Possible to hack BLE peripheral mode support in Android?

2
votes

This blog post from radius networks discusses how Android devices can not yet be used as iBeacons (AKA: BLE peripheral mode) even if the device's hardware supports BLE, because Android has no APIs for BLE peripheral mode.

NOTE: BLE means Bluetooth Low Energy

After reading this section, I am gonna suggest something stupid

Because their SDK only supports the central role, “advertising” a service as a central server means sitting their quietly, only revealing (or “advertising”) its service characteristics to another device in peripheral mode after a connection is already established. This connection establishment requires another device to do the actual radio advertising first. Samsung’s SDK isn’t going to do it.

Is it possible to trick the device in central mode (the Samsung phone) into thinking another device in peripheral mode has established a connection to it and then get the central mode to "advertise". Can you trick the phone by faking the connection in software?

Probably a stupid idea, probably it's possible to trick the device in central mode, but the "advertisement" is not the BLE peripheral mode advertisement and would not resemble an iBeacon in peripheral mode.

I very much need BLE peripheral mode support from Android and for the moment I would be ok with hacking something, in the hopes that Android is going to eventually support this feature-set, which BTW is already a feature request

1
androidbluetoothbluetooth-lowenergyibeacon-android
Perhaps one of the other vendor's blue tooth stack can be hacked. Wikipedia's entry for BLE lists the following as Android devices w/ BLE chips: Casio (Gz'One Commando 4G LTE) HTC (One, One Mini, One Max, Desire 300, Desire 601, Desire 500, Desire X, Butterfly S) LG (Nexus 4, Nexus 5, Optimus G, 4X, G2 and up) Motorola Moto X & Moto G Sony (Xperia V, Xperia Z, Xperia SP, Xperia L, Xperia M, Xperia Z Ultra, Xperia Z1, Xperia C) Samsung (Galaxy S3, S3 Mini, Galaxy S4, S4 Mini, Note 2 and Note 3)[21] XIAOMI (Mi2 and up)Russell Sullivan

1 Answers

2
votes

I don't think this technique will work, even if it is possible to "trick" Android into thinking it has a connection to another BLE device. Although this question is about the Samsung BLE SDK, I think the same answer applies to the dedicated Android BLE APIs (android.bluetooth.BluetoothAdapter) that shipped starting with Android 4.3.

Let's put aside the tricking part for a minute -- even if Android's actually does have a connection to another BLE device, can you make it advertise? If by "advertising" you mean revealing its services to the other device, the answer is yes. But this radio transmission is over a private channel between the two devices, and could not be picked up by a BLE scan in the same way that iBeacon advertisements are. It really isn't an advertisement at all -- which is why I said in the blog post that the Samsung documentation is misleading. So if you can't do this with a real connection, then tricking a connection won't work either.

My understanding of bluetooth stacks is limited, but I think that the actual radio broadcast advertisements that scans can pick up are controlled by the hardware BLE chipset, which means you have to have access to the parts of the bluetooth stack that tell the hardware to make this happen. I don't think there is anything in Samsung BLE SDK or the Android SDK that intentionally allows this.

An alternative may be to make direct JNI calls to the BlueDroid stack. I'm not sure if Android permissions allow this, or if advertising is even implemented in the BlueDroid stack.

UPDATE: Transmitting as a pheripheral now possible in Android 4.4.3 and Android L. See here.