So, I fired up a Raspberry PI, I seem to have a few lying around these days. Oh, it has a bluetooth dongle plugged into it.
pi@raspberrypi ~ $ sudo hcitool lescan>scan.txt
pi@raspberrypi ~ $ cat scan.txt|sort -u
5C:F9:38:C1:2E:02 (unknown)
CE:8E:1A:16:CE:2F CGMS MICRO1
FF:E8:16:98:EE:BA (unknown)
FF:E8:16:98:EE:BA (unknown)
Shows me 3 BLE devices. The CGMS one is an RFDuino. I turn off a pebble and the "FF" one vanishes. Interesting, that's not what I thought was the pebbles MAC address.
Now, I turn off bluetooth on my iPhone. These two show up:
Now, I turn off bluetooth on my iPhone. These two show up:
CE:8E:1A:16:CE:2F CGMS MICRO1
E9:7F:13:9D:90:53 vivosmart #3895410566
I really want to poke at the Vivo, but I have no clue what it wants. Right now, I can only get it to tell me that I can't connect.
I'll stick to the RFDuino for now since I have full control of it.
sudo
gatttool -t random --primary -b CE:8E:1A:16:CE:2F –I
Note the "random". Spent a couple of hours getting the new version of gatttool onto the PI for this. It's a security feature, and most BLE devices require it, RFDuino being one.
Then:
> char-desc
handle: 0x0001, uuid: 00002800-0000-1000-8000-00805f9b34fb
handle: 0x0001, uuid: 00002800-0000-1000-8000-00805f9b34fb
handle: 0x0002, uuid: 00002803-0000-1000-8000-00805f9b34fb
handle: 0x0003, uuid: 00002a00-0000-1000-8000-00805f9b34fb
handle: 0x0004, uuid: 00002803-0000-1000-8000-00805f9b34fb
handle: 0x0005, uuid: 00002a01-0000-1000-8000-00805f9b34fb
handle: 0x0006, uuid: 00002803-0000-1000-8000-00805f9b34fb
handle: 0x0007, uuid: 00002a04-0000-1000-8000-00805f9b34fb
handle: 0x0008, uuid: 00002800-0000-1000-8000-00805f9b34fb
handle: 0x0009, uuid: 00002803-0000-1000-8000-00805f9b34fb
handle: 0x000a, uuid: 00002a05-0000-1000-8000-00805f9b34fb
handle: 0x000b, uuid: 00002902-0000-1000-8000-00805f9b34fb
handle: 0x000c, uuid: 00002800-0000-1000-8000-00805f9b34fb
handle: 0x000d, uuid: 00002803-0000-1000-8000-00805f9b34fb
handle: 0x000e, uuid: 00002221-0000-1000-8000-00805f9b34fb
handle: 0x000f, uuid: 00002902-0000-1000-8000-00805f9b34fb
handle: 0x0010, uuid: 00002803-0000-1000-8000-00805f9b34fb
handle: 0x0011, uuid: 00002222-0000-1000-8000-00805f9b34fb
This is the Write attribute, so lets write something
[CE:8E:1A:16:CE:2F][LE]> char-write-req 0x0011 ff02ff0344
RFDuino serial terminal app shows:
RFduinoBLE_onReceive (this is an interrupt I have coded)
FF:2:FF:3:44: (this is what the RFDuino just received)
You can also read the other attributes above, like:
>[CE:8E:1A:16:CE:2F][LE]> char-read-hnd 0x002
Characteristic value/descriptor: 0a 03 00 00 2a
I think this one was the Manufacturer name.
At this point, I realize I'm not going to get any further from Unix. I need to order the Ubertooth from Sparkfun so I can do some serious packet sniffing.
Nice app for that is https://play.google.com/store/apps/details?id=no.nordicsemi.android.mcp
ReplyDeleteHow is http://redbearlab.com/blenano/ going?
There was very little available for it. One of their other chips does central, but they only provide some very rudimentary code to get you started, I think you would have to go into IAR if you really wanted any functionality. Finally, I was disappointed when I discovered that there is another level of chip out there that does both central and peripheral(at the same time?), but it's not available on a dev board anywhere.
ReplyDeleteI think this should work on blenano if you need central. http://developer.nordicsemi.com/nRF51_SDK/doc/7.2.0/s120/html/index.html
ReplyDeleteIt only can't do central and peripheral at the same time :(