char value handle: 0x0057, uuid: 00002a52-0000-1000-8000-00805f9b34fb
handle: 0x0059, char properties: 0x28, char value handle: 0x005a, uuid: 00002aac-0000-1000-8000-00805f9b34fb #CGM Specific Ops Control Point  (calibration/stop/start sensor?)
handle: 0x005c, char properties: 0x22, char value handle: 0x005d, uuid: 00000201-0000-1000-0000-009132591325
handle: 0x005f, char properties: 0x20, char value handle: 0x0060, uuid: 00000202-0000-1000-0000-009132591325
handle: 0x0062, char properties: 0x20, char value handle: 0x0063, uuid: 00000204-0000-1000-0000-009132591325

bluetoothctl

$ sudo bluetoothctl
…
[bluetooth]# scan on
Discovery started
[CHG] Controller 18:56:80:77:AF:E1 Discovering: yes
[NEW] Device DC:00:00:00:00:00 CGM GT1234567M
[CHG] Device DC:00:00:00:00:00 RSSI: -71
[CHG] Device DC:00:00:00:00:00 RSSI: -54

[bluetooth]# scan off
Discovery stopped
[CHG] Controller 18:56:80:77:AF:E1 Discovering: no
[CHG] Device DC:00:00:00:00:00 TxPower is nil
[CHG] Device DC:00:00:00:00:00 RSSI is nil


[bluetooth]# info DC:00:00:00:00:00
Device DC:00:00:00:00:00 (public)
        Name: CGM GT1234567M
        Alias: CGM GT1234567M
        Paired: yes
        Trusted: yes
        Blocked: no
        Connected: no
        LegacyPairing: no
        UUID: Vendor specific           (00000300-0000-1000-0000-009132591325)
        UUID: Generic Access Profile    (00001800-0000-1000-8000-00805f9b34fb)
        UUID: Generic Attribute Profile (00001801-0000-1000-8000-00805f9b34fb)
        UUID: Device Information        (0000180a-0000-1000-8000-00805f9b34fb)
        UUID: Battery Service           (0000180f-0000-1000-8000-00805f9b34fb)
        UUID: Continuous Glucose Moni.. (0000181f-0000-1000-8000-00805f9b34fb)
        UUID: Medtronic Inc.            (0000fe82-0000-1000-8000-00805f9b34fb)
        UUID: Vendor specific           (15dbcd61-6388-4c33-b9d8-580254fed03b)
        UUID: Vendor specific           (4484fae0-be34-11e4-851e-0002a5d5c51b)
        Modalias: bluetooth:v01F9p0000d0202
        ManufacturerData Key: 0x01f9
        ManufacturerData Value:
  80                                               .
        RSSI: -70
        TxPower: 0

[bluetooth]# menu gatt
Menu gatt:
Available commands:
-------------------
list-attributes [dev/local]                       List attributes
select-attribute <attribute/UUID>                 Select attribute
attribute-info [attribute/UUID]                   Select attribute
read [offset]                                     Read attribute value
write <data=xx xx ...> [offset] [type]            Write attribute value
acquire-write                                     Acquire Write file descriptor
release-write                                     Release Write file descriptor
acquire-notify                                    Acquire Notify file descriptor
release-notify                                    Release Notify file descriptor
notify <on/off>                                   Notify attribute value
clone [dev/attribute/UUID]                        Clone a device or attribute
register-application [UUID ...]                   Register profile to connect
unregister-application                            Unregister profile
register-service <UUID> [handle]                  Register application service.
unregister-service <UUID/object>                  Unregister application service
register-includes <UUID> [handle]                 Register as Included service in.
unregister-includes <Service-UUID><Inc-UUID>      Unregister Included service.
register-characteristic <UUID> <Flags=read,write,notify...> [handle] Register application characteristic
unregister-characteristic <UUID/object>           Unregister application characteristic
register-descriptor <UUID> <Flags=read,write...> [handle] Register application descriptor
unregister-descriptor <UUID/object>               Unregister application descriptor
back                                              Return to main menu
version                                           Display version
quit                                              Quit program
exit                                              Quit program
help                                              Display help about this program
export                                            Print environment variables
[bluetooth]# list-attributes DC:00:00:00:00:00
[CHG] Device DC:00:00:00:00:00 RSSI: -75
[CHG] Device DC:00:00:00:00:00 RSSI: -59
[CHG] Device DC:00:00:00:00:00 RSSI: -69
[bluetooth]# register-service 0000181f-0000-1000-8000-00805f9b34fb
[NEW] Primary Service (Handle 0x0000)
        /org/bluez/app/service0
        0000181f-0000-1000-8000-00805f9b34fb
        Continuous Glucose Monitoring
[/org/bluez/app/service0] Primary (yes/no): register-service 0000181f-0000-1000-8000-00805f9b34fb[/org/bluez/app/service0] Primary (yes/no): [CHG] Device DC:00:00:00:00:00 RSSI: -60
[/org/bluez/app/service0] Primary (yes/no): yes
[CHG] Device DC:00:00:00:00:00 RSSI: -71
[CHG] Device DC:00:00:00:00:00 RSSI: -58
[CHG] Device DC:00:00:00:00:00 RSSI: -71
[CHG] Device DC:00:00:00:00:00 RSSI: -59

