问题描述
我感兴趣的是连接到通过蓝牙基于iOS的设备。我可以看到本地网络服务暴露出来,但我无法找到任何关于它的额外信息。下键0x0204储存属性看起来像卓悦关键。
哪种协议使用吗?一个人怎么可以跟使用Linux,Mac还是自己的嵌入式设备配备了蓝牙芯片的iOS设备?
而iOS设备上运行Gameloft公司的星大队下面是在OS X中提取SDP数据通过蓝牙浏览器。
{
0×0000 = UINT32(1330188565)
0x0200 = UINT32(2),
0x0202 =字符串(004wD7l1A..0 | 0 | 0 | ivucic-A),
0x030a = UINT32(0),
0x0009 = {{uuid16(11月15日),UINT16(256)}},
0x0201 =字符串(_657o30a6rmst07À)
0×0005 = {uuid16(10 02)},
0100 =字符串(局域网)
0×0001 = {uuid16(11月15日)},
0x0203 =字符串(004wd7l1a..0 | 0 | 0 | ivucic,_657o30a6rmst07À
0xf000 = UINT8(2),
0x0204 =字符串(txtvers = 1个状态= A),
0×0008 = UINT8(255),
0x0006 = {UINT16(25966),UINT16(106),UINT16(256),UINT16(26226),UINT16(106),UINT16(272),UINT16(25701),UINT16(106),UINT16(288),UINT16( 27233),UINT16(106),UINT16(304)},
0x0004单元= {{uuid16(01 00),UINT16(15)},{uuid16(00 0F),UINT16(256),{UINT16(2048),UINT16(2054)}}},
0×0002 = UINT32(0)
},
其他部分相关的问题:
- - 人可以使用Wi-Fi解决问题。解不了这里,因为嵌入式设备将不会有这样更昂贵的Wi-Fi芯片。
- - ?最好的答案并没有结束提供技术详细信息
- - 提供一个越狱设备,这是不适用的溶液在这里。
与苹果的蓝牙Explorer在OS X和命令sdptool 在GNU / Linux的进一步研究,我发现,关键 0×0001 (代表协议班),包含 0x1115 ,全称是潘的PANU变种 - 一个peer2peer变种。值得注意的是,OS X不提供服务端('主机')对该协议的支持,尽管支持 0x1116 网络,这是国家行动方案变种的创建的潘 - 客户端/服务器变种
此可能是个好消息,但只有当的GameKit的会话协议中没有被使用。通过劫持中的GameKit为了发送其他UDP流量设立的媒体层连接将是理想的。
我还是得研究这个的GameKit连接是否真的是 0x1115 ;也就是说,如果真的是PANU。有没有人有任何进一步的信息?
请注意,而卓悦自动宣布这款蓝牙服务的iOS 3,这与iOS 5,变更后看我贴在如何建立无的GameKit ,我在那里轻而易举地从苹果公司的Technical Q&安培; A QA1753
与GNU / Linux的研究有少量没有造成连接成功。这可能是由于对如何正确使用 PAND 知识的缺乏。它也可能是由于基于蓝牙MAC阻塞。我很想信息的人可能必须提供。如果我研究这更进一步,偶然发现一些有趣的事情,我会更新这个答案。
在Ubuntu下的结果。当蓝牙Bonjour是活跃,只有出现服务。
仅〜$浏览的sdptool $ ADDR #relevant数据: ivucica @ ivucica-的MacBook
浏览ADDRESS_HERE ...
服务名称:本地网络
服务RecHandle:0x4f491115
服务类ID列表:
PAN用户(0x1115)
协议描述符表:
L2CAP(0100)
PSM:15
BNEP(0x000f)
版本:0100
SEQ8:0 6
语言基础的Attr列表:
code_ISO639:0x656e
编码:的0x6A
base_offset:0x100的
code_ISO639:0x6672
编码:的0x6A
base_offset:量0x110
code_ISO639:0x6465
编码:的0x6A
base_offset:量0x120
code_ISO639:0x6a61
编码:的0x6A
base_offset:量0x130
简介描述符列表:
PAN用户(0x1115)
版本:0100... 等等 ...
