0

我对这个问题感到困惑。我有以下设备(它是一款中国智能手表),其 MAC 地址显示在 blueman 和 Bettercap 上,但没有出现在 hcitool 上。

我用:

sudo  hcitool lescan 
LE Scan ...
C0:28:8D:D6:66:EA 
C0:28:8D:D6:66:EA (unknown)

但是Q1的设备MAC地址EB:15:0C:38:C9:B0没有出现。

我尝试更好的帽:

sudo bettercap 
» ble.recon on
» [12:01:38] [ble.device.new] new BLE device Q1 detected as EB:15:0C:38:C9:B0 -77 dBm.

但是,我也得到:

当我做:

» ble.show 
│ -76 dBm │ eb:15:0c:38:c9:b0 │               │ Limited Discoverable, BR/EDR Not Supported   │ ✔       │ 12:05:38 │


» ble.enum eb:15:0c:38:c9:b0
[12:07:06] [sys.log] [inf] ble.recon connecting to eb:15:0c:38:c9:b0 ...
»  
┌──────────────┬───────────────────────────────────────────────────────┬──────────────────────────────────────────────────┬────────────────────────────────────────────────┐
│   Handles    │               Service > Characteristics               │                    Properties                    │                      Data                      │
├──────────────┼───────────────────────────────────────────────────────┼──────────────────────────────────────────────────┼────────────────────────────────────────────────┤
│ 0001 -> 0004 │ Generic Attribute (1801)                              │                                                  │                                                │
│ 0003         │     Service Changed (2a05)                            │ BCAST, READ, WRITE, NOTIFY, INDICATE, SIGN WRITE │ 00000000                                       │
│              │                                                       │                                                  │                                                │
│ 0005 -> 000f │ Generic Access (1800)                                 │                                                  │                                                │
│ 0007         │     Device Name (2a00)                                │ READ                                             │ Q1                                             │
│ 0009         │     Appearance (2a01)                                 │ READ                                             │ Unknown                                        │
│ 000b         │     Peripheral Privacy Flag (2a02)                    │ READ                                             │ Privacy Disabled                               │
│ 000d         │     Peripheral Preferred Connection Parameters (2a04) │ READ                                             │ Connection Interval: 224 -> 240                │
│              │                                                       │                                                  │ Slave Latency: 4                               │
│              │                                                       │                                                  │ Connection Supervision Timeout Multiplier: 500 │
│ 000f         │     2aa6                                              │ READ                                             │ 00                                             │
│              │                                                       │                                                  │                                                │
│ 0010 -> 0015 │ 6e400001b5a3f393e0a9e50e24dcca9e                      │                                                  │                                                │
│ 0012         │     6e400003b5a3f393e0a9e50e24dcca9e                  │ NOTIFY                                           │                                                │
│ 0015         │     6e400002b5a3f393e0a9e50e24dcca9e                  │ WRITE                                            │                                                │
│              │                                                       │                                                  │                                                │
│ 0016 -> 002d │ Human Interface Device (1812)                         │                                                  │                                                │
│ 0018         │     Protocol Mode (2a4e)                              │ READ, WRITE                                      │ insufficient encryption                        │
│ 001a         │     Report (2a4d)                                     │ READ, WRITE, NOTIFY                              │ insufficient encryption                        │
│ 001e         │     Report (2a4d)                                     │ READ, WRITE, NOTIFY                              │ insufficient encryption                        │
│ 0022         │     Report (2a4d)                                     │ READ, WRITE, NOTIFY                              │ insufficient encryption                        │
│ 0026         │     Report Map (2a4b)                                 │ READ                                             │ insufficient encryption                        │
│ 0028         │     Boot Mouse Input Report (2a33)                    │ READ, WRITE, NOTIFY                              │ insufficient encryption                        │
│ 002b         │     HID Information (2a4a)                            │ READ                                             │ insufficient encryption                        │
│ 002d         │     HID Control Point (2a4c)                          │ WRITE                                            │                                                │
│              │                                                       │                                                  │                                                │
│ 002e -> 0037 │ fee7                                                  │                                                  │                                                │
│ 0030         │     fec9                                              │ READ, NOTIFY                                     │ ë150c8É°                                       │
│ 0033         │     fea1                                              │ READ, INDICATE                                   │ 07a001009e0100a00100                           │
│ 0036         │     fea2                                              │ READ, WRITE, INDICATE                            │ Ð                                              │
│              │                                                       │                                                  │                                                │
└──────────────┴───────────────────────────────────────────────────────┴──────────────────────────────────────────────────┴────────────────────────────────────────────────┘

但是我不确定这一切意味着什么。我发现 bettercap 非常令人困惑。

» ^D
Are you sure you want to quit this session? y/n y
[12:08:07] [sys.log] [inf] ble.recon stopping scan ...

我也试过 gattool:

sudo gatttool -t random -b EB:15:0C:38:C9:B0 -I
[EB:15:0C:38:C9:B0][LE]> sec-level low
[EB:15:0C:38:C9:B0][LE]> connect
Attempting to connect to EB:15:0C:38:C9:B0
Error: connect to EB:15:0C:38:C9:B0: Device or resource busy (16)
[EB:15:0C:38:C9:B0][LE]> 

我很抱歉,但我不知道该怎么做。如果可能的话,我想读写这个设备。我在 Fedora 33 Linux 上。

提前感谢您的帮助!

