search

michaeldorner / BeeTee

Demo application for Bluetooth device scanning using the iOS private framework "BluetoothManager"
MIT License
212 stars 37 forks source link

Private API's for Bluetooth Low Energy #22

Open stidch opened 6 years ago

stidch commented 6 years ago

Thank @michaeldorner for that nice project.

May I ask the community if someone has experience with Private API's and Bluetooth Low Energy.

I wonder if and how I could implement the following two requirements without Jailbreak:

Thanks in advance for every comment or input.

Cheers, Stephan

michaeldorner commented 6 years ago

Smart question. The intend of this project was originally to hijack the non-LE Bluetooth interfaces, but I never had a look into this topic. So probably. Anyone?

cansurmeli commented 6 years ago

First and foremost, I don't have any specific experience with things you've mentioned above as well but the below might get you where you want to go.

You should checkout nst's iOS runtime headers. He lays out what he has found via runtime introspection; both public and private. You yourself can also perform the same operation, perhaps for a specific iOS version, but they're readily available anyways.

For the operations you've mentioned above, you should analyse BluetoothManager.framework, which is a private framework.

From there on, if the private framework satisfies your needs, you should properly grasp how to utilise a private framework on iOS. It's a bit of a hard endeavour; however, you're in the right place. BeeTee can help you a lot.(Kudos to Michael).

If you reach to some conclusions or better yet code something, I would love to see what you've accomplished as it's always a pleasure to checkout iOS reverse engineering efforts.

stidch commented 6 years ago

Hey guys

Thanks for your quick response.

I already know both, the website nst's iOS runtime headers and the BluetoothManager.framework.

Unfortunately in BluetoothManager.framework the interfaces look quite general (turning bluetooth on/off) or BT Classic related.

Two other header files look more BLE Pairing related

Honestly I have no clue whether and how they could be used for they described cases (clear BLE pairings / accept pairing requests).