下面的连接尝试:
ivucica @ ivucica-的MacBook:〜$ PAND --connect $ ADDR -n
PAND [3237]:蓝牙PAN守护版4.98
PAND [3237]:连接到ADDRESS_HERE
PAND [3237]:连接到ADDRESS_HERE失败。连接被拒绝(111)
是否需要某种形式的授权?启用加密,认证,安全的连接,并迫使成为高手似乎没有什么差别(各种组合 -AESM 选项)。
任何人有什么想法?
呵呵!
ivucica @ ivucica-的MacBook:〜$ sudo的hcidump
HCI嗅探器 - 蓝牙数据包分析器2.2版本
设备:hci0 snap_len:1028滤镜:为0xffffffff
HCI事件:命令状态(为0x0F)PLEN 4
创建连接(0×01 | 0×0005)状态0x00 NCMD 1
> HCI事件:角色转换(0×12)PLEN 8
状态0x00 BDADDR ADDRESS_HERE作用为0x01
作用:从
> HCI事件:连接完成(×03)PLEN 11
状态0x00手柄12 BDADDR ADDRESS_HERE型ACL加密为0x00
HCI事件:命令状态(为0x0F)PLEN 4
阅读远程支持的功能(0×01 | 0x001b)状态0x00 NCMD 1
> HCI事件:读取远程支持的功能(0x0B中)PLEN 11
状态0x00手柄12
特点:为0xBF 0xFE的0x8f 0xFE的0x9b 0xFF的0x79的0X83
HCI事件:命令状态(为0x0F)PLEN 4
阅读远程扩展功能(0×01 | 0x001c)状态0x00 NCMD 1
> HCI事件:最大变化插槽(0x1b)PLEN 3
处理12个插槽5
> HCI事件:读取远程扩展功能(0x23)PLEN 13
状态0x00手柄12第1页最多1个
特点:0×01 0×00 0×00 0×00 0×00 0×00 0×00 0×00
HCI事件:命令状态(为0x0F)PLEN 4
远程名称请求(0×01 | 0x0019)状态0x00 NCMD 1
> HCI事件:远程名称REQ的完成(0×07)PLEN 255
状态0x00 BDADDR ADDRESS_HERE名邪恶的iPad
HCI事件:命令状态(为0x0F)PLEN 4
验证请求(0×01 | 0x0011)状态0x00 NCMD 1
> HCI事件:链路密钥请求(0x17已)PLEN 6
BDADDR ADDRESS_HERE
HCI事件:命令完成(0x0E的)PLEN 10
链路密钥请求回复(0×01 | 0x000b)NCMD 1
状态0x00 BDADDR ADDRESS_HERE
> HCI事件:验证完成(0×06)PLEN 3
状态0x00手柄12
HCI事件:命令状态(为0x0F)PLEN 4
设置连接加密(0×01 | 0x0013)状态0x00 NCMD 1
> HCI事件:加密变化(0×08)PLEN 4
状态0x00手柄12加密为0x01
HCI事件:已完成数据包(0x13)均禁用PLEN 5号
处理12包1
> ACL数据:处理12标志0X02 DLEN 16
L2CAP(S):信息RSP:2型结果0
扩展功能面具0x02a8
增强的重传模式
FCS选项
固定通道
单播无连接数据接收
HCI事件:已完成数据包(0x13)均禁用PLEN 5号
处理12包1
> ACL数据:处理12标志0X02 DLEN 20
L2CAP(S):信息RSP:3类型0的结果
固定频道列表0x00000006
L2CAP信令信道
L2CAP Connless
HCI事件:已完成数据包(0x13)均禁用PLEN 5号
处理12包1
> ACL数据:处理12标志0X02 DLEN 16
L2CAP(S):连接RSP:DCID为0x0000 SCID×0040结果2状态0
连接被拒绝 - 不支持PSM
> HCI事件:DISCONN完成(0×05)PLEN 4
状态0x00手柄12的原因0x13
原因:远程用户连接终止
本?
> ACL数据:处理12标志0X02 DLEN 16
L2CAP(S):连接RSP:DCID为0x0000 SCID×0040结果2状态0
连接被拒绝 - 不支持PSM
根据这个有趣的网站:
<一href=\"http://$c$c.google.com/p/btstack/wiki/iPhoneBluetooth\">http://$c$c.google.com/p/btstack/wiki/iPhoneBluetooth苹果使用的是除了它们的蓝牙射频芯片专用芯片否认没有这种芯片的设备的任何连接 - 这意味着它在硬件级别的锁
I'm interested in connecting to iOS-based devices over Bluetooth. I can see that the "Local Network" service is exposed, but I cannot find any extra information about it. Property stored under key 0x0204 looks like a Bonjour key.