感谢您提供有关 bluetoothctl 的信息。所以,我试试这个并得到:

$ sudo bluetoothctl 
Agent registered
[Q1]# devices 
Device EB:15:0C:38:C9:B0 Q1
Device E0:7B:1F:EB:C1:6C LH719
Device A4:C1:1C:F6:02:92 MS1020
[Q1]#  connect EB:15:0C:38:C9:B0
Attempting to connect to EB:15:0C:38:C9:B0
Connection successful

但是从这里阅读:https ://budimir.cc/2020/02/27/ble-on-linux-with-bluetoothctl/看来我应该得到比上述更多的信息。

但是,我补充说:

[Q1]# menu gatt


Menu gatt:
Available commands:
-------------------
list-attributes [dev/local]                       List attributes
select-attribute <attribute/UUID>                 Select attribute
attribute-info [attribute/UUID]                   Select attribute
read [offset]                                     Read attribute value
write <data=xx xx ...> [offset] [type]            Write attribute value
acquire-write                                     Acquire Write file descriptor
release-write                                     Release Write file descriptor
acquire-notify                                    Acquire Notify file descriptor
release-notify                                    Release Notify file descriptor
notify <on/off>                                   Notify attribute value
clone [dev/attribute/UUID]                        Clone a device or attribute
register-application [UUID ...]                   Register profile to connect
unregister-application                            Unregister profile
register-service <UUID> [handle]                  Register application service.
unregister-service <UUID/object>                  Unregister application service
register-includes <UUID> [handle]                 Register as Included service in.
unregister-includes <Service-UUID><Inc-UUID>      Unregister Included service.
register-characteristic <UUID> <Flags=read,write,notify...> [handle] Register application characteristic
unregister-characteristic <UUID/object>           Unregister application characteristic
register-descriptor <UUID> <Flags=read,write...> [handle] Register application descriptor
unregister-descriptor <UUID/object>               Unregister application descriptor
back                                              Return to main menu
version                                           Display version
quit                                              Quit program
exit                                              Quit program
help                                              Display help about this program
export                                            Print environment variables

并且似乎确实获得了服务列表(我现在将对其进行调查):

[Q1]# list-attributes 
Primary Service (Handle 0x0100)
    /org/bluez/hci0/dev_EB_15_0C_38_C9_B0/service002e
    0000fee7-0000-1000-8000-00805f9b34fb
    Tencent Holdings Limited.
Characteristic (Handle 0x7da4)
    /org/bluez/hci0/dev_EB_15_0C_38_C9_B0/service002e/char0035
    0000fea2-0000-1000-8000-00805f9b34fb
    Intrepid Control Systems, Inc.
Descriptor (Handle 0x0015)
    /org/bluez/hci0/dev_EB_15_0C_38_C9_B0/service002e/char0035/desc0037
    00002902-0000-1000-8000-00805f9b34fb
    Client Characteristic Configuration
Characteristic (Handle 0x9248)
    /org/bluez/hci0/dev_EB_15_0C_38_C9_B0/service002e/char0032
    0000fea1-0000-1000-8000-00805f9b34fb
    Intrepid Control Systems, Inc.
Descriptor (Handle 0x0015)
    /org/bluez/hci0/dev_EB_15_0C_38_C9_B0/service002e/char0032/desc0034
    00002902-0000-1000-8000-00805f9b34fb
    Client Characteristic Configuration
Characteristic (Handle 0xaf18)
    /org/bluez/hci0/dev_EB_15_0C_38_C9_B0/service002e/char002f
    0000fec9-0000-1000-8000-00805f9b34fb
    Apple, Inc.
Descriptor (Handle 0x0015)
    /org/bluez/hci0/dev_EB_15_0C_38_C9_B0/service002e/char002f/desc0031
    00002902-0000-1000-8000-00805f9b34fb
    Client Characteristic Configuration
Primary Service (Handle 0x9d80)
    /org/bluez/hci0/dev_EB_15_0C_38_C9_B0/service0010
    6e400001-b5a3-f393-e0a9-e50e24dcca9e
    Nordic UART Service
Characteristic (Handle 0xd894)
    /org/bluez/hci0/dev_EB_15_0C_38_C9_B0/service0010/char0014
    6e400002-b5a3-f393-e0a9-e50e24dcca9e
    Nordic UART TX
Characteristic (Handle 0xd894)
    /org/bluez/hci0/dev_EB_15_0C_38_C9_B0/service0010/char0011
    6e400003-b5a3-f393-e0a9-e50e24dcca9e
    Nordic UART RX
Descriptor (Handle 0x0015)
    /org/bluez/hci0/dev_EB_15_0C_38_C9_B0/service0010/char0011/desc0013
    00002902-0000-1000-8000-00805f9b34fb
    Client Characteristic Configuration
Primary Service (Handle 0x9d80)
    /org/bluez/hci0/dev_EB_15_0C_38_C9_B0/service0001
    00001801-0000-1000-8000-00805f9b34fb
    Generic Attribute Profile
Characteristic (Handle 0xff84)
    /org/bluez/hci0/dev_EB_15_0C_38_C9_B0/service0001/char0002
    00002a05-0000-1000-8000-00805f9b34fb
    Service Changed
Descriptor (Handle 0x0015)
    /org/bluez/hci0/dev_EB_15_0C_38_C9_B0/service0001/char0002/desc0004
    00002902-0000-1000-8000-00805f9b34fb
    Client Characteristic Configuration
[Q1]# 
4

1 回答 1

0

hcitool 和 gatttool 是 2017 年BlueZ 项目弃用的一些工具。如果您正在学习使用它们的教程,它可能已经过时了。现在要使用的正确工具是bluetoothctl.

如果您是蓝牙新手,那么使用通用蓝牙低功耗扫描和探索工具(如nRF Connect)可能更有助于了解正在发生的事情。阅读有关 BLE GATT 服务如何工作的信息将有助于service > Characteristics获取信息。

一旦您可以使用特征进行读写,您的下一个挑战将是弄清楚正在发送/接收的二进制数据的含义,因为看起来它们使用了很多自定义特征。

于 2021-03-20T18:15:38.773 回答