[feature/documentation request] scan for devices

[Equidamoid]

It would be nice to have something to help discover remote address.

Things I've tried so far:

• hcitool lescan gives tons of (unknown) addresses, I even tried ~20 of them after filtering out semi-sequential random addresses, none worked.
• hcitool scan should't work for BTLE, right? https://www.domoticz.com/forum/viewtopic.php?t=8683 suggests "search for bluetooth devices", so I gave it a try. Nope. Empty list.
• sniffing move app traffic:
  • wireshark on raspberry doesn't capture a thing, probably something is broken
  • packetlogger on laptop only shows "advertising reports" and does not capture anything when I send a command from move app
  • btsnoop log from android contains packets correlating with the app commands, but the local/remote addresses are empty.

So it would be nice to have it described somewhere. Or even better, --scan option for the script.

[Equidamoid]

I found one address in btsnoop log:

Frame 19: 29 bytes on wire (232 bits), 29 bytes captured (232 bits)
Bluetooth
Bluetooth HCI H4
Bluetooth HCI Command - LE Create Connection
    Command Opcode: LE Create Connection (0x200d)
    Parameter Total Length: 25
    Scan Interval: 96 (60 msec)
    Scan Window: 48 (30 msec)
    Initiator Filter Policy: Use Peer Address (0x00)
    Peer Address Type: Random Device Address (0x01)
    BD_ADDR: c1:43:18:00:00:01 (c1:43:18:00:00:01)
    Own Address Type: Random Device Address (0x01)
    Connection Interval Min: 24 (30 msec)
    Connection Interval Max: 40 (50 msec)
    Connection Latency: 0 (number events)
    Supervision Timeout: 2000 (20 sec)
    Min CE Length: 0 (0 msec)
    Max CE Length: 0 (0 msec)
    [Pending in frame: 20]
    [Command-Pending Delta: 2.501 ms]

but... It appears to be a random address received from scan 70ms before.

Frame 17: 35 bytes on wire (280 bits), 35 bytes captured (280 bits)
Bluetooth
Bluetooth HCI H4
Bluetooth HCI Event - LE Meta
    Event Code: LE Meta (0x3e)
    Parameter Total Length: 32
    Sub Event: LE Advertising Report (0x02)
    Num Reports: 1
    Event Type: Connectable Undirected Advertising (0x00)
    Peer Address Type: Random Device Address (0x01)
    BD_ADDR: c1:43:18:00:00:01 (c1:43:18:00:00:01)
    Data Length: 20
    Advertising Data
        Flags
        16-bit Service Class UUIDs
        Appearance: Generic Tag
        Unknown
[Malformed Packet: BT Common]

[Equidamoid]

So, after half a day everything goes a bit further if I switch off BT on my phone. For the people from future who may happen to look for some reference, hcitool scan is the way to get the mac. Make sure nothing (phone, etc with the vendor's app) tries to do anything with your device. Maybe even turn BT off, just in case (as a side note, after using teptron app my phone had some troubles connecting to BT devices until I rebooted it). The line you're looking for is the one with label "MOVE2".

[nkaminski]

Yes, currently the best way to scan for devices is to use either "hcitool" scan OR bluetoothctl, and the command "scan on".

In the future I will certainly look into scanning programmatically and then filtering devices by those presenting characteristics with UUIDs known to be associated with supported CSRmesh devices.

On January 14, 2018 1:08:27 PM CST, Equidamoid notifications@github.com wrote:

So, after half a day everything goes a bit further if I switch off BT on my phone. For the people from future who may happen to look for some reference, hcitool scan is the way to get the mac. Make sure nothing (phone, etc with the vendor's app) tries to do anything with your device. Maybe even turn BT off, just in case (as a side note, after using teptron app my phone had some troubles connecting to BT devices until I rebooted it). The line you're looking for is the one with label "MOVE2".

-- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/nkaminski/csrmesh/issues/24#issuecomment-357533924

-- Sent from my Android device with K-9 Mail.