BlueZ: sending LE directed adverts from the command line

5
votes

I am trying to send out directed adverts from the command line but I can't figure out how to do it. I've checked hciconfig, hcitool, btmgmt, and bluetoothctl but none of them seem to enable directed adverts to a specific BLE device. When using hciconfig to check the type of adverts I can send, I see the following:-

leadv      [type]   Enable LE advertising
                0 - Connectable undirected advertising (default)
                3 - Non connectable undirected advertising

Is there any way to send directed adverts from the command line?

I am using BlueZ ver 5.48 running on Linux v4.15.0-36-generic with a Bluetooth 4.0 dongle attached.

1
linuxbluetooth-lowenergybluez
Does the information in this answer help? From the look of it you'll have to use hcitool and construct the advertisement message yourself, but it should be possible.Michael Powers
The link shows how to use undirected connectable adverts (type 0) and undirected non-connectable adverts (type 3). I can already do this with the hciconfig, btmgmt, or the bluetoothctl commands. I'm looking for something that allows me to send out directed connectable adverts (type 1) or directed non-connectable adverts (type 2).Youssif Saeed

1 Answers

4
votes

You can do this at least with raw HCI commands, which you can enter with hcitool. The key HCI command you need is "LE Set Advertising Parameters Command" (ogf=0x08, ocf=0x0006). Here is an example of setting type 2 advertisement to peer address 66:55:44:33:22:11.

sudo hcitool -i hci0 cmd 0x08 0x0006 A0 00 A0 00 02 01 00 11 22 33 44 55 66 07 00

The first A0 00 is minimum advertisement interval (0x00A0 x 0.625ms = 100ms) and second is the maximum advertisement interval (you might actually want to separate them a bit). Then follows the type (02), own address type (01 for random), remote address type (00 for public), peer address, channel map (07 meaning advertising on channels 37, 38 and 39) and filter policy (00 meaning allow all). More details can be read e.g. from Bluetooth Specification, Version 5.0, Vol 2, Part E, Chapt 7.8 (downloadable from https://www.bluetooth.com/specifications/bluetooth-core-specification).

Note that advertisement must not be active when using this command, otherwise it will fail.

Also note that some of the tools you mention in your question might impose their own defaults to these parameters, e.g. change the advertisement interval to something larger. For this reason it is safest to enable the advertisement with raw HCI command as well, which is simply:

sudo hcitool -i hci0 cmd 0x08 0x000a 01

For the sake of completeness, here's the set of commands to start directed advertisement with vendor specific payload (Apple in this case, which you obviously should not use without permission). Advertisement payload is set with 0x08 0x0008.

sudo hciconfig hci0 up
sudo hcitool -i hci0 cmd 0x08 0x0008 0b 09 ff 4c 00 30 31 32 33 34 35 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
sudo hcitool -i hci0 cmd 0x08 0x0006 A0 00 A0 00 02 00 01 11 22 33 44 55 66 07 00
sudo hcitool -i hci0 cmd 0x08 0x000a 01

You can monitor the HCI interface with btmon (comes with BlueZ) while issuing these or any other commands. It parses the packets nicely, so you can easily see how editing your raw command changes the meaning. It also highlights any broken HCI commands it notices.