-
Notifications
You must be signed in to change notification settings - Fork 1
/
BLE_Discovery_protocol
28 lines (19 loc) · 1.54 KB
/
BLE_Discovery_protocol
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
There is a differention between listening to everyone and sharing just to contacts/own devices, as the latter requires a google account, I won't focus on it for now
When sharing the service UUID 0000fe2c-0000-1000-8000-00805f9b34fb is used
When ready to receive the service UUID 0000fef3-0000-1000-8000-00805f9b34fb is used
The format for sharing with everyone is like with regular bluetooth a plaintext string, some examples
RSBCQBACAgIDAAAew2cTAIA
RSABCBACAJCDAAClLHA5AII
RSCIEBECEAADAACEu4ZoAIM
VTAQABACAAADAAjYTFCqAIM (from another phone)
To get this string as well as the devices receiving/sharing, the script ble_get_devices.py can be used
Not entirely sure what that string is as the actual information is given by the characteristic 00000000-0000-3000-8000-000000000000 of the 0000fef3-0000-1000-8000-00805f9b34fb service
Here's some examples
48 FC 9F 5E 00 00 00 28 23 FC 9F 5E 44 4B 45 46 17 22 12 75 BD EC 4D A6 1F 16 F6 22 68 D2 C2 B5 76 67 05 4D 69 20 41 31 18 F0 E4 3C 07 8B 00 00 14 BF
48 FC 9F 5E 00 00 00 28 23 FC 9F 5E 39 31 56 34 17 22 24 4F 2E E4 06 BD 5C AC E1 4E 7F CC 6F C2 8B 8B 05 4D 69 20 41 31 18 F0 E4 3C 07 8B 00 00 66 F7
bytes 2 to 4 and 10 to 12 seem to be the service ID (FC 9F 5E)
bytes 13 to 16 are the endpoint ID (39 31 56 34)
byte 35 is the device name size (05)
bytes 36 to 40 are the device name (4D 69 20 41 31 / "Mi A1")
bytes 41 to 46 are the mac address (18 F0 E4 3C 07 8B)
Still unsure but seems like ble is only used for discovery the communication is made using regular bluetooth (available on the advertised mac address)