Which protocol is used? How can one talk to the iOS device using Linux, Mac or one's own embedded device equipped with a Bluetooth chip?
Here's SDP data extracted using Bluetooth Explorer under OS X while the iOS device runs Gameloft's Star Battalion.
{
0x0000 = uint32(1330188565),
0x0200 = uint32(2),
0x0202 = string(004wD7l1A..0|0|0|ivucic-À'),
0x030a = uint32(0),
0x0009 = { { uuid16(11 15), uint16(256) } },
0x0201 = string(_657o30a6rmst07À),
0x0005 = { uuid16(10 02) },
0x0100 = string(Local Network),
0x0001 = { uuid16(11 15) },
0x0203 = string(004wd7l1a..0|0|0|ivucic-_657o30a6rmst07À
0xf000 = uint8(2),
0x0204 = string( txtvers=1state=A),
0x0008 = uint8(255),
0x0006 = { uint16(25966), uint16(106), uint16(256), uint16(26226), uint16(106), uint16(272), uint16(25701), uint16(106), uint16(288), uint16(27233), uint16(106), uint16(304) },
0x0004 = { { uuid16(01 00), uint16(15) }, { uuid16(00 0f), uint16(256), { uint16(2048), uint16(2054) } } },
0x0002 = uint32(0)
},
Other partially relevant questions:
- PAN with Linux, iOS, Bluetooth, Bonjour, GameKit — Possible? - Person can solve problem using Wi-Fi. Not solution here because embedded device will not have the way more expensive Wi-Fi chip.
- Bonjour over bluetooth WITHOUT Gamekit? - Best answer does not end up providing technical details
- iOS bluetooth without GameKit - Provides a solution for a jailbroken device, which is not applicable here.
Researching further with Apple's Bluetooth Explorer in OS X and sdptool in GNU/Linux, I have discovered that key 0x0001 (standing for "protocol class"), containing value of 0x1115, stands for the "PANU" variant of "PAN" - a peer2peer variant. It is notable that OS X does not provide service-side ('hosting') support for this protocol, despite supporting creation of a 0x1116 network, which is the "NAP" variant of "PAN" - a client/server variant.
This might be good news, but only if GameKit's session protocol does not have to be used. Hijacking the media-layer connection established by GameKit in order to send other UDP traffic would be ideal.
I'll still have to research whether or not this GameKit connection really is 0x1115; that is, if it really is "PANU". Does anyone have any further information?
Note while Bonjour automatically announced this Bluetooth service after iOS 3, this has changed with iOS 5. See the answer I posted on how to establish Bluetooth connection without GameKit, where I handily documented information from Apple's Technical Q&A QA1753.
A small amount of research with GNU/Linux did not result in a successful connection. It may be due to lack of knowledge on how to properly use pand. It may also be due to Bluetooth MAC based blocking. I'd love info anyone may have to offer. If I research this further and stumble upon something interesting, I'll update this answer.
Results under Ubuntu. The service appears only when Bluetooth Bonjour is active.
ivucica@ivucica-MacBook:~$ sdptool browse $ADDR #relevant data only
Browsing ADDRESS_HERE ...
Service Name: Local Network
Service RecHandle: 0x4f491115
Service Class ID List:
"PAN User" (0x1115)
Protocol Descriptor List:
"L2CAP" (0x0100)
PSM: 15
"BNEP" (0x000f)
Version: 0x0100
SEQ8: 0 6
Language Base Attr List:
code_ISO639: 0x656e
encoding: 0x6a
base_offset: 0x100
code_ISO639: 0x6672
encoding: 0x6a
base_offset: 0x110
code_ISO639: 0x6465
encoding: 0x6a
base_offset: 0x120
code_ISO639: 0x6a61
encoding: 0x6a
base_offset: 0x130
Profile Descriptor List:
"PAN User" (0x1115)
Version: 0x0100
... and so on ...