[bluetooth]# register-application
[CHG] Primary Service (Handle 0x000e)
        /org/bluez/app/service0
        0000181f-0000-1000-8000-00805f9b34fb
        Continuous Glucose Monitoring
[CHG] Controller 18:56:80:77:AF:E1 UUIDs: 00001801-0000-1000-8000-00805f9b34fb
[CHG] Controller 18:56:80:77:AF:E1 UUIDs: 00001800-0000-1000-8000-00805f9b34fb
[CHG] Controller 18:56:80:77:AF:E1 UUIDs: 00001200-0000-1000-8000-00805f9b34fb
[CHG] Controller 18:56:80:77:AF:E1 UUIDs: 0000110c-0000-1000-8000-00805f9b34fb
[CHG] Controller 18:56:80:77:AF:E1 UUIDs: 0000110e-0000-1000-8000-00805f9b34fb
[CHG] Controller 18:56:80:77:AF:E1 UUIDs: 0000181f-0000-1000-8000-00805f9b34fb
Application registered
[CHG] Controller 18:56:80:77:AF:E1 UUIDs: 00001801-0000-1000-8000-00805f9b34fb
[CHG] Controller 18:56:80:77:AF:E1 UUIDs: 00001800-0000-1000-8000-00805f9b34fb
[CHG] Controller 18:56:80:77:AF:E1 UUIDs: 00001200-0000-1000-8000-00805f9b34fb
[CHG] Controller 18:56:80:77:AF:E1 UUIDs: 0000110c-0000-1000-8000-00805f9b34fb
[CHG] Controller 18:56:80:77:AF:E1 UUIDs: 0000110e-0000-1000-8000-00805f9b34fb
[CHG] Controller 18:56:80:77:AF:E1 UUIDs: 0000181f-0000-1000-8000-00805f9b34fb

Some examples for reading handles with gatttool:

// read handle for device name
[DC:00:00:00:00:00][LE]> char-read-uuid 00002a00-0000-1000-8000-00805f9b34fb
handle: 0x0007   value: 43 47 4d 20 54 72 61 6e 73 6d 69 74 74 65 72

echo "43 47 4d 20 54 72 61 6e 73 6d 69 74 74 65 72" |  xxd -r -p
CGM Transmitter

// read handle for manufacturer
[DC:00:00:00:00:00][LE]> char-read-uuid 00002a29-0000-1000-8000-00805f9b34fb
handle: 0x000e   value: 4d 65 64 74 72 6f 6e 69 63 00

echo "4d 65 64 74 72 6f 6e 69 63 00" |  xxd -r -p
Medtronic

// read handle for battery level
[DC:00:00:00:00:00][LE]> char-read-uuid  00002a19-0000-1000-8000-00805f9b34fb
handle: 0x0027   value: 5d

$ echo $((16#5d))
93
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment