StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

POUsing iOS GameKit's "Bluetooth Bonjour" with other platforms
text
Body
copied!<p>I'm interested in connecting to iOS-based devices over Bluetooth. I can see that the "Local Network" service is exposed, but I cannot find any extra information about it. Property stored under key 0x0204 looks like a Bonjour key.</p> <p>Which protocol is used? How can one talk to the iOS device using Linux, Mac or one's own embedded device equipped with a Bluetooth chip?</p> <p>Here's SDP data extracted using Bluetooth Explorer under OS X while the iOS device runs Gameloft's Star Battalion.</p> <pre><code> { 0x0000 = uint32(1330188565), 0x0200 = uint32(2), 0x0202 = string(004wD7l1A..0|0|0|ivucic-À'), 0x030a = uint32(0), 0x0009 = { { uuid16(11 15), uint16(256) } }, 0x0201 = string(_657o30a6rmst07À), 0x0005 = { uuid16(10 02) }, 0x0100 = string(Local Network), 0x0001 = { uuid16(11 15) }, 0x0203 = string(004wd7l1a..0|0|0|ivucic-_657o30a6rmst07À 0xf000 = uint8(2), 0x0204 = string( txtvers=1state=A), 0x0008 = uint8(255), 0x0006 = { uint16(25966), uint16(106), uint16(256), uint16(26226), uint16(106), uint16(272), uint16(25701), uint16(106), uint16(288), uint16(27233), uint16(106), uint16(304) }, 0x0004 = { { uuid16(01 00), uint16(15) }, { uuid16(00 0f), uint16(256), { uint16(2048), uint16(2054) } } }, 0x0002 = uint32(0) }, </code></pre> <p>Other partially relevant questions:</p> <ul> <li><a href="https://stackoverflow.com/questions/7251023/pan-with-linux-ios-bluetooth-bonjour-gamekit-possible">PAN with Linux, iOS, Bluetooth, Bonjour, GameKit — Possible?</a> - Person can solve problem using Wi-Fi. Not solution here because embedded device will not have the way more expensive Wi-Fi chip.</li> <li><a href="https://stackoverflow.com/questions/3844189/bonjour-over-bluetooth-without-gamekit">Bonjour over bluetooth WITHOUT Gamekit?</a> - Best answer does not end up providing technical details</li> <li><a href="https://stackoverflow.com/questions/7230311/ios-bluetooth-without-gamekit">iOS bluetooth without GameKit</a> - Provides a solution for a jailbroken device, which is not applicable here.</li> </ul> <hr> <p>Researching further with Apple's Bluetooth Explorer in OS X and <code>sdptool</code> in GNU/Linux, I have discovered that key <code>0x0001</code> (standing for "protocol class"), containing value of <code>0x1115</code>, stands for the "PANU" variant of "PAN" - a peer2peer variant. It is notable that OS X does not provide service-side ('hosting') support for this protocol, despite supporting creation of a <code>0x1116</code> network, which is the "NAP" variant of "PAN" - a client/server variant.</p> <p>This might be good news, but only if GameKit's session protocol does not have to be used. Hijacking the media-layer connection established by GameKit in order to send other UDP traffic would be ideal.</p> <p>I'll still have to research whether or not this GameKit connection really is <code>0x1115</code>; that is, if it really is "PANU". Does anyone have any further information?</p> <hr> <p>Note while Bonjour automatically announced this Bluetooth service after iOS 3, this has changed with iOS 5. See the answer I posted on <a href="https://stackoverflow.com/q/8273661/39974">how to establish Bluetooth connection without GameKit</a>, where I handily documented information from Apple's <a href="http://developer.apple.com/library/ios/#qa/qa1753/_index.html#//apple_ref/doc/uid/DTS40011315" rel="nofollow noreferrer">Technical Q&A QA1753</a>.</p> <hr> <p>A small amount of research with GNU/Linux did not result in a successful connection. It may be due to lack of knowledge on how to properly use <code>pand</code>. It may also be due to Bluetooth MAC based blocking. I'd love info anyone may have to offer. If I research this further and stumble upon something interesting, I'll update this answer.</p> <hr> <p>Results under Ubuntu. The service appears only when Bluetooth Bonjour is active.