Here's the attempt to connect:
ivucica@ivucica-MacBook:~$ pand --connect $ADDR -n
pand[3237]: Bluetooth PAN daemon version 4.98
pand[3237]: Connecting to ADDRESS_HERE
pand[3237]: Connect to ADDRESS_HERE failed. Connection refused(111)
Is some sort of authorization required? Enabling encryption, authentication, secure connection and forcing becoming a master doesn't seem to make any difference (-AESM options in various combinations).
Anyone has any ideas?
Huh!
ivucica@ivucica-MacBook:~$ sudo hcidump
HCI sniffer - Bluetooth packet analyzer ver 2.2
device: hci0 snap_len: 1028 filter: 0xffffffff
HCI Event: Command Status (0x0f) plen 4
Create Connection (0x01|0x0005) status 0x00 ncmd 1
> HCI Event: Role Change (0x12) plen 8
status 0x00 bdaddr ADDRESS_HERE role 0x01
Role: Slave
> HCI Event: Connect Complete (0x03) plen 11
status 0x00 handle 12 bdaddr ADDRESS_HERE type ACL encrypt 0x00
HCI Event: Command Status (0x0f) plen 4
Read Remote Supported Features (0x01|0x001b) status 0x00 ncmd 1
> HCI Event: Read Remote Supported Features (0x0b) plen 11
status 0x00 handle 12
Features: 0xbf 0xfe 0x8f 0xfe 0x9b 0xff 0x79 0x83
HCI Event: Command Status (0x0f) plen 4
Read Remote Extended Features (0x01|0x001c) status 0x00 ncmd 1
> HCI Event: Max Slots Change (0x1b) plen 3
handle 12 slots 5
> HCI Event: Read Remote Extended Features (0x23) plen 13
status 0x00 handle 12 page 1 max 1
Features: 0x01 0x00 0x00 0x00 0x00 0x00 0x00 0x00
HCI Event: Command Status (0x0f) plen 4
Remote Name Request (0x01|0x0019) status 0x00 ncmd 1
> HCI Event: Remote Name Req Complete (0x07) plen 255
status 0x00 bdaddr ADDRESS_HERE name 'Evil iPad'
HCI Event: Command Status (0x0f) plen 4
Authentication Requested (0x01|0x0011) status 0x00 ncmd 1
> HCI Event: Link Key Request (0x17) plen 6
bdaddr ADDRESS_HERE
HCI Event: Command Complete (0x0e) plen 10
Link Key Request Reply (0x01|0x000b) ncmd 1
status 0x00 bdaddr ADDRESS_HERE
> HCI Event: Auth Complete (0x06) plen 3
status 0x00 handle 12
HCI Event: Command Status (0x0f) plen 4
Set Connection Encryption (0x01|0x0013) status 0x00 ncmd 1
> HCI Event: Encrypt Change (0x08) plen 4
status 0x00 handle 12 encrypt 0x01
HCI Event: Number of Completed Packets (0x13) plen 5
handle 12 packets 1
> ACL data: handle 12 flags 0x02 dlen 16
L2CAP(s): Info rsp: type 2 result 0
Extended feature mask 0x02a8
Enhanced Retransmission mode
FCS Option
Fixed Channels
Unicast Connectless Data Reception
HCI Event: Number of Completed Packets (0x13) plen 5
handle 12 packets 1
> ACL data: handle 12 flags 0x02 dlen 20
L2CAP(s): Info rsp: type 3 result 0
Fixed channel list 0x00000006
L2CAP Signalling Channel
L2CAP Connless
HCI Event: Number of Completed Packets (0x13) plen 5
handle 12 packets 1
> ACL data: handle 12 flags 0x02 dlen 16
L2CAP(s): Connect rsp: dcid 0x0000 scid 0x0040 result 2 status 0
Connection refused - PSM not supported
> HCI Event: Disconn Complete (0x05) plen 4
status 0x00 handle 12 reason 0x13
Reason: Remote User Terminated Connection
This?
> ACL data: handle 12 flags 0x02 dlen 16
L2CAP(s): Connect rsp: dcid 0x0000 scid 0x0040 result 2 status 0
Connection refused - PSM not supported
According to this interesting site : http://code.google.com/p/btstack/wiki/iPhoneBluetooth Apple are using a special chip besides their Bluetooth RF chip which denies any connection for a device without that chip - this means its a lock on the hardware level.
这篇关于使用IOS的GameKit的&QUOT;蓝牙卓悦&QUOT;与其他平台的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!