</p> <pre><code>ivucica@ivucica-MacBook:~$ sdptool browse $ADDR #relevant data only Browsing ADDRESS_HERE ... Service Name: Local Network Service RecHandle: 0x4f491115 Service Class ID List: "PAN User" (0x1115) Protocol Descriptor List: "L2CAP" (0x0100) PSM: 15 "BNEP" (0x000f) Version: 0x0100 SEQ8: 0 6 Language Base Attr List: code_ISO639: 0x656e encoding: 0x6a base_offset: 0x100 code_ISO639: 0x6672 encoding: 0x6a base_offset: 0x110 code_ISO639: 0x6465 encoding: 0x6a base_offset: 0x120 code_ISO639: 0x6a61 encoding: 0x6a base_offset: 0x130 Profile Descriptor List: "PAN User" (0x1115) Version: 0x0100 ... and so on ... </code></pre> <p>Here's the attempt to connect:</p> <pre><code>ivucica@ivucica-MacBook:~$ pand --connect $ADDR -n pand[3237]: Bluetooth PAN daemon version 4.98 pand[3237]: Connecting to ADDRESS_HERE pand[3237]: Connect to ADDRESS_HERE failed. Connection refused(111) </code></pre> <p>Is some sort of authorization required? Enabling encryption, authentication, secure connection and forcing becoming a master doesn't seem to make any difference (<code>-AESM</code> options in various combinations).</p> <p>Anyone has any ideas?</p> <hr> <p>Huh!</p> <pre>ivucica@ivucica-MacBook:~$ sudo hcidump HCI sniffer - Bluetooth packet analyzer ver 2.2 device: hci0 snap_len: 1028 filter: 0xffffffff HCI Event: Command Status (0x0f) plen 4 Create Connection (0x01|0x0005) status 0x00 ncmd 1 > HCI Event: Role Change (0x12) plen 8 status 0x00 bdaddr ADDRESS_HERE role 0x01 Role: Slave > HCI Event: Connect Complete (0x03) plen 11 status 0x00 handle 12 bdaddr ADDRESS_HERE type ACL encrypt 0x00 HCI Event: Command Status (0x0f) plen 4 Read Remote Supported Features (0x01|0x001b) status 0x00 ncmd 1 > HCI Event: Read Remote Supported Features (0x0b) plen 11 status 0x00 handle 12 Features: 0xbf 0xfe 0x8f 0xfe 0x9b 0xff 0x79 0x83 HCI Event: Command Status (0x0f) plen 4 Read Remote Extended Features (0x01|0x001c) status 0x00 ncmd 1 > HCI Event: Max Slots Change (0x1b) plen 3 handle 12 slots 5 > HCI Event: Read Remote Extended Features (0x23) plen 13 status 0x00 handle 12 page 1 max 1 Features: 0x01 0x00 0x00 0x00 0x00 0x00 0x00 0x00 HCI Event: Command Status (0x0f) plen 4 Remote Name Request (0x01|0x0019) status 0x00 ncmd 1 > HCI Event: Remote Name Req Complete (0x07) plen 255 status 0x00 bdaddr ADDRESS_HERE name 'Evil iPad' HCI Event: Command Status (0x0f) plen 4 Authentication Requested (0x01|0x0011) status 0x00 ncmd 1 > HCI Event: Link Key Request (0x17) plen 6 bdaddr ADDRESS_HERE HCI Event: Command Complete (0x0e) plen 10 Link Key Request Reply (0x01|0x000b) ncmd 1 status 0x00 bdaddr ADDRESS_HERE > HCI Event: Auth Complete (0x06) plen 3 status 0x00 handle 12 HCI Event: Command Status (0x0f) plen 4 Set Connection Encryption (0x01|0x0013) status 0x00 ncmd 1 > HCI Event: Encrypt Change (0x08) plen 4 status 0x00 handle 12 encrypt 0x01 HCI Event: Number of Completed Packets (0x13) plen 5 handle 12 packets 1 > ACL data: handle 12 flags 0x02 dlen 16 L2CAP(s): Info rsp: type 2 result 0 Extended feature mask 0x02a8 Enhanced Retransmission mode FCS Option Fixed Channels Unicast Connectless Data Reception HCI Event: Number of Completed Packets (0x13) plen 5 handle 12 packets 1 > ACL data: handle 12 flags 0x02 dlen 20 L2CAP(s): Info rsp: type 3 result 0 Fixed channel list 0x00000006 L2CAP Signalling Channel L2CAP Connless HCI Event: Number of Completed Packets (0x13) plen 5 handle 12 packets 1 > ACL data: handle 12 flags 0x02 dlen 16 L2CAP(s): Connect rsp: dcid 0x0000 scid 0x0040 result 2 status 0 Connection refused - PSM not supported > HCI Event: Disconn Complete (0x05) plen 4 status 0x00 handle 12 reason 0x13 Reason: Remote User Terminated Connection </pre> <p>This?</p> <pre> > ACL data: handle 12 flags 0x02 dlen 16 L2CAP(s): Connect rsp: dcid 0x0000 scid 0x0040 result 2 status 0 Connection refused - PSM not supported </pre>

Querying!

Guidance

An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload